PS7CompatibilityRules/AvoidGetSetAccessControl.psm1 at main · janestreet/PS7CompatibilityRules · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
using namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic
using namespace System.Management.Automation.Language
function AvoidGetSetAccessControl {
    <#
    .SYNOPSIS
        Generates errors for GetAccessControl() or SetAccessControl() calls
    .INPUTS
        [ScriptBlockAst]
    .OUTPUTS
        [DiagnosticRecord[]]
    #>
    [CmdletBinding()]
    [OutputType([DiagnosticRecord[]])]
    param (
        # Generic script block we are using to run our predicate against.
        [Parameter(Mandatory)]
        [ValidateNotNullOrEmpty()]
        [ScriptBlockAst]
        $ScriptBlockAst
    )

    $accessControlMethodsPredicate = {
        param (
            [Ast]
            $Ast
        )
        $Ast -is [InvokeMemberExpressionAst] -and
            $Ast.Member.ToString() -match '(Set|Get)AccessControl'
    }
    $violations = $ScriptBlockAst.FindAll($accessControlMethodsPredicate, $false)

    foreach ($violation in $violations) {
        [DiagnosticRecord]@{
            Message           = ("In PS7, the $($violation.Member.ToString()) method is not available. Please " +
                                'use Get-Acl and Set-Acl')
            Extent            = $violation.Extent
            RuleName          = $MyInvocation.MyCommand
            Severity          = 'Error'
            RuleSuppressionID = $violation.Member.ToString()
        }
    }
}