| description | Avoid Using Invoke-Expression |
|---|---|
| ms.custom | PSSA v1.21.0 |
| ms.date | 06/28/2023 |
| ms.topic | reference |
| title | AvoidUsingInvokeExpression |
Severity Level: Warning
Care must be taken when using the Invoke-Expression command. The Invoke-Expression executes the
specified string and returns the results.
Code injection into your application or script can occur if the expression passed as a string includes any data provided from the user.
Remove the use of Invoke-Expression.
Invoke-Expression 'Get-Process'Get-Process