Closed
Description
I would have thought that this rule wasn't necessary, but then a team publishes some cmdlets that show that it is necessary.
We need a rule for commands that don't support ShouldProcess (e.g. SupportsShouldProcess -eq $false) that checks to make sure they don't have -Confirm or -WhatIf parameters. Confirm and WhatIf are common parameters that should only be added to functions or cmdlets by SupportsShouldProcess. Manual addition of these parameters should be considered an error.
Detecting this once a module is loaded is trivial:
Install-Module AzureADPreview
$command = Get-Command Connect-AzureAD
$commandMetadata = New-Object -TypeName System.Management.Automation.CommandMetadata -ArgumentList $command
if (-not $commandMetadata.SupportsShouldProcess -and ($command.Parameters['Confirm'] -or $command.Parameters['WhatIf'])) {
# Bad
}
Since this rule is based on command metadata, the logic should be written so that it supports running against binary modules as well.