Module powershell_security 

PowerShell-specific security analysis for command validation.

Detects dangerous patterns: code injection, download cradles, privilege escalation, dynamic command names, COM objects, etc.

Structs

PowerShellSecurityResult

PowerShell security result

Enums

SecurityBehavior

Security result behavior

Functions

check_download_cradles

Checks for download cradle patterns

check_dynamic_command_name

Checks for dynamic command name (command name is an expression)

check_encoded_command

Checks for encoded command parameters

check_env_modification

Checks for environment variable modifications

check_filepath_execution

Checks for file path execution patterns

check_invoke_expression

Checks for Invoke-Expression or its alias (iex)

check_module_loading

Checks for module loading

check_pwsh_command

Checks for PowerShell re-invocation

check_script_block_cmdlets

Checks for dangerous script block patterns

powershell_command_is_safe

Main security check - combines all individual checks