powershell/PSAvoidUsingInvokeExpression

powershell/PSAvoidUsingInvokeExpression is a PSScriptAnalyzer diagnostic emitted by tally for PowerShell snippets embedded in Dockerfiles.

Property	Value
Severity	Warning
Category	PSScriptAnalyzer
Auto-fix	No

Description

Care must be taken when using the Invoke-Expression command. The Invoke-Expression executes the specified string and returns the results. Code injection into your application or script can occur if the expression passed as a string includes any data provided from the user.

How

Remove the use of Invoke-Expression.

Examples

Problematic code

Invoke-Expression 'Get-Process'

Correct code

Get-Process

Source

This rule documentation is adapted from Microsoft’s PSScriptAnalyzer documentation for AvoidUsingInvokeExpression, licensed under CC BY 4.0.

Overview

Security

Correctness

Performance

Style

Labels

GPU / CUDA

PHP

PowerShell

Windows

BuildKit Rules

Hadolint Rules

ShellCheck Rules

powershell/PSAvoidUsingInvokeExpression

Description

How

Examples

Problematic code

Correct code

Source

Overview

Security

Correctness

Performance

Style

Labels

GPU / CUDA

PHP

PowerShell

Windows

BuildKit Rules

Hadolint Rules

ShellCheck Rules

Documentation Index

​Description

​How

​Examples

​Problematic code

​Correct code

​Source

Description

How

Examples

Problematic code

Correct code

Source