Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Any variable containing the word "credit" triggers PSAvoidUsingPlainTextForPassword

See original GitHub issue

Steps to reproduce

Invoke-ScriptAnalyzer -IncludeSuppressed -ScriptDefinition 'Param([string] $creditor = ""); Write-Information $creditor'

Expected behavior

(no output)

Actual behavior

RuleName                            Severity     ScriptName Line  Message
--------                            --------     ---------- ----  -------
PSAvoidUsingPlainTextForPassword    Warning                 1     Parameter '$creditor' should not use String type but either
                                                                  SecureString or PSCredential, otherwise it increases the
                                                                  chance to to expose this sensitive information.

Environment data

> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.3.2
PSEdition                      Core
GitCommitId                    7.3.2
OS                             Microsoft Windows 10.0.19044
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0


> (Get-Module -ListAvailable PSScriptAnalyzer).Version | ForEach-Object { $_.ToString() }
1.21.0

Issue Analytics

State:
Created 8 months ago
Comments:6

Top GitHub Comments

1reaction

SydneyhSmithcommented, Feb 14, 2023

Thanks cred is chosen because it is the most used abbreviation… we would rather see a PR for a more specific compare rather than a list of words to exclude

0reactions

BrianL-STCUcommented, Feb 17, 2023

Yes, I excluding/suppressing is what I meant, but I’d like to keep using it. It’s a good rule that has simply overextended its reach. Working in finance, cred is just going to match too many credit card-related fields.