diff --git a/docs/header_names/allowed_framework_names.adoc b/docs/header_names/allowed_framework_names.adoc index ca69c74b547..28fa91474b0 100644 --- a/docs/header_names/allowed_framework_names.adoc +++ b/docs/header_names/allowed_framework_names.adoc @@ -105,3 +105,6 @@ * CommonCrypto * CryptoSwift * IDZSwiftCommonCrypto +// Azure resource manager +* ARM templates +* Bicep diff --git a/rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc b/rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc new file mode 100644 index 00000000000..d45c3814691 --- /dev/null +++ b/rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc @@ -0,0 +1,34 @@ +== How to fix it in ARM templates + +=== Code examples + +==== Noncompliant code example + +[source,json,diff-id=1,diff-type=noncompliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "secretValue": { + "type": "securestring", + "defaultValue": "S3CR3T" + } + } +} +---- + +==== Compliant solution + +[source,json,diff-id=1,diff-type=compliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "secretValue": { + "type": "securestring" + } + } +} +---- \ No newline at end of file diff --git a/rules/S6648/azureresourcemanager/how-to-fix-it/bicep.adoc b/rules/S6648/azureresourcemanager/how-to-fix-it/bicep.adoc new file mode 100644 index 00000000000..17f90e6e292 --- /dev/null +++ b/rules/S6648/azureresourcemanager/how-to-fix-it/bicep.adoc @@ -0,0 +1,19 @@ +== How to fix it in Bicep + +=== Code examples + +==== Noncompliant code example + +[source,bicep,diff-id=1,diff-type=noncompliant] +---- +@secure() +param secureStringWithDefaultValue string = 'S3CR3T' // Noncompliant +---- + +==== Compliant solution + +[source,bicep,diff-id=1,diff-type=compliant] +---- +@secure() +param secureStringWithDefaultValue string +---- \ No newline at end of file diff --git a/rules/S6648/azureresourcemanager/rule.adoc b/rules/S6648/azureresourcemanager/rule.adoc index 84246d5487e..715f5e3788b 100644 --- a/rules/S6648/azureresourcemanager/rule.adoc +++ b/rules/S6648/azureresourcemanager/rule.adoc @@ -10,41 +10,9 @@ Secure parameters can be assigned a default value which will be used if the para If the default value contains a secret, it will be disclosed to all accounts that have read access to the deployment history. -== How to fix it in ARM Templates - -=== Code examples - -==== Noncompliant code example - -[source,json,diff-id=1,diff-type=noncompliant] ----- -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "secretValue": { - "type": "securestring", - "defaultValue": "S3CR3T" - } - } -} ----- - -==== Compliant solution - -[source,json,diff-id=1,diff-type=compliant] ----- -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "secretValue": { - "type": "securestring" - } - } -} ----- +include::how-to-fix-it/arm.adoc[] +include::how-to-fix-it/bicep.adoc[] == Resources === Documentation @@ -70,4 +38,4 @@ ifdef::env-github,rspecator-view[] The default value -endif::env-github,rspecator-view[] \ No newline at end of file +endif::env-github,rspecator-view[]