AvoidUsingInvokeExpression
Severity Level: Warning
Description
Care must be taken when using the Invoke-Expression
command. The Invoke-Expression
executes the
specified string and returns the results.
Code injection into your application or script can occur if the expression passed as a string includes any data provided from the user.
How
Remove the use of Invoke-Expression
.
Example
Wrong
Invoke-Expression 'Get-Process'
Correct
Get-Process
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for