| description | ms.custom | ms.date | ms.topic | title |
|---|---|---|---|---|
Avoid Using Invoke-Expression |
PSSA v1.21.0 |
06/28/2023 |
reference |
AvoidUsingInvokeExpression |
Severity Level: Warning
Care must be taken when using the Invoke-Expression command. The Invoke-Expression executes the
specified string and returns the results.
Code injection into your application or script can occur if the expression passed as a string includes any data provided from the user.
Remove the use of Invoke-Expression.
Invoke-Expression 'Get-Process'Get-Process