en-US/about_PSScriptAnalyzer.help.txt
|
TOPIC
about_PSScriptAnalyzer SHORT DESCRIPTION PSScriptAnalyzer is a static code checker for PowerShell script. LONG DESCRIPTION PSScriptAnalyzer checks the quality of Windows PowerShell script by evaluating that script against a set of rules. The script can be in the form of a stand-alone script (.ps1 files), a module (.psm1, .psd1 and .ps1 files) or a DSC Resource (.psm1, .psd1 and .ps1 files). The rules are based on PowerShell best practices identified by the PowerShell Team and the community. These rules can help you create more readable, maintainable and reliable scripts. PSScriptAnalyzer generates DiagnosticResults (errors and warnings) to inform you about potential script issues, including the reason why there might be an issue, and provide you with guidance on how to fix the issue. PSScriptAnalyzer is shipped with a collection of built-in rules that check various aspects of PowerShell code such as presence of uninitialized variables, usage of the PSCredential Type, usage of Invoke-Expression, etc. The following additional functionality is also supported: * Including and/or excluding specific rules globally * Suppression of rules within script * Creation of custom rules * Creation of loggers RUNNING SCRIPT ANALYZER There are two commands provided by the PSScriptAnalyzer module, those are: Get-ScriptAnalyzerRule [-CustomizedRulePath <string[]>] [-Name <string[]>] [-Severity <string[]>] [<CommonParameters>] Invoke-ScriptAnalyzer [-Path] <string> [-CustomizedRulePath <string[]>] [-ExcludeRule <string[]>] [-IncludeRule<string[]>] [-Severity <string[]>] [-Recurse] [-SuppressedOnly] [<CommonParameters>] To run the script analyzer against a single script file execute: PS C:\> Invoke-ScriptAnalyzer -Path myscript.ps1 This will analyze your script against every built-in rule. As you may find if your script is sufficiently large, that could result in a lot of warnings and/or errors. See the next section on recommendations for running against an existing script, module or DSC resource. To run the script analyzer against a whole directory, specify the folder containing the script, module and DSC files you want analyzed. Specify the Recurse parameter if you also want sub-directories searched for files to analyze. PS C:\> Invoke-ScriptAnalyzer -Path . -Recurse To see all the built-in rules execute: PS C:\> Get-ScriptAnalyzerRule RUNNING SCRIPT ANALYZER ON A NEW SCRIPT, MODULE OR DSC RESOURCE If you have the luxury of starting a new script, module or DSC resource, it is in your best interest to run the script analyzer with all the rules enabled. Be sure to evaluate your script often to address rule violations as soon as they occur. Over time, you may find rules that you don't find value in or have a need to explicitly violate. Suppress those rules as necessary but try to avoid "knee jerk" suppression of rules. Analyze the diagnostic output and the part of your script that violates the rule to be sure you understand the reason for the warning and that it is indeed OK to suppress the rule. For information on how to suppress rules see the RULE SUPPRESSION section below. RUNNING SCRIPT ANALYZER ON AN EXISTING SCRIPT, MODULE OR DSC RESOURCE If you have existing scripts, they are not likely following all of these best practices, practices that have just found their way into books, web sites, blog posts and now the PSScriptAnalyer in the past few years. For these existing scripts, if you just run the script analyzer without limiting the set of rules executed, you may get deluged with diagnostics output in the form of information, warning and error messages. You should try running the script analyzer with all the rules enabled (the default) and see if the output is "manageable". If it isn't, then you will want to "ease into" things by starting with the most serious violations first - errors. You may be tempted to use the Invoke-ScriptAnalyzer command's Severity parameter with the argument Error to do this - don't. This will run every built-in rule and then filter the results during output. The more rules the script analyzer runs, the longer it will take to analyze a file. You can easily get Invoke-ScriptAnalyzer to run just the rules that are of severity Error like so: PS C:\> $errorRules = Get-ScriptAnalyzer -Severity Error PS C:\> Invoke-ScriptAnalyzer -Path . -IncludeRule $errorRules The output should be much shorter (hopefully) and more importantly, these rules typically indicate serious issues in your script that should be addressed. Once you have addressed the errors in the script, you are ready to tackle warnings. This is likely what generated the most output when you ran the first time with all the rules enabled. Now not all of the warnings generated by the script analyzer are of equal importance. For the existing script scenario, try running error and warning rules included but with a few rules "excluded": PS C:\> $rules = Get-ScriptAnalyzerRule -Severity Error,Warning PS C:\> Invoke-ScriptAnalyzer -Path . -IncludeRule $rules -ExcludeRule ` PSAvoidUsingCmdletAliases, PSAvoidUsingPositionalParameters The PSAvoidUsingCmdletAliases and PSAvoidUsingPositionalParameters warnings are likely to generate prodigious amounts of output. While these rules have their reason for being many existing scripts violate these rules over and over again. It would be a shame if you let a flood of warnings from these two rules, keep you from addressing more potentially serious warnings. There may be other rules that generate a lot of output that you don't care about - at least not yet. As you examine the remaining diagnostics output, it is often helpful to group output by rule. You may decide that the one or two rules generating 80% of the output are rules you don't care about. You can get this view of your output easily: PS C:\> $rules = Get-ScriptAnalyzerRule -Severity Error,Warning PS C:\> $res = Invoke-ScriptAnalyzer -Path . -IncludeRule $rules -ExcludeRule ` PSAvoidUsingPositionalParameters, PSAvoidUsingCmdletAliases PS C:\> $res | Group RuleName | Sort Count -Desc | Format-Table Count, Name This renders output like the following: Count Name ----- ---- 23 PSAvoidUsingInvokeExpression 8 PSUseDeclaredVarsMoreThanAssigments 8 PSProvideDefaultParameterValue 6 PSAvoidUninitializedVariable 3 PSPossibleIncorrectComparisonWithNull 1 PSAvoidUsingComputerNameHardcoded You may decide to exclude the PSAvoidUsingInvokeExpression rule for the moment and focus on the rest, especially the PSUseDeclaredVarsMoreThanAssigments, PSAvoidUninitializedVariable and PSPossibleIncorrectComparisonWithNull rules. As you fix rules, go back and enable more rules as you have time to address the associated issues. In some cases, you may want to suppress a rule at the function, script or class scope instead of globally excluding the rule. See the RULE SUPPRESSION section below. While getting a completely clean run through every rule is a noble goal, it may not always be feasible. You have to weigh the gain of passing the rule and eliminating a "potential" issue with changing script and possibly introducing a new problem. In the end, for existing scripts, it is usually best to have evaluated the rule violations that you deem the most valuable to address. RULE SUPPRESSSION Rule suppression allows you to turn off rule verification on a function, scripts or class definition. This allows you to exclude only specified scripts or functions from verification of a rule instead of globally excluding the rule. There are several ways to suppress rules. You can suppress a rule globally by using the ExcludeRule parameter when invoking the script analyzer e.g.: PS C:\> Invoke-ScriptAnalyzer -Path . -ExcludeRule ` PSProvideDefaultParameterValue, PSAvoidUsingWMICmdlet Note that the ExcludeRule parameter takes an array of strings i.e. rule names. Sometimes you will want to suppress a rule for part of your script but not for the entire script. PSScriptAnalyzer allows you to suppress rules at the script, function and class scope. You can use the .NET Framework System.Diagnoctics.CodeAnalysis.SuppressMesssageAttribute in your script like so: function Commit-Change() { [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseApprovedVerbs", "", Scope="Function", Target="*")] param() } VIOLATION CORRECTION Most violations can be fixed by replacing the violation causing content with the correct alternative. In an attempt to provide the user with the ability to correct the violation we provide a property - `SuggestedCorrections`, in each DiagnosticRecord instance. This property contains the information needed to rectify the violation. For example, consider a script `C:\tmp\test.ps1` with the following content. PS> Get-Content C:\tmp\test.ps1 gci C:\ Invoking PSScriptAnalyzer on the file gives the following output. PS>$diagnosticRecord = Invoke-ScriptAnalyzer -Path C:\tmp\test.p1 PS>$diagnosticRecord | select SuggestedCorrections | Format-Custom class DiagnosticRecord { SuggestedCorrections = [ class CorrectionExtent { EndColumnNumber = 4 EndLineNumber = 1 File = C:\Users\kabawany\tmp\test3.ps1 StartColumnNumber = 1 StartLineNumber = 1 Text = Get-ChildItem Description = Replace gci with Get-ChildItem } ] } The *LineNumber and *ColumnNumber properties give the region of the script that can be replaced by the contents of Text property, i.e., replace gci with Get-ChildItem. The main motivation behind having SuggestedCorrections is to enable quick-fix like scenarios in editors like VSCode, Sublime, etc. At present, we provide valid SuggestedCorrection only for the following rules, while gradually adding this feature to more rules. * AvoidAlias.cs * AvoidUsingPlainTextForPassword.cs * MisleadingBacktick.cs * MissingModuleManifestField.cs * UseToExportFieldsInManifest.cs EXTENSIBILITY PSScriptAnalyzer has been designed to allow you to create your own rules via a custom .NET assembly or PowerShell module. PSScriptAnalyzer also allows you to plug in a custom logger (implemented as a .NET assembly). CONTRIBUTE PSScriptAnalyzer is open source on GitHub: https://github.com/PowerShell/PSScriptAnalyzer As you run the script analyzer and find what you believe to be are bugs, please submit them to: https://github.com/PowerShell/PSScriptAnalyzer/issues Better yet, fix the bug and submit a pull request. SEE ALSO Get-ScriptAnalyzerRule Invoke-ScriptAnalyzer Set-StrictMode about_Pester |