Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upPSScriptAnalyzer aggressive mode & default rules #151
Conversation
|
|
||
| - None - disables script analysis | ||
| - Default - some crutial rules but nothing too crazy | ||
| - Aggressive - more rules, more fun |
This comment has been minimized.
This comment has been minimized.
bergmeister
Nov 21, 2018
•
I would prefer the word Thorough over Aggressive and would also like to have an All mode. When compared to ReSharper or FxCop, PSSA is definitely not aggressive ;-)
This comment has been minimized.
This comment has been minimized.
| This can be set to: | ||
|
|
||
| - None - disables script analysis | ||
| - Default - some crutial rules but nothing too crazy |
This comment has been minimized.
This comment has been minimized.
robertiansweetman
Nov 21, 2018
| - Default - some crutial rules but nothing too crazy | |
| - Default - some crucial rules but nothing too crazy |
essentialexch
commented
Nov 21, 2018
|
I really like this idea, but I also really think that PSSA needs #pragma once/disable/restore before this is done. @bergmeister is this (or something similar) on the radar? |
bergmeister
commented
Nov 21, 2018
•
|
@swngdnz Yes, the item is being tracked here. From the Microsoft side, I see that they are quite busy and want to implement more analysis to know if something will not work on certain platforms or ps versions at the moment, therefore it might take them some time to approach that. However, implementing it right now is up to the community. I am currently in the process of wrapping up the last fixes and features for the next release in a few weeks, not sure if I can squeeze that one in. I agree that this feature would be very use useful though but the implementation is not going to be easy due to the nature of the PowerShell language definition. I'll have more time next week and might give it a stab but cannot guarantee anything. |
| Plan to implement: Yes | ||
| --- | ||
|
|
||
| # New default rules in the VSCode Extension and a new "Aggressive Analysis mode" rules |
This comment has been minimized.
This comment has been minimized.
| | AvoidAssignmentToAutomaticVariable | Warning | Aggressive | | | ||
| | AvoidDefaultValueForMandatoryParameter | Warning | Default | | | ||
| | AvoidDefaultValueSwitchParameter | Warning | Default | | | ||
| | AvoidGlobalAliases* | Warning | Aggressive | x | |
This comment has been minimized.
This comment has been minimized.
bergmeister left a comment •
|
I'd prefer the following modes:
All comments below use your definition and idea of |
|
|
||
| This can be set to: | ||
|
|
||
| - None - disables script analysis |
This comment has been minimized.
This comment has been minimized.
bergmeister
Nov 21, 2018
Yes, but then the powershell.scriptanalysis.enable setting should either be supported in some back-compat mode or removed
| | Rule | PSSA Type | Mode | Add to default | | ||
| |----------------------------------------------|-------------|------------|----------------| | ||
| | AlignAssignmentStatement | Warning | | | | ||
| | AvoidAssignmentToAutomaticVariable | Warning | Aggressive | | |
This comment has been minimized.
This comment has been minimized.
bergmeister
Nov 21, 2018
I would mark this as default because the rule was written very mildly to only warn about read-only automatic variables that will 100% cause a runtime error.
| | AvoidInvokingEmptyMembers | Warning | Aggressive | x | | ||
| | AvoidNullOrEmptyHelpMessageAttribute | Warning | | | | ||
| | AvoidShouldContinueWithoutForce | Warning | Aggressive | | | ||
| | AvoidUsingCmdletAliases | Warning | Default | | |
This comment has been minimized.
This comment has been minimized.
bergmeister
Nov 21, 2018
yes, but we should whitelist common aliases that exist on all platformsps versions such as where, foreach, select etc. (i.e. where the short version is just more readable)
| | AvoidNullOrEmptyHelpMessageAttribute | Warning | | | | ||
| | AvoidShouldContinueWithoutForce | Warning | Aggressive | | | ||
| | AvoidUsingCmdletAliases | Warning | Default | | | ||
| | AvoidUsingComputerNameHardcoded | Error | Default | | |
This comment has been minimized.
This comment has been minimized.
| | AvoidShouldContinueWithoutForce | Warning | Aggressive | | | ||
| | AvoidUsingCmdletAliases | Warning | Default | | | ||
| | AvoidUsingComputerNameHardcoded | Error | Default | | | ||
| | AvoidUsingConvertToSecureStringWithPlainText | Error | Default | | |
This comment has been minimized.
This comment has been minimized.
bergmeister
Nov 21, 2018
I would not enable this by default but in the more thorough mode. Even systems like Azure DevOps do not support Secure strings yet and strings are being injected as plaintext strings.
| | AvoidUsingDeprecatedManifestFields | Warning | Aggressive | x | | ||
| | AvoidUsingEmptyCatchBlock | Warning | | | | ||
| | AvoidUsingInvokeExpression | Warning | | | | ||
| | AvoidUsingPlainTextForPassword | Warning | Default | | |
This comment has been minimized.
This comment has been minimized.
bergmeister
Nov 21, 2018
I would not enable this by default but in the more thorough mode due to the same reasoning about SecureString not having enough support coverage by CI systems
| | ReservedCmdletChar | Error | Default | | | ||
| | ReservedParams | Error | Default | | | ||
| | ShouldProcess | Error | Default | | | ||
| | UseApprovedVerbs | Warning | Default | | |
This comment has been minimized.
This comment has been minimized.
| | UseApprovedVerbs | Warning | Default | | | ||
| | UseBOMForUnicodeEncodedFile | Warning | | | | ||
| | UseCmdletCorrectly | Warning | Aggressive | | | ||
| | UseDeclaredVarsMoreThanAssignments | Warning | Default | | |
This comment has been minimized.
This comment has been minimized.
bergmeister
Nov 21, 2018
I would not enable this by default but in the more thorough mode. Or alternatively not use it in .tests.ps1 files as PSSA is not Pester aware and the rule is limited to a per scriptblock basis.
| | UsePSCredentialType | Warning | Aggressive | | | ||
| | UseShouldProcessForStateChangingFunctions | Warning | Aggressive | | | ||
| | UseSingularNouns | Warning | Aggressive | x | | ||
| | UseSupportsShouldProcess | Warning | Aggressive | x | |
This comment has been minimized.
This comment has been minimized.
bergmeister
Nov 21, 2018
I would put this rule not even into the thorough mode. This rule annoys me the most personally tbh.
| | UseSingularNouns | Warning | Aggressive | x | | ||
| | UseSupportsShouldProcess | Warning | Aggressive | x | | ||
| | UseToExportFieldsInManifest | Warning | Default | | | ||
| | UseCompatibleCmdlets | Warning | | | |
This comment has been minimized.
This comment has been minimized.
bergmeister
Nov 21, 2018
Correct decision because the rule does nothing by default. In the future we could tweak it to use the current ps version/platform but the rule is not ready for that yet.
essentialexch
commented
Nov 21, 2018
|
Another item that popped to mind - changes to the "default" rule set probably have a wide impact. For example, I know the DSC team requires all PSSA warnings to be eliminated (and I think they base that on the default rule set, although I haven't read their Coding Requirements document in at least six months). Changes to the default should probably follow the "least surprise" rule. |
bergmeister
commented
Nov 21, 2018
|
For completeness, the rules used by the |
rkeithhill
commented
Nov 21, 2018
|
I'd like to see something like this ship with PSSA. An additional parameter set that allows the user to select a set of "canned" settings that ship with PSSA. For example: This is very analogous to the named rule sets that ship with FxCop. PSSA already covers the customizable rule set functionality. |
bergmeister
commented
Nov 21, 2018
|
@rkeithhill You already can, just press Invoke-ScriptAnalyzer -Path $path -Settings PSGallery |
rkeithhill
commented
Nov 21, 2018
|
Excellent. I remember this getting talked about but never heard that it got implemented. So these new suggestions (All, Thorough/Aggressive) just extend this mechanism, right? |
|
Yeah if we can extend the mechanism already available in PSSA, that makes this really nice and reusable elsewhere. Can you comment on the extensibility @bergmeister? |
TylerLeonhardt commentedNov 16, 2018
No description provided.