I was playing around with dynamic module creation and figured out how to monkey patch modules.
I then thought about how PowerShell is a Last-In-Wins language, and tried replacing private methods.
This led to the "what if" moment of pulling secure data out of a loaded module. In this case, the username and password of a credential set.
This seems like a security issue to me, or am I being over sensitive?
This seems similar to how we discovered Mocking with Chocolatey - https://github.com/chocolatey/chocolatey/tree/fcc68ba881a52984c187390c7c9de66a787505e9/tests
Recently I learned you don't even need to overwrite the function, just create an alias with the same name and it doesn't matter what your function is named. If the user is just calling it, without a local scope, it will call your alias instead. https://technet.microsoft.com/en-us/library/hh848304.aspx
Windows PowerShell uses the following
precedence order when it runs commands:
1. Alias
2. Function
3. Cmdlet
4. Native Windows commands
Update: May only work for the exported functions, not the private ones.
This seems like a bit of a security issue.