From 4c61cfe3b96a9c537fabb038f90c44b19d4b253d Mon Sep 17 00:00:00 2001
From: Egon Okerman <egon.okerman@sonarsource.com>
Date: Wed, 13 Sep 2023 10:25:18 +0200
Subject: [PATCH] Modify rule S6387: Add language AzureResourceManager (Bicep)
 (#1907)

---
 .../azureresourcemanager/highlighting.adoc    |  8 +++++
 rules/S6387/azureresourcemanager/rule.adoc    | 30 ++++++++++++-------
 2 files changed, 28 insertions(+), 10 deletions(-)
 create mode 100644 rules/S6387/azureresourcemanager/highlighting.adoc

diff --git a/rules/S6387/azureresourcemanager/highlighting.adoc b/rules/S6387/azureresourcemanager/highlighting.adoc
new file mode 100644
index 00000000000..32e603e715b
--- /dev/null
+++ b/rules/S6387/azureresourcemanager/highlighting.adoc
@@ -0,0 +1,8 @@
+=== Highlighting
+==== JSON
+
+Highlight the relevant `$schema` property
+
+==== Bicep
+
+Highlight the relevant `targetScope` property
diff --git a/rules/S6387/azureresourcemanager/rule.adoc b/rules/S6387/azureresourcemanager/rule.adoc
index ee7bccac766..19868c96b73 100644
--- a/rules/S6387/azureresourcemanager/rule.adoc
+++ b/rules/S6387/azureresourcemanager/rule.adoc
@@ -6,6 +6,15 @@ include::../recommended.adoc[]
 
 == Sensitive Code Example
 
+[source,bicep,diff-id=1,diff-type=noncompliant]
+----
+targetScope = 'subscription' // Sensitive
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, 'exampleRoleAssignment')
+}
+----
+
 [source,json,diff-id=2,diff-type=noncompliant]
 ----
 {
@@ -23,7 +32,16 @@ include::../recommended.adoc[]
 
 == Compliant Solution
 
-[source,json,diff-id=2,diff-type=compliant]
+[source,bicep,diff-id=1,diff-type=compliant]
+----
+targetScope = 'resourceGroup'
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(resourceGroup().id, 'exampleRoleAssignment')
+}
+----
+
+[source,json,diff-id=2,diff-type=noncompliant]
 ----
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -49,14 +67,6 @@ ifdef::env-github,rspecator-view[]
 
 include::../message.adoc[]
 
-=== Highlighting
-==== JSON
-
-Highlight the relevant `$schema` property
-
-==== Bicep
-
-Highlight the relevant `targetScope` property
-
+include::highlighting.adoc[]
 
 endif::env-github,rspecator-view[]
\ No newline at end of file