Constrained Language Audit mode breaks az.resources #20785
Description
Prerequisites
- Write a descriptive title.
- Make sure you are able to repro it on the latest released version
- Search the existing issues.
- Refer to the FAQ.
- Refer to Differences between Windows PowerShell 5.1 and PowerShell.
Steps to reproduce
Previously, in 7.3.9, I could use the Get-AzADGroup cmdlet from az.resources. This now fails in 7.4.0, logging the following warning to the event log, apparently due to Constrained Language mode. I have read the notes at https://learn.microsoft.com/en-us/powershell/scripting/learn/application-control?view=powershell-7.4#wdac-policy-enforcement but my understanding is that this is in warning-only mode, so not sure why this breaks.
Confirm 7.4.0 works fine where WDAC doesn't get involved. In both cases, $ExecutionContext.SessionState.LanguageMode reads as "FullLanguage" but with WDAC, we get the below error.
Can also confirm that rolling back to 7.3.9, Get-AZADGroup works fine again.
Expected behavior
PS > get-azadgroup -displayname azurevirtualdesktop
DisplayName Id MailNickname Description
----------- -- ------------ -----------
AzureVirtualDesktop 4b5fc7cb.....745ff 61b71d76-7 Azure Virtual Desktop usersActual behavior
PowerShell 7.4.0
[Constrained Language AUDIT Mode : No Restrictions]
PS > ipmo az.resources
PS> get-azadgroup -DisplayName azurevirtualdesktop
ParentContainsErrorRecordException: ....\Documents\PowerShell\Modules\az.resources\6.12.0\MSGraph.Autorest\exports\ProxyCmdletDefinitions.ps1:3532
Line |
3532 | $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvoc …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Exception calling "GetSteppablePipeline" with "1" argument(s): "The expression after '&' in a pipeline element
| produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo
| object."
PS > $ExecutionContext.SessionState.LanguageMode = 'FullLanguage'
PS > get-azadgroup -DisplayName azurevirtualdesktop
ParentContainsErrorRecordException: ....\Documents\PowerShell\Modules\az.resources\6.12.0\MSGraph.Autorest\exports\ProxyCmdletDefinitions.ps1:3532
Line |
3532 | $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvoc …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Exception calling "GetSteppablePipeline" with "1" argument(s): "The expression after '&' in a pipeline element
| produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo
| object."
### Error details
```console
From PowershellCore/Operational:
Error Message = Exception calling "GetSteppablePipeline" with "1" argument(s): "The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo object."
Fully Qualified Error ID = RuntimeException
Context:
Severity = Warning
Host Name = ConsoleHost
Host Version = 7.4.0
Host ID = e0d32791-7e3c-44a6-bbb3-c46817f36700
Host Application = C:\Program Files\PowerShell\7\pwsh.dll
Engine Version = 7.4.0
Runspace ID = 33297d30-ce4f-4807-ba84-84f0aa1b96de
Pipeline ID = 17
Command Name =
Command Type =
Script Name = ....\Documents\PowerShell\Modules\az.resources\6.12.0\MSGraph.Autorest\exports\ProxyCmdletDefinitions.ps1
Command Path =
Sequence Number = 10
Connected User =
Shell ID = Microsoft.PowerShell
User Data:
Environment data
Name Value
---- -----
PSVersion 7.4.0
PSEdition Core
GitCommitId 7.4.0
OS Microsoft Windows 10.0.19045
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Visuals
No response