0

I have a powershell script which can be called by certain users. The script runs with some elevated permissions so I need to make sure they can't use it to bypass the intended behavior. One of the parameters to the script is a string which acts as the arguments for another cmdlet.

So a user might supply the string '-Day 4 -Year 1989 -Month 3'

then in my script, I'd want to run: Get-Date -Day 4 -Year 1989 -Month 3

Now I know I could do this via Invoke-Expression but that would leave me vulnerable to powershell injection (ie: the user could pass in '-day 4; do-bad-stuff')

Alternatively, I could write a wrapper for Get-Date but that seems like a lot of work since the cmdlet I'm actually calling (it's not Get-Date) has a lot of different parameters and it seems like a lot of work to wrap them all. There's no arguments they could call on that cmdlet which could cause harm (since it's a Get-xxx cmdlet).

Anyone know of a way to call a specific cmdlet with a string as it's arguments?

Horatiu
  • 29
  • 3
  • [Maybe a proxy function?](http://blogs.technet.com/b/heyscriptingguy/archive/2011/03/01/proxy-functions-spice-up-your-powershell-core-cmdlets.aspx) Still not sure what you're trying to do. Can you supply a sample/snippet of your script? – E.V.I.L. Jun 13 '13 at 18:35
  • The closest I can think of that's built in is argument splatting. http://technet.microsoft.com/en-us/magazine/gg675931.aspx – JohnL Jun 13 '13 at 18:51
  • JohnL, that is close to what I want. I would need to convert string `'-Day 4 -Year 1989 -Month 3'` to `$p = @{'day'='4';'year'='1989';'month'='3'}`. That's not too hard to do but I'm was wondering if there's a way to do this behavior automatically. If nothing better shows up, I guess I can use that. – Horatiu Jun 13 '13 at 18:58

1 Answers1

1

Using parameter validation:

Function Foo 
{ 
    Param( 
        [ValidateRange(1,31)] 
        [String] 
        $day 
    , 
        [ValidateRange(1900,2013)] 
        [Int] 
        $Year 
    , 
        [ValidateRange(1,12)] 
        [string] 
        $Month 
    ) 
    Process 
    { 
         Get-Date -Day $day -Year $year -Month $month 
    } 
}

Read here and here to learn improve the validation

CB.
  • 58,865
  • 9
  • 159
  • 159