Allow modules to provide rules

[WithHolm]

Summary of the new feature

as a user/developer I would like to have rules be defined as a part of a module.

As it stands now, the only possibility i can see right now to import "custom" rules is via CustomRulePath, however documentation and testing leads me to believe this only supports a known static or relative path.

Proposed technical implementation details (optional)

As a part of your documentation you talk about MEF, but this is possibly only for CustomRulePath? I can see as part of instance that you have ValidModPaths, but it seemes to only have data appended by methods in reference to GetValidCustomRulePaths()?

• checking all commands in psmodulepath that outputs Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic.DiagnosticRecord?
  • Alternativly you could have the module require to have psdata.ExternalModuleDependencies defined to scriptanalyzer?
• alternativly you can add usingModules to settings so you dont need to re-check all modules in current runspace, but just the ones defined by the user

I want Scriptanalyzer to also check available rules from modules.

What is the latest version of PSScriptAnalyzer at the point of writing
1.24.0

[bergmeister]

I think it is definitely a good idea but probably not that easy to implement. Happy to accept contributions

[SamErde]

as a user/developer I would like to have rules be defined as a part of a module.

As it stands now, the only possibility i can see right now to import "custom" rules is via CustomRulePath, however documentation and testing leads me to believe this only supports a known static or relative path.

Out of curiosity, can you please clarify whether you want to:

• use these custom rules for the development and validation of/within a specific PowerShell module project,
• or to define custom rules within a module and allow those rules to be referenced and used to analyze other scripts outside of the source module?

[WithHolm]

Out of curiosity, can you please clarify whether you want to:

* use these custom rules for the development and validation of/within a specific PowerShell module project,

* or to define custom rules within a module and allow those rules to be referenced and used to analyze other scripts outside of the source module?

short answer? yes.

longer answer? great question! its actually both as they build upon each other:

• my experience when setting up or updating development Enviroment and you want to use custom rules, you have to:
  • set up some sort of a "AnalyzerRules" module in your project that can contain any rules you may end up making (as per documentation)
  • add the path of the module under CustomRulePath to PSScriptAnalyzerSettings.psd1
  • don't forget to set includeDefaultRules to true or else it will only run your custom rules.

what you essentially already have here is "load a module containing rules with scriptanalyzer" with extra steps.

now doing this would also allow your second point to happen:

• you could now allow community modules to come in and write and publish rules.
• in a dev/devops setting it would be WAY easier to have a scriptanalyzer config that pointed to known "good use" modules (psgallery and/or internal) with the correct rule-sets enabled than having this discovered as a part of a PR action, saving development time.

so:

yes to define custom rules within a module that can be published/downloaded to/from psgallery and to allow those rules to be referenced and used to analyze scripts, for the development and validation of/within a specific PowerShell module project

i hope this answers any questions :)