Modify rule S6380: Add language AzureResourceManager (Bicep)

rules/S6380/azureresourcemanager/rule.adoc

@@ -22,6 +22,13 @@ For https://azure.microsoft.com/en-us/services/app-service/[App Service]:
     ]
 }
 ----
+[source,bicep,diff-id=101,diff-type=noncompliant]
+----
+resource appService 'Microsoft.Web/sites@2022-09-01' = {
+    name: 'example'
+    // Sensitive: no authentication defined
+}
+----
 
 For https://azure.microsoft.com/en-us/services/api-management/[API Management]:
 
@@ -39,6 +46,21 @@ For https://azure.microsoft.com/en-us/services/api-management/[API Management]:
     ]
 }
 ----
+[source,bicep,diff-id=102,diff-type=noncompliant]
+----
+resource apiManagementService 'Microsoft.ApiManagement/service@2022-09-01-preview' = {
+    name: 'example'
+    // Sensitive: no portal authentication defined
+
+    resource apis 'apis@2022-09-01-preview' = {
+        name: 'exampleApi'
+        properties: {
+            path: '/test'
+            // Sensitive: no API authentication defined
+        }
+    }
+}
+----
 
 For https://azure.microsoft.com/en-us/services/data-factory/[Data Factory] Linked Services:
 
@@ -62,6 +84,18 @@ For https://azure.microsoft.com/en-us/services/data-factory/[Data Factory] Linke
     ]
 }
 ----
+[source,bicep,diff-id=103,diff-type=noncompliant]
+----
+resource linkedService 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
+    name: 'example'
+    properties: {
+        type: 'Web'
+        typeProperties: {
+            authenticationType: 'Anonymous' // Sensitive
+        }
+    }
+}
+----
 
 For https://azure.microsoft.com/en-us/product-categories/storage/[Storage Accounts and Storage Containers]:
 
@@ -82,6 +116,16 @@ For https://azure.microsoft.com/en-us/product-categories/storage/[Storage Accoun
     ]
 }
 ----
+[source,bicep,diff-id=104,diff-type=noncompliant]
+----
+resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
+    name: 'example'
+    properties: {
+        allowBlobPublicAccess: true // Sensitive
+    }
+}
+----
+
 [source,json,diff-id=5,diff-type=noncompliant]
 ----
 {
@@ -106,6 +150,23 @@ For https://azure.microsoft.com/en-us/product-categories/storage/[Storage Accoun
     ]
 }
 ----
+[source,bicep,diff-id=105,diff-type=noncompliant]
+----
+resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
+    name: 'example'
+
+    resource blobService 'blobServices@2022-09-01' = {
+        name: 'default'
+
+        resource containers 'containers@2022-09-01' = {
+            name: 'exampleContainer'
+            properties: {
+                publicAccess: 'Blob' // Sensitive
+            }
+        }
+    }
+}
+----
 
 For https://azure.microsoft.com/en-us/services/cache/[Redis Caches]:
 
@@ -128,6 +189,18 @@ For https://azure.microsoft.com/en-us/services/cache/[Redis Caches]:
     ]
 }
 ----
+[source,bicep,diff-id=106,diff-type=noncompliant]
+----
+resource redisCache 'Microsoft.Cache/redis@2023-04-01' = {
+    name: 'example'
+    location: location
+    properties: {
+        redisConfiguration: {
+            authnotrequired: 'true' // Sensitive
+        }
+    }
+}
+----
 
 == Compliant Solution
 
@@ -160,6 +233,25 @@ For https://azure.microsoft.com/en-us/services/app-service/[App Services and equ
     ]
 }
 ----
+[source,bicep,diff-id=101,diff-type=compliant]
+----
+resource appService 'Microsoft.Web/sites@2022-09-01' = {
+    name: 'example'
+
+    resource authSettings 'config@2022-09-01' = { // Compliant
+        name: 'authsettingsV2'
+        properties: {
+            globalValidation: {
+                requireAuthentication: true
+                unauthenticatedClientAction: 'AllowAnonymous'
+            }
+            platform: {
+                enabled: true
+            }
+        }
+    }
+}
+----
 
 For https://azure.microsoft.com/en-us/services/api-management/[API Management]:
 
@@ -200,6 +292,32 @@ For https://azure.microsoft.com/en-us/services/api-management/[API Management]:
     ]
 }
 ----
+[source,bicep,diff-id=102,diff-type=compliant]
+----
+resource apiManagementService 'Microsoft.ApiManagement/service@2022-09-01-preview' = {
+    name: 'example'
+
+    resource portalSettings 'portalsettings@2022-09-01-preview' = {
+        name: 'signin'
+        properties: {
+            enabled: true // Compliant: Sign-in is enabled for portal access
+        }
+    }
+
+    resource apis 'apis@2022-09-01-preview' = {
+        name: 'exampleApi'
+        properties: {
+            path: '/test'
+            authenticationSettings: { // Compliant: API has authentication enabled
+                openid: {
+                    bearerTokenSendingMethods: ['authorizationHeader']
+                    openidProviderId: '<an OpenID provider ID>'
+                }
+            }
+        }
+    }
+}
+----
 
 For https://azure.microsoft.com/en-us/services/data-factory/[Data Factory] Linked Services:
 
@@ -223,6 +341,27 @@ For https://azure.microsoft.com/en-us/services/data-factory/[Data Factory] Linke
     ]
 }
 ----
+[source,bicep,diff-id=103,diff-type=compliant]
+----
+@secure()
+@description('The password for authentication')
+param password string
+
+resource linkedService 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
+    name: 'example'
+    properties: {
+        type: 'Web'
+        typeProperties: {
+            authenticationType: 'Basic' // Compliant
+            username: 'test'
+            password: {
+                type: 'SecureString'
+                value: password
+            }
+        }
+    }
+}
+----
 
 For https://azure.microsoft.com/en-us/product-categories/storage/[Storage Accounts]:
 
@@ -243,6 +382,16 @@ For https://azure.microsoft.com/en-us/product-categories/storage/[Storage Accoun
     ]
 }
 ----
+[source,bicep,diff-id=104,diff-type=compliant]
+----
+resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
+  name: 'example'
+  properties: {
+    allowBlobPublicAccess: false // Compliant
+  }
+}
+----
+
 [source,json,diff-id=5,diff-type=compliant]
 ----
 {
@@ -267,6 +416,23 @@ For https://azure.microsoft.com/en-us/product-categories/storage/[Storage Accoun
     ]
 }
 ----
+[source,bicep,diff-id=105,diff-type=compliant]
+----
+resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
+    name: 'example'
+
+    resource blobService 'blobServices@2022-09-01' = {
+        name: 'default'
+
+        resource containers 'containers@2022-09-01' = {
+            name: 'exampleContainer'
+            properties: {
+                publicAccess: 'None' // Compliant
+            }
+        }
+    }
+}
+----
 
 For https://azure.microsoft.com/en-us/services/cache/[Redis Caches]:
 
@@ -287,6 +453,18 @@ For https://azure.microsoft.com/en-us/services/cache/[Redis Caches]:
     ]
 }
 ----
+[source,bicep,diff-id=106,diff-type=compliant]
+----
+resource redisCache 'Microsoft.Cache/redis@2023-04-01' = {
+    name: 'example'
+    location: location
+    properties: {
+        redisConfiguration: {
+            // Compliant: authentication is enabled by default
+        }
+    }
+}
+----
 
 include::../see.adoc[]