Binary cmdlets spam the information stream inappropriately and logs sensitive information to that stream #373
Description
This is related to #371, which calls out the need to replace the use of Write-Information with Write-Verbose in your auto-generated PowerShell script (psm1 and ps1) files.
Your auto-generated binary cmdlets are spamming the information stream, which results in a lot of undesirable information for end users if a script is run using the PowerShell SDK.
Consider the following simple example:
$ps = [powershell]::Create()
$ps.AddScript(@'
$certificateThumbprint = 'Enter your cert thumbprint here'
$appId = 'Enter your Azure application ID here'
$tenantNameOrId = 'Enter your Azure tenant name or ID here'
Connect-Graph -CertificateThumbprint $certificateThumbprint -ClientId $appId -TenantId $tenantNameOrId
$domain = Get-MgDomain
'@).Invoke()
$ps.Streams.InformationThis command outputs the following on my system:
Welcome To Microsoft Graph!
Loaded Azure profile 'v1.0-beta' for module 'Microsoft.Graph.Identity.Domains'
Loaded Azure profile 'v1.0-beta' for module 'Microsoft.Graph.Identity.Domains'
Loaded Module 'Microsoft.Graph.Identity.Domains'
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
Microsoft.Graph.PowerShell.Runtime.EventData
None of that information is useful to a scripter, but the information stream cannot be easily silenced this way without workarounds (see PowerShell/PowerShell/issues/13631). The end result is just noise.
Worse, looking more closely at that data I see some auth token information in there, which I most certainly would not want captured in a log file, so this needs to be off by default in all execution paths. To get that, you're going to have to move away from using the information stream. Plus, you're currently writing your information output as text in tags??? That doesn't make sense. Tags is to tag an information stream entry with something that can be used to categorize or process the message in that stream. Tags is not for the messages themselves. That is just wrong.
You really need to re-think your message handling in your binary cmdlets, because you're not doing something right. At best I would log the Microsoft.Graph.PowerShell.Runtime.EventData as debug messages (not verbose, please -- don't spam end users who want just a little more information to troubleshoot a command that they are trying to use), but you need to be careful because in Windows PowerShell 5.1, the Debug stream acts as a dynamic breakpointer (sort of -- it is used to enter nested prompts on demand), and that behavior was not corrected until PowerShell 7.x.
My recommendation: Move all of this text to a conditional invocation of WriteDebug, that is only invoked if DebugPreference is not set to Inquire (this sufficiently gets around the dynamic breakpointer behavior that was corrected in PowerShell/PowerShell/pull/8195).