Skip to content

Add PSScriptAnalyzer linting and fix existing warnings #699

@jwmossmoz

Description

@jwmossmoz

Summary

Ran PSScriptAnalyzer across all non-test PowerShell files (bin/, scripts/, provisioners/). Found 580 issues across 51 files (1 Error, 579 Warnings).

Settings files have been added to the repo on the RELOPS-2180 branch:

  • PSScriptAnalyzerSettings.psd1 (repo root) for production scripts
  • tests/PSScriptAnalyzerSettings.psd1 for Pester test files (suppresses PSUseDeclaredVarsMoreThanAssignments)

Error (1)

PSAvoidUsingConvertToSecureStringWithPlainText

  • provisioners/windows/MDC1Windows/OS-deploy.ps1:63

Warnings by Rule

PSAvoidUsingWriteHost (421 occurrences)

Intentional for provisioning/logging scripts. Should be suppressed in settings or left as-is.

PSUseShouldProcessForStateChangingFunctions (35)

Functions using New-/Set-/Remove- verbs without [CmdletBinding(SupportsShouldProcess)].

File Line
bin/WorkerImages/Public/New-AWSWorkerImage.ps1 1
bin/WorkerImages/Public/Set-AzWorkerImageOutput.ps1 1
bin/WorkerImages/Public/Remove-AzVMImageVersion.ps1 1
bin/WorkerImages/Public/New-AzSharedWorkerImage_temp.ps1 1
bin/WorkerImages/Public/Set-AzWorkerImageLocation.ps1 1
bin/WorkerImages/Public/New-AzWorkerImage.ps1 1
bin/WorkerImages/Public/Set-GCPWorkerImageProject.ps1 1
bin/WorkerImages/Public/New-GCPWorkerImage.ps1 1
bin/WorkerImages/Public/New-AzSharedWorkerImage.ps1 1
bin/WorkerImages/Public/Remove-AzWorkerImage.ps1 1
bin/WorkerImages/Public/Set-GCPWorkerImageName.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Set-YAMLModule.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Set-ReleaseNotes2.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Start-AzRoninPuppet.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Set-OOBE.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Set-PesterVersion.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Set-ReleaseNotes.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Set-AzRoninRepo.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Set-MarkdownPSModule.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Set-Logging.ps1 1
scripts/windows/CustomFunctions/Bootstrap/Public/Set-RoninRegOptions.ps1 1
provisioners/windows/MDC1Windows/OS-deploy.ps1 85
provisioners/windows/MDC1Windows/Get-Bootstrap.ps1 24, 104, 148, 279
provisioners/windows/MDC1Windows/bootstrap.ps1 305, 365, 390, 591, 841, 855, 870
provisioners/windows/MDC1Windows/utility_scripts/AuditAndPXE.ps1 231
provisioners/windows/MDC1Windows/utility_scripts/SetPXE.ps1 40

PSReviewUnusedParameter (30)

Declared parameters that are never referenced in the function body.

File Lines
bin/WorkerImages/Public/New-AWSWorkerImage.ps1 16
bin/WorkerImages/Public/New-AzSharedWorkerImage_temp.ps1 11
bin/WorkerImages/Public/New-GCPWorkerImage.ps1 6, 7, 8, 9, 10
bin/WorkerImages/Public/New-AzSharedWorkerImage.ps1 7, 58
scripts/windows/CustomFunctions/Bootstrap/Public/Set-ReleaseNotes2.ps1 17, 18
scripts/windows/CustomFunctions/Bootstrap/Public/Start-AzRoninPuppet.ps1 3, 5, 6, 9, 13, 15
scripts/windows/CustomFunctions/Bootstrap/Public/Set-AzRoninRepo.ps1 6, 7, 8, 9, 10
scripts/windows/CustomFunctions/Bootstrap/Public/Install-AzPreReq.ps1 5
scripts/windows/CustomFunctions/Bootstrap/Public/Invoke-RoninTest.ps1 6
scripts/windows/CustomFunctions/Bootstrap/Public/Install-Pwsh.ps1 5
scripts/windows/CustomFunctions/Bootstrap/Public/Get-InstalledSoftware.ps1 18
provisioners/windows/MDC1Windows/OS-deploy.ps1 2
provisioners/windows/MDC1Windows/Get-Bootstrap.ps1 106
provisioners/windows/MDC1Windows/bootstrap.ps1 309
provisioners/windows/MDC1Windows/utility_scripts/AuditAndPXE.ps1 9

PSAvoidUsingCmdletAliases (20)

Using aliases (%, ?, select, etc.) instead of full cmdlet names.

File Lines
scripts/windows/CustomFunctions/Bootstrap/Public/Get-WinFactsCustomOS.ps1 20, 35
scripts/windows/tceng/generic-worker-win2022-staging.ps1 127, 128, 270, 271, 364, 368, 372
scripts/windows/tceng/generic-worker-win2022.ps1 122, 123, 265, 266, 353, 357, 361
scripts/windows/tceng/generic-worker-win2025-staging.ps1 127, 128, 270, 271

PSAvoidOverwritingBuiltInCmdlets (7)

File Line
scripts/windows/CustomFunctions/Bootstrap/Public/Write-Log.ps1 1
scripts/windows/tceng/generic-worker-win2022-staging.ps1 2
scripts/windows/tceng/generic-worker-win2022.ps1 2
scripts/windows/tceng/generic-worker-win2025-staging.ps1 2
provisioners/windows/MDC1Windows/Get-Bootstrap.ps1 1
provisioners/windows/MDC1Windows/bootstrap.ps1 266
provisioners/windows/MDC1Windows/utility_scripts/SetPXE.ps1 1

PSAvoidAssignmentToAutomaticVariable (6)

File Line
scripts/windows/tceng/generic-worker-win2022-staging.ps1 29
scripts/windows/tceng/generic-worker-win2022.ps1 29
scripts/windows/tceng/generic-worker-win2025-staging.ps1 29
provisioners/windows/MDC1Windows/bootstrap.ps1 233
provisioners/windows/MDC1Windows/utility_scripts/AuditAndPXE.ps1 186, 335

PSPossibleIncorrectComparisonWithNull (4)

$null should be on the left side of comparisons.

File Line
scripts/windows/tceng/generic-worker-win2022-staging.ps1 75
scripts/windows/tceng/generic-worker-win2022.ps1 75
scripts/windows/tceng/generic-worker-win2025-staging.ps1 75
provisioners/windows/MDC1Windows/OS-deploy.ps1 737

PSAvoidUsingInvokeExpression (3)

File Line
scripts/windows/tceng/generic-worker-win2022-staging.ps1 234
scripts/windows/tceng/generic-worker-win2022.ps1 229
scripts/windows/tceng/generic-worker-win2025-staging.ps1 234

Other (remaining)

  • PSUseApprovedVerbs (15) — non-standard verbs in function names
  • PSUseSingularNouns (17) — plural nouns in function names
  • PSUseToExportFieldsInManifest (6) — wildcard exports in .psd1 files
  • PSUseBOMForUnicodeEncodedFile (5) — missing BOM on Unicode files
  • PSUseDeclaredVarsMoreThanAssignments (4) — unused variables
  • PSAvoidUsingWMICmdlet (2) — deprecated WMI cmdlets in Get-WinFactsCustomOS.ps1
  • PSUseProcessBlockForPipelineCommand (2) — Get-InstalledSoftware.ps1 missing process block
  • PSAvoidUsingPlainTextForPassword (1) — OS-deploy.ps1:11
  • PSAvoidUsingEmptyCatchBlock (1) — bootstrap.ps1:950

Suggested Next Steps

  1. Fix the 1 Error (ConvertToSecureStringWithPlainText)
  2. Suppress PSAvoidUsingWriteHost in the root settings (intentional usage)
  3. Consider suppressing PSUseShouldProcessForStateChangingFunctions (these are provisioning scripts, not interactive cmdlets)
  4. Fix PSAvoidUsingCmdletAliases and PSPossibleIncorrectComparisonWithNull (low effort, high value)
  5. Review PSAvoidUsingInvokeExpression for security implications
  6. Add PSScriptAnalyzer to CI pipeline

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions