Add AvoidUsingAllowUnencryptedAuthentication by MJVL · Pull Request #1857 · PowerShell/PSScriptAnalyzer

PR Summary

This adds a new rule: AvoidUsingAllowUnencryptedAuthentication.

This rule searches for use of the -AllowUnencryptedAuthentication switch. This mainly serves to flag use with Invoke-WebRequest and Invoke-RestMethod, but also works for other cmdlets which may use the same parameter scheme.

This parameter is directly warned against in MSDN as it isn't secure. It is risky and should only be used for compatibility with legacy systems. A Warning here should be sufficient to dissuade against this.

PR Checklist

• PR has a meaningful title
  • Use the present tense and imperative mood when describing your changes
• Summarized changes
• Change is not breaking
• Make sure all .cs, .ps1 and .psm1 files have the correct copyright header
• Make sure you've added a new test if existing tests do not effectively test the code changed and/or updated documentation
• This PR is ready to merge and is not Work in Progress.
  • If the PR is work in progress, please add the prefix WIP: to the beginning of the title and remove the prefix when the PR is ready.