Skip to main content
powershell/PSAvoidUsingInvokeExpression is a PSScriptAnalyzer diagnostic emitted by tally for PowerShell snippets embedded in Dockerfiles.

Description

Care must be taken when using the Invoke-Expression command. The Invoke-Expression executes the specified string and returns the results. Code injection into your application or script can occur if the expression passed as a string includes any data provided from the user.

How

Remove the use of Invoke-Expression.

Examples

Problematic code

Correct code

Source

This rule documentation is adapted from Microsoft’s PSScriptAnalyzer documentation for AvoidUsingInvokeExpression, licensed under CC BY 4.0.