From f3b55e60c26f6b1144584c94f4ff3a6c13c1f89f Mon Sep 17 00:00:00 2001 From: Raghu Shantha Date: Wed, 6 May 2015 10:22:01 -0700 Subject: [PATCH 1/4] Rule Documentation for WMI Cmdlet --- RuleDocumentation/AvoidUsingWMICmdlet.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 RuleDocumentation/AvoidUsingWMICmdlet.md diff --git a/RuleDocumentation/AvoidUsingWMICmdlet.md b/RuleDocumentation/AvoidUsingWMICmdlet.md new file mode 100644 index 000000000..b5b308076 --- /dev/null +++ b/RuleDocumentation/AvoidUsingWMICmdlet.md @@ -0,0 +1,17 @@ +#AvoidAlias +**Severity Level: Warning** + + +##Description + +An alias is an alternate name or nickname for a cmdlet or for a command element, such as a function, script, file, or executable file. But when writing scripts that will potentially need to be maintained over time, either by the original author or another Windows PowerShell scripter, please consider using full cmdlet name instead of alias. Aliases can introduce these problems, readability, understandability and availability. + +##How to Fix + +Please consider using full cmdlet name instead of alias. + +##Example + +Wrong: gps | Where-Object {$_.WorkingSet -gt 20000000} + +Correct: Get-Process | Where-Object {$_.WorkingSet -gt 20000000} From 72858d2f63a134e95cd3a571489856dddc39b1b8 Mon Sep 17 00:00:00 2001 From: "Raghu Shantha [MSFT]" Date: Wed, 6 May 2015 10:32:01 -0700 Subject: [PATCH 2/4] Update AvoidUsingWMICmdlet.md --- RuleDocumentation/AvoidUsingWMICmdlet.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/RuleDocumentation/AvoidUsingWMICmdlet.md b/RuleDocumentation/AvoidUsingWMICmdlet.md index b5b308076..6065d1083 100644 --- a/RuleDocumentation/AvoidUsingWMICmdlet.md +++ b/RuleDocumentation/AvoidUsingWMICmdlet.md @@ -1,17 +1,18 @@ -#AvoidAlias +#AvoidUsingWMICmdlet **Severity Level: Warning** ##Description -An alias is an alternate name or nickname for a cmdlet or for a command element, such as a function, script, file, or executable file. But when writing scripts that will potentially need to be maintained over time, either by the original author or another Windows PowerShell scripter, please consider using full cmdlet name instead of alias. Aliases can introduce these problems, readability, understandability and availability. +Avoid Using Get-WMIObject, Remove-WMIObject, Invoke-WmiMethod, Register-WmiEvent, Set-WmiInstance + +For PowerShell 3.0 and above, use CIM cmdlet which perform the same tasks as the WMI cmdlets. The CIM cmdlets comply with WS-Management (WSMan) standards and with the Common Information Model (CIM) standard, which enables the cmdlets to use the same techniques to manage Windows computers and those running other operating systems. ##How to Fix -Please consider using full cmdlet name instead of alias. +Use corresponding CIM cmdlets such as Get-CIMInstance, Remove-CIMInstance, Invoke-CIMMethod, Register-CimIndicationEvent, Set-CimInstance ##Example -Wrong: gps | Where-Object {$_.WorkingSet -gt 20000000} - -Correct: Get-Process | Where-Object {$_.WorkingSet -gt 20000000} +Get-CimInstance -Query 'Select * from Win32_Process where name LIKE "myprocess%"' | Remove-CIMInstance +Invoke-CimMethod –ClassName Win32_Process –MethodName "Create" –Arguments @{ CommandLine = "notepad.exe" } From 6f2a57b7bd46442d52bc2f99e9dcd86aa786b8a2 Mon Sep 17 00:00:00 2001 From: "Raghu Shantha [MSFT]" Date: Wed, 6 May 2015 11:18:18 -0700 Subject: [PATCH 3/4] Update AvoidUsingWMICmdlet.md --- RuleDocumentation/AvoidUsingWMICmdlet.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/RuleDocumentation/AvoidUsingWMICmdlet.md b/RuleDocumentation/AvoidUsingWMICmdlet.md index 6065d1083..2171c4a62 100644 --- a/RuleDocumentation/AvoidUsingWMICmdlet.md +++ b/RuleDocumentation/AvoidUsingWMICmdlet.md @@ -14,5 +14,10 @@ Use corresponding CIM cmdlets such as Get-CIMInstance, Remove-CIMInstance, Invok ##Example +Wrong: +Get-WmiObject -Query 'Select * from Win32_Process where name LIKE "myprocess%"' | Remove-WmiObject +Invoke-WmiMethod –Class Win32_Process –Name "Create" –ArgumentList @{ CommandLine = "notepad.exe" } + +Correct: Get-CimInstance -Query 'Select * from Win32_Process where name LIKE "myprocess%"' | Remove-CIMInstance Invoke-CimMethod –ClassName Win32_Process –MethodName "Create" –Arguments @{ CommandLine = "notepad.exe" } From 5e7d2f61a9294f30775e3a3591d074f026851860 Mon Sep 17 00:00:00 2001 From: "Yuting Chen[MSFT]" Date: Wed, 6 May 2015 11:21:20 -0700 Subject: [PATCH 4/4] Update AvoidUsingWMICmdlet.md Added quotes for code --- RuleDocumentation/AvoidUsingWMICmdlet.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/RuleDocumentation/AvoidUsingWMICmdlet.md b/RuleDocumentation/AvoidUsingWMICmdlet.md index 2171c4a62..01d6cca01 100644 --- a/RuleDocumentation/AvoidUsingWMICmdlet.md +++ b/RuleDocumentation/AvoidUsingWMICmdlet.md @@ -15,9 +15,12 @@ Use corresponding CIM cmdlets such as Get-CIMInstance, Remove-CIMInstance, Invok ##Example Wrong: +``` Get-WmiObject -Query 'Select * from Win32_Process where name LIKE "myprocess%"' | Remove-WmiObject Invoke-WmiMethod –Class Win32_Process –Name "Create" –ArgumentList @{ CommandLine = "notepad.exe" } - +``` Correct: +``` Get-CimInstance -Query 'Select * from Win32_Process where name LIKE "myprocess%"' | Remove-CIMInstance Invoke-CimMethod –ClassName Win32_Process –MethodName "Create" –Arguments @{ CommandLine = "notepad.exe" } +```