Skip to content

Commit d62673c

Browse files
iRon7iRon7
committed
Disabled new rule by convention, as it is a breaking change. Will enable in a future release after giving users time to adjust.
1 parent bc94e77 commit d62673c

4 files changed

Lines changed: 44 additions & 18 deletions

File tree

Rules/AvoidSecretDisclosure.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ public class AvoidSecretDisclosure : ConfigurableRule
2828
/// Construct an object of AvoidSecretDisclosure type.
2929
/// </summary>
3030
public AvoidSecretDisclosure() {
31-
Enable = true;
31+
Enable = false;
3232
}
3333

3434
/// <summary>

Tests/Rules/AvoidSecretDisclosure.tests.ps1

Lines changed: 41 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,20 @@ Describe "AvoidSecretDisclosure" {
1515
# https://stackoverflow.com/questions/28352141/convert-a-secure-string-to-plain-text
1616
# https://stackoverflow.com/questions/7468389/powershell-decode-system-security-securestring-to-readable-password
1717

18+
BeforeAll {
19+
$Settings = @{
20+
IncludeRules = @($ruleName)
21+
Rules = @{ $ruleName = @{ Enable = $true } }
22+
}
23+
}
24+
1825
Context "Violates" {
1926
It "ConvertFrom-SecureString -AsPlainText" {
2027
$scriptDefinition = {
2128
$SecureString = ConvertTo-SecureString 'P@ssW0rd' -AsPlainText
2229
$Null = $SecureString | ConvertFrom-SecureString -AsPlainText
2330
}.ToString()
24-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
31+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
2532
$violations.Count | Should -Be 1
2633
$violations.Severity | Should -Be Warning
2734
$violations.Extent.Text | Should -Be {ConvertFrom-SecureString -AsPlainText}.ToString()
@@ -34,7 +41,7 @@ Describe "AvoidSecretDisclosure" {
3441
$SecureString = ConvertTo-SecureString 'P@ssW0rd' -AsPlainText
3542
$Null = $SecureString | ConvertFrom-SecureString -AsPlainText:$true
3643
}.ToString()
37-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
44+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
3845
$violations.Count | Should -Be 1
3946
$violations.Severity | Should -Be Warning
4047
$violations.Extent.Text | Should -Be {ConvertFrom-SecureString -AsPlainText:$true}.ToString()
@@ -49,7 +56,7 @@ Describe "AvoidSecretDisclosure" {
4956
$Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
5057
[Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
5158
}.ToString()
52-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
59+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
5360
$violations.Count | Should -Be 1
5461
$violations.Severity | Should -Be Warning
5562
$violations.Extent.Text | Should -Be {[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecureString)}.ToString()
@@ -65,7 +72,7 @@ Describe "AvoidSecretDisclosure" {
6572
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
6673
$result
6774
}.ToString()
68-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
75+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
6976
$violations.Count | Should -Be 1
7077
$violations.Severity | Should -Be Warning
7178
$violations.Extent.Text | Should -Be {[System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($password)}.ToString()
@@ -80,7 +87,7 @@ Describe "AvoidSecretDisclosure" {
8087
$Credential = $PSCredential.GetNetworkCredential()
8188
$Password = $Credential.Password
8289
}.ToString()
83-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
90+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
8491
$violations.Count | Should -Be 1
8592
$violations.Severity | Should -Be Warning
8693
$violations.Extent.Text | Should -Be {$Credential.Password}.ToString()
@@ -99,7 +106,7 @@ Describe "AvoidSecretDisclosure" {
99106
}'
100107
schtasks /change /s $env:COMPUTERNAME /tn $myTask /ru $Cred.username /rp $Cred.password
101108
}.ToString()
102-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
109+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
103110
$violations.Count | Should -Be 1
104111
$violations.Severity | Should -Be Warning
105112
$violations.Extent.Text | Should -Be {$Cred.password}.ToString()
@@ -121,15 +128,15 @@ Describe "AvoidSecretDisclosure" {
121128
}
122129
Invoke-RestMethod -Method 'Post' -Uri $url -Credential $credential -Body $body -OutFile output.csv
123130
}.ToString()
124-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
131+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
125132
$violations | Should -BeNullOrEmpty
126133
}
127134

128135
It "Write-Host" {
129136
$scriptDefinition = {
130137
Write-Host AsPlainText SecureStringToBSTR Password
131138
}.ToString()
132-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
139+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
133140
$violations | Should -BeNullOrEmpty
134141
}
135142
}
@@ -142,7 +149,7 @@ Describe "AvoidSecretDisclosure" {
142149
$SecureString = ConvertTo-SecureString 'P@ssW0rd' -AsPlainText
143150
$Null = $SecureString | ConvertFrom-SecureString -AsPlainText
144151
}.ToString()
145-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
152+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
146153
$violations | Should -BeNullOrEmpty
147154
}
148155

@@ -155,7 +162,7 @@ Describe "AvoidSecretDisclosure" {
155162
$Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
156163
[Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
157164
}.ToString()
158-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
165+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
159166
$violations | Should -BeNullOrEmpty
160167
}
161168

@@ -169,7 +176,7 @@ Describe "AvoidSecretDisclosure" {
169176
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
170177
$result
171178
}.ToString()
172-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
179+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
173180
$violations | Should -BeNullOrEmpty
174181
}
175182

@@ -181,7 +188,7 @@ Describe "AvoidSecretDisclosure" {
181188
$PSCredential = [PSCredential]::new(0, $SecureString)
182189
$Password = $PSCredential.GetNetworkCredential().Password
183190
}.ToString()
184-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
191+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
185192
$violations | Should -BeNullOrEmpty
186193
}
187194

@@ -207,7 +214,26 @@ Describe "AvoidSecretDisclosure" {
207214
$PSCredential = [PSCredential]::new(0, $SecureString)
208215
$Password = $PSCredential.GetNetworkCredential().Password
209216
}.ToString()
210-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
217+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
218+
$violations | Should -BeNullOrEmpty
219+
}
220+
}
221+
222+
Context "Disabled" {
223+
224+
BeforeAll {
225+
$Settings = @{
226+
IncludeRules = @($ruleName)
227+
Rules = @{ $ruleName = @{ Enable = $false } }
228+
}
229+
}
230+
231+
It "ConvertFrom-SecureString -AsPlainText" {
232+
$scriptDefinition = {
233+
$SecureString = ConvertTo-SecureString 'P@ssW0rd' -AsPlainText
234+
$Null = $SecureString | ConvertFrom-SecureString -AsPlainText
235+
}.ToString()
236+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
211237
$violations | Should -BeNullOrEmpty
212238
}
213239
}
@@ -219,7 +245,7 @@ Describe "AvoidSecretDisclosure" {
219245
$SecureString = ConvertTo-SecureString 'P@ssW0rd' -AsPlainText
220246
$Null = $SecureString | ConvertFrom-SecureString -AsPlainText:$false
221247
}.ToString()
222-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
248+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
223249
$violations | Should -BeNullOrEmpty
224250
}
225251

@@ -229,7 +255,7 @@ Describe "AvoidSecretDisclosure" {
229255
$SecureString = ConvertTo-SecureString 'P@ssW0rd' -AsPlainText
230256
$Null = $SecureString | ConvertFrom-SecureString -AsPlainText:$someVar
231257
}.ToString()
232-
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -IncludeRule @($ruleName)
258+
$violations = Invoke-ScriptAnalyzer -ScriptDefinition $scriptDefinition -Settings $Settings
233259
$violations.Count | Should -Be 1
234260
$violations.Severity | Should -Be Warning
235261
$violations.Extent.Text | Should -Be {ConvertFrom-SecureString -AsPlainText:$someVar}.ToString()

docs/Rules/AvoidSecretDisclosure.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ plaintext secrets.
3737

3838
### Parameters
3939

40-
- `Enable` - Enables or disables the rule. Default value is `$true`.
40+
- `Enable` - Enables or disables the rule. Default value is `$false`.
4141

4242
## Example
4343

docs/Rules/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ The PSScriptAnalyzer contains the following rule definitions.
2424
| [AvoidNullOrEmptyHelpMessageAttribute](./AvoidNullOrEmptyHelpMessageAttribute.md) | Warning | Yes | |
2525
| [AvoidOverwritingBuiltInCmdlets](./AvoidOverwritingBuiltInCmdlets.md) | Warning | Yes | Yes |
2626
| [AvoidReservedWordsAsFunctionNames](./AvoidReservedWordsAsFunctionNames.md) | Warning | Yes | |
27-
| [AvoidSecretDisclosure](./AvoidSecretDisclosure.md) | Warning | Yes | Yes |
27+
| [AvoidSecretDisclosure](./AvoidSecretDisclosure.md) | Warning | No | Yes |
2828
| [AvoidSemicolonsAsLineTerminators](./AvoidSemicolonsAsLineTerminators.md) | Warning | No | |
2929
| [AvoidShouldContinueWithoutForce](./AvoidShouldContinueWithoutForce.md) | Warning | Yes | |
3030
| [AvoidTrailingWhitespace](./AvoidTrailingWhitespace.md) | Warning | Yes | |

0 commit comments

Comments
 (0)