powershell/PSAvoidUsingConvertToSecureStringWithPlainText

powershell/PSAvoidUsingConvertToSecureStringWithPlainText is a PSScriptAnalyzer diagnostic emitted by tally for PowerShell snippets embedded in Dockerfiles.

Property	Value
Severity	Error
Category	PSScriptAnalyzer
Auto-fix	No

Description

The use of the AsPlainText parameter with the ConvertTo-SecureString command can expose secure information.

How

Use a standard encrypted variable to perform any SecureString conversions.

Recommendations

If you do need an ability to retrieve the password from somewhere without prompting the user, consider using the SecretStore module from the PowerShell Gallery.

Examples

Problematic code

$UserInput = Read-Host 'Please enter your secure code'
$EncryptedInput = ConvertTo-SecureString -String $UserInput -AsPlainText -Force

Correct code

$SecureUserInput = Read-Host 'Please enter your secure code' -AsSecureString

Source

This rule documentation is adapted from Microsoft’s PSScriptAnalyzer documentation for AvoidUsingConvertToSecureStringWithPlainText, licensed under CC BY 4.0.

Overview

Security

Correctness

Performance

Style

Labels

GPU / CUDA

PHP

PowerShell

Windows

BuildKit Rules

Hadolint Rules

ShellCheck Rules

powershell/PSAvoidUsingConvertToSecureStringWithPlainText

Description

How

Recommendations

Examples

Problematic code

Correct code

Source

Overview

Security

Correctness

Performance

Style

Labels

GPU / CUDA

PHP

PowerShell

Windows

BuildKit Rules

Hadolint Rules

ShellCheck Rules

Documentation Index

​Description

​How

​Recommendations

​Examples

​Problematic code

​Correct code

​Source

Description

How

Recommendations

Examples

Problematic code

Correct code

Source