Modify rule S6387: Add language AzureResourceManager (Bicep) (#1907)

SonarSource · Sep 13, 2023 · 4c61cfe · 4c61cfe
1 parent 897bb45
commit 4c61cfe
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 10 deletions.
diff --git a/rules/S6387/azureresourcemanager/highlighting.adoc b/rules/S6387/azureresourcemanager/highlighting.adoc
@@ -0,0 +1,8 @@
+=== Highlighting
+==== JSON
+
+Highlight the relevant `$schema` property
+
+==== Bicep
+
+Highlight the relevant `targetScope` property
diff --git a/rules/S6387/azureresourcemanager/rule.adoc b/rules/S6387/azureresourcemanager/rule.adoc
@@ -6,6 +6,15 @@ include::../recommended.adoc[]
 
 == Sensitive Code Example
 
+[source,bicep,diff-id=1,diff-type=noncompliant]
+----
+targetScope = 'subscription' // Sensitive
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, 'exampleRoleAssignment')
+}
+----
+
 [source,json,diff-id=2,diff-type=noncompliant]
 ----
 {
@@ -23,7 +32,16 @@ include::../recommended.adoc[]
 
 == Compliant Solution
 
-[source,json,diff-id=2,diff-type=compliant]
+[source,bicep,diff-id=1,diff-type=compliant]
+----
+targetScope = 'resourceGroup'
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(resourceGroup().id, 'exampleRoleAssignment')
+}
+----
+
+[source,json,diff-id=2,diff-type=noncompliant]
 ----
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -49,14 +67,6 @@ ifdef::env-github,rspecator-view[]
 
 include::../message.adoc[]
 
-=== Highlighting
-==== JSON
-
-Highlight the relevant `$schema` property
-
-==== Bicep
-
-Highlight the relevant `targetScope` property
-
+include::highlighting.adoc[]
 
 endif::env-github,rspecator-view[]