Merge pull request #450 from PowerShell/development

Take Development to Master for v1.4.0 release

Author: raghushantha

Engine/Generic/RuleInfo.cs

@@ -102,7 +102,12 @@ public RuleInfo(string name, string commonName, string description, SourceType s
             Description = description;
             SourceType  = sourceType;
             SourceName  = sourceName;
-            Severity = severity;
+            Severity = severity;      
         }
+
+        public override string ToString()
+        {
+            return RuleName;
+        }      
     }
 }

Engine/Helper.cs

@@ -645,6 +645,28 @@ public bool SkipBlock(string keyword, Ast namedBlockAst)
             return false;
         }
 
+        // Obtain script extent for the function - just around the function name
+        public IScriptExtent GetScriptExtentForFunctionName(FunctionDefinitionAst functionDefinitionAst)
+        {
+            if (null == functionDefinitionAst)
+            {
+                return null;
+            }
+
+            // Obtain the index where the function name is in Tokens
+            int funcTokenIndex = Tokens.Select((s, index) => new { s, index })
+                          .Where(x => x.s.Extent.StartOffset == functionDefinitionAst.Extent.StartOffset)
+                          .Select(x => x.index).FirstOrDefault();
+
+            if (funcTokenIndex > 0 && funcTokenIndex < Helper.Instance.Tokens.Count())
+            {
+                // return the extent of the next token - this is the extent for the function name
+                return Tokens[++funcTokenIndex].Extent;
+            }
+
+            return null;
+        }
+        
         private void FindClosingParenthesis(string keyword)
         {
             if (Tokens == null || Tokens.Length == 0)

Engine/PSScriptAnalyzer.psd1

@@ -11,7 +11,7 @@ Author = 'Microsoft Corporation'
 RootModule = 'PSScriptAnalyzer.psm1'
 
 # Version number of this module.
-ModuleVersion = '1.3.0'
+ModuleVersion = '1.4.0'
 
 # ID used to uniquely identify this module
 GUID = '324fc715-36bf-4aee-8e58-72e9b4a08ad9'

Engine/ScriptAnalyzer.cs

@@ -926,8 +926,8 @@ internal IEnumerable<DiagnosticRecord> GetExternalRecord(Ast ast, Token[] token,
 
                                 // DiagnosticRecord may not be correctly returned from external rule.
                                 try
-                                {
-                                    Enum.TryParse<DiagnosticSeverity>(psobject.Properties["Severity"].Value.ToString().ToUpper(), out severity);
+                                {                                    
+                                    severity = (DiagnosticSeverity)Enum.Parse(typeof(DiagnosticSeverity), psobject.Properties["Severity"].Value.ToString());
                                     message = psobject.Properties["Message"].Value.ToString();
                                     extent = (IScriptExtent)psobject.Properties["Extent"].Value;
                                     ruleName = psobject.Properties["RuleName"].Value.ToString();
@@ -1244,7 +1244,7 @@ private IEnumerable<DiagnosticRecord> AnalyzeFile(string filePath)
             if (File.Exists(filePath))
             {
                 // processing for non help script
-                if (!(Path.GetFileName(filePath).StartsWith("about_") && Path.GetFileName(filePath).EndsWith(".help.txt")))
+                if (!(Path.GetFileName(filePath).ToLower().StartsWith("about_") && Path.GetFileName(filePath).ToLower().EndsWith(".help.txt")))
                 {
                     try
                     {

README.md

@@ -1,4 +1,4 @@
-Announcements
+Announcements
 =============
 
 ##### ISE Add-On for ScriptAnalyzer is available in PowerShell Gallery!
@@ -11,19 +11,20 @@ Announcements
 
 ##### ScriptAnalyzer community meeting schedule:
 
- - Next Meeting - Feb 2 2016 - 11am to 12pm PDT
+ - Next Meeting - Mar 1 2016 - 11am to 12pm PDT
  - [iCalender invite](http://1drv.ms/1VvAaxO)
  - [Notes and recordings from earlier meetings](https://github.com/PowerShell/PSScriptAnalyzer/wiki)
 
 
 =============
-
+#####Recent Builds
 |Master   |  Development |
 |:------:|:------:|:-------:|:-------:|
 [![Build status](https://ci.appveyor.com/api/projects/status/h5mot3vqtvxw5d7l/branch/master?svg=true)](https://ci.appveyor.com/project/PowerShell/psscriptanalyzer/branch/master)|[![Build status](https://ci.appveyor.com/api/projects/status/h5mot3vqtvxw5d7l/branch/development?svg=true)](https://ci.appveyor.com/project/PowerShell/psscriptanalyzer/branch/development) |
 
 =============
-
+#####Code Review Dashboard on [reviewable.io](https://reviewable.io/reviews/PowerShell/PSScriptAnalyzer#-)
+=============
 
 Introduction
 ============

RuleDocumentation/AvoidNullOrEmptyHelpMessageAttribute.md

@@ -0,0 +1,58 @@
+#AvoidNullOrEmtpyHelpMessageAttribute
+**Severity Level: Warning**
+
+
+##Description
+
+Setting the HelpMessage attribute to an empty string or null value causes PowerShell interpreter to throw an error while executing the corresponding function.
+
+##How to Fix
+
+To fix a violation of this rule, please set its value to a non-empty string.
+
+##Example
+
+Wrong:
+
+Function BadFuncEmtpyHelpMessageEmpty
+{
+	Param(
+		[Parameter(HelpMessage='')]
+		[String] $Param
+	)
+
+	$Param
+}
+
+Function BadFuncEmtpyHelpMessageNull
+{
+	Param(
+		[Parameter(HelpMessage=$null)]
+		[String] $Param
+	)
+
+	$Param
+}
+
+Function BadFuncEmtpyHelpMessageNoAssignment
+{
+	Param(
+		[Parameter(HelpMessage)]
+		[String] $Param
+	)
+
+	$Param
+}
+
+
+Correct:
+
+Function GoodFuncEmtpyHelpMessage
+{
+	Param(
+		[Parameter(HelpMessage='This is helpful')]
+		[String] $Param
+	)
+
+	$Param
+}

Rules/AvoidNullOrEmptyHelpMessageAttribute.cs

@@ -0,0 +1,157 @@
+//
+// Copyright (c) Microsoft Corporation.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation.Language;
+using Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic;
+using System.ComponentModel.Composition;
+using System.Globalization;
+
+namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules
+{
+    /// <summary>
+    /// AvoidUsingNullOrEmptyHelpMessageAttribute: Check if the HelpMessage parameter is set to a non-empty string.
+    /// </summary>
+    [Export(typeof(IScriptRule))]
+    public class AvoidNullOrEmptyHelpMessageAttribute : IScriptRule
+    {               
+        /// <summary>
+        /// AvoidUsingNullOrEmptyHelpMessageAttribute: Check if the HelpMessage parameter is set to a non-empty string.
+        /// </summary>
+        public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
+        {
+            if (ast == null) throw new ArgumentNullException(Strings.NullAstErrorMessage);
+
+            // Finds all functionAst
+            IEnumerable<Ast> functionAsts = ast.FindAll(testAst => testAst is FunctionDefinitionAst, true);
+
+            foreach (FunctionDefinitionAst funcAst in functionAsts)
+            {
+                if (funcAst.Body == null || funcAst.Body.ParamBlock == null
+                        || funcAst.Body.ParamBlock.Attributes == null || funcAst.Body.ParamBlock.Parameters == null)
+                {
+                    continue;
+                }
+                                           
+                foreach (var paramAst in funcAst.Body.ParamBlock.Parameters)
+                {                        
+                    foreach (var paramAstAttribute in paramAst.Attributes)
+                    {
+                        if (!(paramAstAttribute is AttributeAst))
+                        {
+                            continue;
+                        }
+
+                        var namedArguments = (paramAstAttribute as AttributeAst).NamedArguments;
+
+                        if (namedArguments == null)
+                        {
+                            continue;
+                        }
+
+                        foreach (NamedAttributeArgumentAst namedArgument in namedArguments)
+                        {
+                            if (!(namedArgument.ArgumentName.Equals("HelpMessage", StringComparison.OrdinalIgnoreCase)))
+                            {
+                                continue;
+                            }
+                            
+                            string errCondition;
+                            if (namedArgument.ExpressionOmitted
+                                    || namedArgument.Argument.Extent.Text.Equals("\"\"")
+                                    || namedArgument.Argument.Extent.Text.Equals("\'\'"))
+                            {
+                                errCondition = "empty";
+                            }                                                        
+                            else if (namedArgument.Argument.Extent.Text.Equals("$null", StringComparison.OrdinalIgnoreCase))
+                            {
+                                errCondition = "null";
+                            }
+                            else
+                            {
+                                errCondition = null;
+                            }
+
+                            if (!String.IsNullOrEmpty(errCondition))
+                            {
+                                string message = string.Format(CultureInfo.CurrentCulture,
+                                                                Strings.AvoidNullOrEmptyHelpMessageAttributeError,
+                                                                paramAst.Name.VariablePath.UserPath);
+                                yield return new DiagnosticRecord(message,
+                                                                    paramAst.Extent, 
+                                                                    GetName(), 
+                                                                    DiagnosticSeverity.Warning, 
+                                                                    fileName, 
+                                                                    paramAst.Name.VariablePath.UserPath);
+                            }                            
+                        }                                                
+                    }
+                }
+                
+            }
+        }
+
+        /// <summary>
+        /// GetName: Retrieves the name of this rule.
+        /// </summary>
+        /// <returns>The name of this rule</returns>
+        public string GetName()
+        {
+            return string.Format(CultureInfo.CurrentCulture, Strings.NameSpaceFormat, GetSourceName(), Strings.AvoidNullOrEmptyHelpMessageAttributeName);
+        }
+
+        /// <summary>
+        /// GetCommonName: Retrieves the common name of this rule.
+        /// </summary>
+        /// <returns>The common name of this rule</returns>
+        public string GetCommonName()
+        {
+            return string.Format(CultureInfo.CurrentCulture, Strings.AvoidNullOrEmptyHelpMessageAttributeCommonName);
+        }
+
+        /// <summary>
+        /// GetDescription: Retrieves the description of this rule.
+        /// </summary>
+        /// <returns>The description of this rule</returns>
+        public string GetDescription()
+        {
+            return string.Format(CultureInfo.CurrentCulture, Strings.AvoidNullOrEmptyHelpMessageAttributeDescription);
+        }
+
+        /// <summary>
+        /// GetSourceType: Retrieves the type of the rule, builtin, managed or module.
+        /// </summary>
+        public SourceType GetSourceType()
+        {
+            return SourceType.Builtin;
+        }
+
+        /// <summary>
+        /// GetSeverity: Retrieves the severity of the rule: error, warning of information.
+        /// </summary>
+        /// <returns></returns>
+        public RuleSeverity GetSeverity()
+        {
+            return RuleSeverity.Warning;
+        }
+
+        /// <summary>
+        /// GetSourceName: Retrieves the module/assembly name the rule is from.
+        /// </summary>
+        public string GetSourceName()
+        {
+            return string.Format(CultureInfo.CurrentCulture, Strings.SourceName);
+        }
+    }
+}

Rules/AvoidShouldContinueWithoutForce.cs

@@ -46,7 +46,8 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
                 foreach (ParameterAst paramAst in paramAsts)
                 {
                     if (String.Equals(paramAst.Name.VariablePath.ToString(), "force", StringComparison.OrdinalIgnoreCase)
-                        && String.Equals(paramAst.StaticType.FullName, "System.Boolean", StringComparison.OrdinalIgnoreCase))
+                        && (String.Equals(paramAst.StaticType.FullName, "System.Boolean", StringComparison.OrdinalIgnoreCase) 
+                        || String.Equals(paramAst.StaticType.FullName, "System.Management.Automation.SwitchParameter", StringComparison.OrdinalIgnoreCase)))
                     {
                         hasForce = true;
                         break;

Rules/AvoidUserNameAndPasswordParams.cs

@@ -53,24 +53,31 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
                 // Iterates all ParamAsts and check if their names are on the list.
                 foreach (ParameterAst paramAst in paramAsts)
                 {
+                    // this will be null if there is no [pscredential] attached to the parameter
                     var psCredentialType = paramAst.Attributes.FirstOrDefault(paramAttribute =>
                         (paramAttribute.TypeName.IsArray && (paramAttribute.TypeName as ArrayTypeName).ElementType.GetReflectionType() == typeof(PSCredential))
                         || paramAttribute.TypeName.GetReflectionType() == typeof(PSCredential));
 
+                    // this will be null if there are no [credential()] attribute attached
                     var credentialAttribute = paramAst.Attributes.FirstOrDefault(paramAttribute => paramAttribute.TypeName.GetReflectionType() == typeof(CredentialAttribute));
 
-                    String paramName = paramAst.Name.VariablePath.ToString();
+                    // this will be null if there are no [securestring] attached to the parameter
+                    var secureStringType = paramAst.Attributes.FirstOrDefault(paramAttribute =>
+                        (paramAttribute.TypeName.IsArray && (paramAttribute.TypeName as ArrayTypeName).ElementType.GetReflectionType() == typeof (System.Security.SecureString))
+                        || paramAttribute.TypeName.GetReflectionType() == typeof(System.Security.SecureString));
 
-                    // if this is pscredential type with credential attribute where pscredential type comes first
-                    if (psCredentialType != null && credentialAttribute != null && psCredentialType.Extent.EndOffset < credentialAttribute.Extent.StartOffset)
-                    {
-                        continue;
-                    }
+                    String paramName = paramAst.Name.VariablePath.ToString();                    
 
                     foreach (String password in passwords)
                     {
                         if (paramName.IndexOf(password, StringComparison.OrdinalIgnoreCase) != -1)
                         {
+                            // if this is a secure string, pscredential or credential attribute, don't count
+                            if (secureStringType != null || credentialAttribute != null || psCredentialType != null)
+                            {
+                                continue;
+                            }
+
                             hasPwd = true;
                             break;
                         }