Skip to content

Commit

Permalink
Merge pull request #6980 from Checkmarx/bicep-kics-1313
Browse files Browse the repository at this point in the history 
feat(bicep): adding bicep support
  • Loading branch information
@cx-andrep
cx-andrep authored May 15, 2024
2 parents 88283c4 + 03b966d commit 0d17407
Show file tree
Hide file tree
Showing 424 changed files with 23,579 additions and 18 deletions.
1 change: 1 addition & 0 deletions .github/scripts/coverage/.coverageignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ pkg/engine/mock/*.go
*/**/*_test.go
**/*_mock.go
pkg/parser/jsonfilter/parser/jsonfilter*
pkg/parser/bicep/antlr/parser/bicep*
internal/sentry
1 change: 1 addition & 0 deletions .golangci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,3 +137,4 @@ run:
- docs
- vendor
- pkg/parser/jsonfilter/parser
- pkg/parser/bicep/antlr
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ dkr-compose: ## build docker image and runs docker-compose up
.PHONY: dkr-build-antlr
dkr-build-antlr: ## build ANTLRv4 docker image and generate parser based on given grammar
@docker build -t antlr4-generator:dev -f ./docker/Dockerfile.antlr .
@docker run --rm -u $(id -u ${USER}):$(id -g ${USER}) -v $(pwd)/pkg/parser/jsonfilter/:/work -it antlr4-generator:dev
@docker run --rm -u $(id -u ${USER}):$(id -g ${USER}) -v $(pwd)/pkg/parser:/work -it antlr4-generator:dev

.PHONY: release
release: ## goreleaser --rm-dist
Expand Down
9 changes: 9 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/negative1.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAccountAdmins: true
emailAddresses: ['[email protected]']
retentionDays: 4
state: 'Enabled'
}
}
9 changes: 9 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/negative2.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAccountAdmins: true
emailAddresses: ['[email protected]']
retentionDays: 4
state: 'Enabled'
}
}
9 changes: 9 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/positive1.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAccountAdmins: false
emailAddresses: ['[email protected]']
retentionDays: 4
state: 'Enabled'
}
}
8 changes: 8 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/positive2.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAddresses: ['[email protected]']
retentionDays: 4
state: 'Enabled'
}
}
9 changes: 9 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/positive3.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAccountAdmins: false
emailAddresses: ['[email protected]']
retentionDays: 4
state: 'Enabled'
}
}
8 changes: 8 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/positive4.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAddresses: ['[email protected]']
retentionDays: 4
state: 'Enabled'
}
}
24 changes: 24 additions & 0 deletions ...reResourceManager/account_admins_not_notified_by_email/test/positive_expected_result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,29 @@
"severity": "INFO",
"line": 15,
"filename": "positive4.json"
},
{
"queryName": "Account Admins Not Notified By Email",
"severity": "INFO",
"line": 4,
"filename": "positive1.bicep"
},
{
"queryName": "Account Admins Not Notified By Email",
"severity": "INFO",
"line": 3,
"filename": "positive2.bicep"
},
{
"queryName": "Account Admins Not Notified By Email",
"severity": "INFO",
"line": 4,
"filename": "positive3.bicep"
},
{
"queryName": "Account Admins Not Notified By Email",
"severity": "INFO",
"line": 3,
"filename": "positive4.bicep"
}
]
34 changes: 34 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/negative1.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
networkProfile: {
networkPolicy: 'azure'
}
}
}
34 changes: 34 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/negative2.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
networkProfile: {
networkPolicy: 'azure'
}
}
}
31 changes: 31 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/positive1.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
}
}
34 changes: 34 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/positive2.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
networkProfile: {
networkPolicy: ''
}
}
}
31 changes: 31 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/positive3.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
}
}
34 changes: 34 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/positive4.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
networkProfile: {
networkPolicy: ''
}
}
}
24 changes: 24 additions & 0 deletions ...ourceManager/aks_cluster_network_policy_not_configured/test/positive_expected_result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,29 @@
"severity": "MEDIUM",
"line": 39,
"filename": "positive4.json"
},
{
"queryName": "AKS Cluster Network Policy Not Configured",
"severity": "MEDIUM",
"line": 2,
"filename": "positive1.bicep"
},
{
"queryName": "AKS Cluster Network Policy Not Configured",
"severity": "MEDIUM",
"line": 31,
"filename": "positive2.bicep"
},
{
"queryName": "AKS Cluster Network Policy Not Configured",
"severity": "MEDIUM",
"line": 2,
"filename": "positive3.bicep"
},
{
"queryName": "AKS Cluster Network Policy Not Configured",
"severity": "MEDIUM",
"line": 31,
"filename": "positive4.bicep"
}
]
32 changes: 32 additions & 0 deletions assets/queries/azureResourceManager/aks_cluster_rbac_disabled/test/negative1.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
enableRBAC: true
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
}
}
Loading

0 comments on commit 0d17407

Please sign in to comment.