Skip to content

Commit 8763b8c

Browse files
GeekMasherGeekMasher
committed
feat: Update Resource, Databases and add public resource concept
1 parent 98c952e commit 8763b8c

File tree

3 files changed

+35
-4
lines changed

3 files changed

+35
-4
lines changed

ql/lib/codeql/bicep/Concepts.qll

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,12 @@
11
private import codeql.bicep.AST
22
private import codeql.bicep.CFG
3+
4+
/**
5+
* A Public Resource is a resource that is publicly accessible to the Internet.
6+
*/
7+
abstract class PublicResource extends Resource {
8+
/**
9+
* Returns the property that indicates public access.
10+
*/
11+
abstract Expr getPublicAccessProperty();
12+
}

ql/lib/codeql/bicep/ast/Resources.qll

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ private import codeql.Locations
33
private import Expr
44
private import Idents
55
private import Literals
6-
76
private import internal.ResourceDeclaration
87
private import internal.ObjectProperty
98
private import internal.Object
@@ -79,7 +78,6 @@ Resource resolveResource(Expr expr) {
7978
)
8079
}
8180

82-
8381
class Resource extends TResource {
8482
private ResourceDeclaration resource;
8583

@@ -89,10 +87,15 @@ class Resource extends TResource {
8987
exists(StringLiteral sl | sl = resource.getName() | result = sl.getValue())
9088
}
9189

92-
Expr getProperty(string name) {
93-
result = resource.getProperty(name)
90+
string getName() {
91+
exists(StringLiteral name |
92+
name = resource.getProperty("name") and
93+
result = name.getValue()
94+
)
9495
}
9596

97+
Expr getProperty(string name) { result = resource.getProperty(name) }
98+
9699
Resource getParent() { result = resolveResource(this.getProperty("parent")) }
97100

98101
string toString() { result = resource.toString() }

ql/lib/codeql/bicep/frameworks/Microsoft/Databases.qll

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
private import bicep
2+
private import codeql.bicep.Concepts
23

34
module Databases {
45
/**
@@ -28,6 +29,10 @@ module Databases {
2829
result = this.getProperties().getProperty("version").(StringLiteral).getValue()
2930
}
3031

32+
string publicNetworkAccess() {
33+
result = this.getProperties().getProperty("publicNetworkAccess").(StringLiteral).getValue()
34+
}
35+
3136
/**
3237
* Returns the sslEnforcement property of the database resource, if present.
3338
*/
@@ -222,6 +227,19 @@ module Databases {
222227
override string databaseType() { result = "arc-sql-managed-instance" }
223228
}
224229

230+
class PublicDatabaseResource extends PublicResource {
231+
private DatabaseResource database;
232+
233+
PublicDatabaseResource() {
234+
database.publicNetworkAccess() = "Enabled" and
235+
this = database
236+
}
237+
238+
override Expr getPublicAccessProperty() {
239+
result = database.getProperties().getProperty("publicNetworkAccess")
240+
}
241+
}
242+
225243
module DatabaseProperties {
226244
/**
227245
* Represents the properties object for a database resource.

0 commit comments

Comments
 (0)