PSScriptAnalyzer aggressive mode & default rules #151
Conversation
|
|
||
| - None - disables script analysis | ||
| - Default - some crutial rules but nothing too crazy | ||
| - Aggressive - more rules, more fun |
There was a problem hiding this comment.
I would prefer the word Thorough over Aggressive and would also like to have an All mode. When compared to ReSharper or FxCop, PSSA is definitely not aggressive ;-)
| This can be set to: | ||
|
|
||
| - None - disables script analysis | ||
| - Default - some crutial rules but nothing too crazy |
There was a problem hiding this comment.
| - Default - some crutial rules but nothing too crazy | |
| - Default - some crucial rules but nothing too crazy |
|
I really like this idea, but I also really think that PSSA needs #pragma once/disable/restore before this is done. @bergmeister is this (or something similar) on the radar? |
|
@swngdnz Yes, the item is being tracked here. From the Microsoft side, I see that they are quite busy and want to implement more analysis to know if something will not work on certain platforms or ps versions at the moment, therefore it might take them some time to approach that. However, implementing it right now is up to the community. I am currently in the process of wrapping up the last fixes and features for the next release in a few weeks, not sure if I can squeeze that one in. I agree that this feature would be very use useful though but the implementation is not going to be easy due to the nature of the PowerShell language definition. I'll have more time next week and might give it a stab but cannot guarantee anything. |
| Plan to implement: Yes | ||
| --- | ||
|
|
||
| # New default rules in the VSCode Extension and a new "Aggressive Analysis mode" rules |
There was a problem hiding this comment.
Perhaps call it Strict instead of Aggressive?
| | AvoidAssignmentToAutomaticVariable | Warning | Aggressive | | | ||
| | AvoidDefaultValueForMandatoryParameter | Warning | Default | | | ||
| | AvoidDefaultValueSwitchParameter | Warning | Default | | | ||
| | AvoidGlobalAliases* | Warning | Aggressive | x | |
There was a problem hiding this comment.
Is this asterisk supposed to be there? Doesn't ref anything.
There was a problem hiding this comment.
I'd prefer the following modes:
OffGentle. This is what you describe as default but I think the editor should not be gentle by default because 90% of the people do not know or do not have the time or do not care about changing this setting to customise the level of PSSA analysis.Default: This is what you refer to as 'aggressive' and should be the default, again to give the majority of people the best out of the box analysis for free.AllRules(by that I mean the code analysis rules, not the code style rules like e.g.OpenBrace)
In this definition
All comments below use your definition and idea of default and aggressive in case you do not agree with my idea/proposal
|
|
||
| This can be set to: | ||
|
|
||
| - None - disables script analysis |
There was a problem hiding this comment.
Yes, but then the powershell.scriptanalysis.enable setting should either be supported in some back-compat mode or removed
| | Rule | PSSA Type | Mode | Add to default | | ||
| |----------------------------------------------|-------------|------------|----------------| | ||
| | AlignAssignmentStatement | Warning | | | | ||
| | AvoidAssignmentToAutomaticVariable | Warning | Aggressive | | |
There was a problem hiding this comment.
I would mark this as default because the rule was written very mildly to only warn about read-only automatic variables that will 100% cause a runtime error.
| | AvoidInvokingEmptyMembers | Warning | Aggressive | x | | ||
| | AvoidNullOrEmptyHelpMessageAttribute | Warning | | | | ||
| | AvoidShouldContinueWithoutForce | Warning | Aggressive | | | ||
| | AvoidUsingCmdletAliases | Warning | Default | | |
There was a problem hiding this comment.
yes, but we should whitelist common aliases that exist on all platformsps versions such as where, foreach, select etc. (i.e. where the short version is just more readable)
| | AvoidNullOrEmptyHelpMessageAttribute | Warning | | | | ||
| | AvoidShouldContinueWithoutForce | Warning | Aggressive | | | ||
| | AvoidUsingCmdletAliases | Warning | Default | | | ||
| | AvoidUsingComputerNameHardcoded | Error | Default | | |
There was a problem hiding this comment.
I would not enable this by default but in the more thorough mode
| | AvoidShouldContinueWithoutForce | Warning | Aggressive | | | ||
| | AvoidUsingCmdletAliases | Warning | Default | | | ||
| | AvoidUsingComputerNameHardcoded | Error | Default | | | ||
| | AvoidUsingConvertToSecureStringWithPlainText | Error | Default | | |
There was a problem hiding this comment.
I would not enable this by default but in the more thorough mode. Even systems like Azure DevOps do not support Secure strings yet and strings are being injected as plaintext strings.
| | AvoidUsingDeprecatedManifestFields | Warning | Aggressive | x | | ||
| | AvoidUsingEmptyCatchBlock | Warning | | | | ||
| | AvoidUsingInvokeExpression | Warning | | | | ||
| | AvoidUsingPlainTextForPassword | Warning | Default | | |
There was a problem hiding this comment.
I would not enable this by default but in the more thorough mode due to the same reasoning about SecureString not having enough support coverage by CI systems
| | ReservedCmdletChar | Error | Default | | | ||
| | ReservedParams | Error | Default | | | ||
| | ShouldProcess | Error | Default | | | ||
| | UseApprovedVerbs | Warning | Default | | |
There was a problem hiding this comment.
I would not enable this by default but in the more thorough mode
| | UseApprovedVerbs | Warning | Default | | | ||
| | UseBOMForUnicodeEncodedFile | Warning | | | | ||
| | UseCmdletCorrectly | Warning | Aggressive | | | ||
| | UseDeclaredVarsMoreThanAssignments | Warning | Default | | |
There was a problem hiding this comment.
I would not enable this by default but in the more thorough mode. Or alternatively not use it in .tests.ps1 files as PSSA is not Pester aware and the rule is limited to a per scriptblock basis.
| | UsePSCredentialType | Warning | Aggressive | | | ||
| | UseShouldProcessForStateChangingFunctions | Warning | Aggressive | | | ||
| | UseSingularNouns | Warning | Aggressive | x | | ||
| | UseSupportsShouldProcess | Warning | Aggressive | x | |
There was a problem hiding this comment.
I would put this rule not even into the thorough mode. This rule annoys me the most personally tbh.
| | UseSingularNouns | Warning | Aggressive | x | | ||
| | UseSupportsShouldProcess | Warning | Aggressive | x | | ||
| | UseToExportFieldsInManifest | Warning | Default | | | ||
| | UseCompatibleCmdlets | Warning | | | |
There was a problem hiding this comment.
Correct decision because the rule does nothing by default. In the future we could tweak it to use the current ps version/platform but the rule is not ready for that yet.
|
Another item that popped to mind - changes to the "default" rule set probably have a wide impact. For example, I know the DSC team requires all PSSA warnings to be eliminated (and I think they base that on the default rule set, although I haven't read their Coding Requirements document in at least six months). Changes to the default should probably follow the "least surprise" rule. |
|
For completeness, the rules used by the |
|
I'd like to see something like this ship with PSSA. An additional parameter set that allows the user to select a set of "canned" settings that ship with PSSA. For example: This is very analogous to the named rule sets that ship with FxCop. PSSA already covers the customizable rule set functionality. |
|
@rkeithhill You already can, just press Invoke-ScriptAnalyzer -Path $path -Settings PSGallery |
|
Excellent. I remember this getting talked about but never heard that it got implemented. So these new suggestions (All, Thorough/Aggressive) just extend this mechanism, right? |
Co-Authored-By: TylerLeonhardt <tylerl0706@gmail.com>
Co-Authored-By: TylerLeonhardt <tylerl0706@gmail.com>
Co-Authored-By: TylerLeonhardt <tylerl0706@gmail.com>
|
Yeah if we can extend the mechanism already available in PSSA, that makes this really nice and reusable elsewhere. Can you comment on the extensibility @bergmeister? |
|
@PowerShell/powershell-committee discussed this and agreed that, while it's a worthwhile discussion being held here, we think that it belongs more in an issue discussion on PowerShell/vscode-powershell |
No description provided.