The PSAvoidUsingPlainTextForPassword is being flagged incorrectly in both v1.5.0 and v1.6.0. It seems to trip whenever there is "Password" mentioned in the parameter name:
PSAvoidUsingPlainTextForPassword Warning MSFT_xADUs 259 Parameter '$PasswordAuthenticationContext' should
er.psm1 use SecureString, otherwise this will expose
sensitive information. See ConvertTo-SecureString
for more information.
PSAvoidUsingPlainTextForPassword Warning MSFT_xADUs 521 Parameter '$PasswordAuthenticationContext' should
er.psm1 use SecureString, otherwise this will expose
sensitive information. See ConvertTo-SecureString
for more information.
PSAvoidUsingPlainTextForPassword Warning MSFT_xADUs 771 Parameter '$PasswordAuthenticationContext' should
er.psm1 use SecureString, otherwise this will expose
sensitive information. See ConvertTo-SecureString
for more information.
PSAvoidUsingPlainTextForPassword Warning MSFT_xADUs 965 Parameter '$PasswordAuthenticationContext' should
er.psm1 use SecureString, otherwise this will expose
sensitive information. See ConvertTo-SecureString
for more information.
Here's the parameter definition:
[Parameter()]
[ValidateSet('Default','Negotiate')]
[System.String] $PasswordAuthenticationContext = 'Default'
This parameter is perfectly legal and it makes no sense that this should be flagged as a warning.
PSAvoidUsingPlainTextForPassword checks for string type parameters with names that contain any of the following: "Password", "Passphrase", "Cred", "Credential". Hence, it trips in the above mentioned case. This is definitely a false alarm and a limitation of the existing implementation
If it helps, please have a look at #371 and #203 for more context on this rule's behavior.
One work around would be use an enum type for the parameter. This would prevent the rule from triggering.
OR
Use rule suppression - [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingPlainTextForPassword", "PasswordAuthenticationContext")]
Looks like [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingPlainTextForPassword", "PasswordAuthenticationContext")] doesn't work. I'll open an issue to fix this.
Here is the issue #569
Most helpful comment
Looks like
[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingPlainTextForPassword", "PasswordAuthenticationContext")]doesn't work. I'll open an issue to fix this.