The evaluation of elements in the abstract syntax tree is the method used by the PSScriptAnalyzer tool. The tool can be installed using:
Install-Module PSScriptAnalyzer
PSScriptAnalyzer can be used to inspect a script with the command Invoke-ScriptAnalzyer. For example, the tool will flag warnings and errors about use of the Password parameter and variable, as it is not considered to be a good practice:
[CmdletBinding()] param ( [Parameter(Mandatory = $true)] [String]$Password ) $Credential = New-Object PSCredential( '.user', $Password | ConvertTo-SecureString -AsPlainText -Force ) $Credential.GetNetworkCredential().Password
The results of running PSScriptAnalyzer are shown as follows:
PS> Invoke-ScriptAnalyzer $psISE.CurrentFile.FullPath | Format-List
RuleName : PSAvoidUsingConvertToSecureStringWithPlainText
Severity : Error
Line : 8
Column : 17
Message : File 'password.ps1' uses ConvertTo-SecureString with plaintext. This will expose secure information. Encrypted standard strings should be used instead.
RuleName : PSAvoidUsingPlainTextForPassword
Severity : Warning
Line : 3
Column : 5
Message : Parameter '$Password' should use SecureString, otherwise this will expose sensitive information.
See ConvertTo-SecureString for more information.