Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
PowerShell Module Security
Copy link

This seems like a bit of a security issue.

Copy link

This seems similar to how we discovered Mocking with Chocolatey -

Copy link

Recently I learned you don't even need to overwrite the function, just create an alias with the same name and it doesn't matter what your function is named. If the user is just calling it, without a local scope, it will call your alias instead.

Windows PowerShell uses the following
precedence order when it runs commands:

1. Alias
2. Function
3. Cmdlet 
4. Native Windows commands

Update: May only work for the exported functions, not the private ones.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment