ScriptAnalyzer v1.2.0 Released

We are pleased to announce the release of v1.2.0 of ScriptAnalyzer - a significant release with many 
updates
to help and documentation content, fixes to the built-in default rule set based on community feedback,
support for consuming PowerShell content as streams, improvements in Custom Rule support, Engine error
handling and numerous community contributions.


You can grab this version from PowerShell Gallery @:
http://www.powershellgallery.com/packages/PSScriptAnalyzer/1.2.0


Detailed change log is here:

https://github.com/PowerShell/PSScriptAnalyzer/blob/master/CHANGELOG.MD


Features:
  • Support for consuming PowerShell content as streams (-ScriptDefinition)
  • ScriptAnalyzer accepts configuration (settings) in the form of a hashtable (-Settings), added sample Settings
  • Ability to run default ruleset along with custom ones in the same invocation (-IncludeDefaultRules)
  • Recurse Custom Rule Paths (-RecurseCustomRulePath)
  • Consistent Engine error handling when working with Settings, Default and Custom Rules
 

Rules:
  • Rule to detect the presence of default value for Mandatory parameters (AvoidDefaultValueForMandatoryParameter)
 
 
Fixes:
Engine:
  • Engine update to prevent script based injection attacks
  • CustomizedRulePath is now called CustomRulePath – Fixes to handle folder paths
  • Fixes for RecurseCustomRulePath functionality
  • Fix to binplace cmdlet help file as part of build process
  • ScriptAnalyzer Profile is now called Settings
  • Fix to emit filename in the diagnosticrecord when using Script based custom rules
  • Fix to prevent Engine from calling Update-Help for script based custom rules
  • Added additional pester tests to take care of test holes in Custom Rule feature
  • Post-build error handling improvements, fixed typos in the project
 Rules:
  • Fixed bug in Positional parameter rule to trigger only when used with >= 3 positional parameters
  • Updated keywords that trigger PSAvoidUsingPlainTextForPassword rule
  • Updated ProvideDefaultParameterValue rule to AvoidDefaultValueForMandatoryParameter rule
  • Deprecate Internal Url rule based on community feedback, identified additional rules to handle hardcoded paths etc
  • Added localhost exceptions for HardCodedComputerName Rule
  • Update to Credential based rules to validate the presence of CredentialAttribute and PSCredential type
 
 
Documentation:
  • Rule & Cmdlet documentation updates – Cmdlet help file addition

Please use our GitHub page to submit feedback and browse ongoing discussions.



Raghu Shantha
Senior Software Engineer
PowerShell ScriptAnalyzer Team
https://github.com/PowerShell/PSScriptAnalyzer