Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

secure-secrets-in-params: Flag insecure references to secure params #16251

Merged
merged 1 commit into from
Jan 31, 2025

Conversation

anthony-c-martin
Copy link
Member

@anthony-c-martin anthony-c-martin commented Jan 31, 2025

Ensure insecure param default value references to secure parameters are flagged in secure-secrets-in-params linter rule.

Example bicep code that would be flagged by this change:

@secure()
param secureParam string

param insecurePa|ram string = secureParam

Closes #15835

@anthony-c-martin anthony-c-martin changed the title Ensure insecure param default value references to secure parameters a… secure-secrets-in-params: Flag insecure references to secure params Jan 31, 2025
@anthony-c-martin anthony-c-martin changed the title secure-secrets-in-params: Flag insecure references to secure params secure-secrets-in-params: Flag insecure references to secure params Jan 31, 2025
Copy link
Contributor

github-actions bot commented Jan 31, 2025

Test this change out locally with the following install scripts (Action run 13078644722)

VSCode
  • Mac/Linux
    bash <(curl -Ls https://aka.ms/bicep/nightly-vsix.sh) --run-id 13078644722
  • Windows
    iex "& { $(irm https://aka.ms/bicep/nightly-vsix.ps1) } -RunId 13078644722"
Azure CLI
  • Mac/Linux
    bash <(curl -Ls https://aka.ms/bicep/nightly-cli.sh) --run-id 13078644722
  • Windows
    iex "& { $(irm https://aka.ms/bicep/nightly-cli.ps1) } -RunId 13078644722"

Copy link
Contributor

Dotnet Test Results

    75 files   -     42      75 suites   - 42   31m 27s ⏱️ - 16m 12s
11 711 tests  -     12  11 711 ✅  -     12  0 💤 ±0  0 ❌ ±0 
27 180 runs   - 13 582  27 180 ✅  - 13 582  0 💤 ±0  0 ❌ ±0 

Results for commit 7442fb8. ± Comparison against base commit 497f9c9.

This pull request removes 1787 and adds 612 tests. Note that renamed tests count towards both.

		nestedProp1: 1
		nestedProp2: 2
		prop1: true
		prop2: false
	1
	2
	\$'")
	prop1: true
	prop2: false
…
Bicep.Core.IntegrationTests.AzTypesViaRegistryTests ‑ Bicep_compiler_handles_corrupted_extension_package_gracefully (\u001f�\u0008\u0000\u0000\u0000\u0000\u0000\u0000
�Խ
�0\u0010\u0000��>E�\u0003���4V� 8X�*\u0008�\u0012l�
��V(�\uda58\udcf8���G0ߐ!w�K�\u001dq��^':N��p��%�o���h�o�P\u0008�\u001bETI	\u0008��JZ<�J\u0017��1��Al�u�fI\u0000��9S\u000c(���W3\u0013;w���w]]�4���\�[ޤg]�S_�������[�S&��\u0001B�`L2D=iV�G��?���\u0013F��6\�6�]�,���S�dY�e
�\u0005P4Z�\u0000\u000c\u0000\u0000,"'7' is an invalid end of a number. Expected a delimiter. Path: $.INVALID_JSON | LineNumber: 0 | BytePositionInLine: 20.")
Bicep.Core.IntegrationTests.AzTypesViaRegistryTests ‑ Bicep_compiler_handles_corrupted_extension_package_gracefully (\u001f�\u0008\u0000\u0000\u0000\u0000\u0000\u0000
��K
�0\u0010\u0006�=E�\u0001b�M#t�Fp�\u0001b;b���V(�w7]��\u00167}\u0008�[f\u00062I�C�{�n��P�D0��\u0004��:����\u001d&5b��"��b\u0008�v�Iz���Vn�9��A<¶�r��\u0016���3JL���f�j�P�\u0019\��\u001cgE
-�Է�kχڗ>�7��~�]ѷ�S!��\u0003�f�s�\u0011
�\u0012.��d������������t\u0007�\u0011�`�O�Z�s��<���\u00006\u0004��\u0000\u000c\u0000\u0000,"Value cannot be null. (Parameter 'source')")
Bicep.Core.IntegrationTests.AzTypesViaRegistryTests ‑ Bicep_compiler_handles_corrupted_extension_package_gracefully (\u001f�\u0008\u0000\u0000\u0000\u0000\u0000\u0000
��K\u000e�0\u0010\u0006�=\u0005'(���\u0005{�^�Q\u0012\u001f�\u0018\u001e��xw���\u0005�
�����N:m��xo�]n�yUK
\u0006c)榼�ht}\u0000\u0006\u0004��\u0012�Ͱ;�g�dD[7��,q�\u000f�4�͹�3`�jd\u0004%�dHi���a�\u0006��6��uWWvN^��

�T��\u0017
F��߷��S��B\u0001��@�\u0006}�A'>��d������=A\u0010\u0004A��'\u0004ӑ\u0011\u0000\u000c\u0000\u0000,"The path: index.json was not found in artifact contents")
Bicep.Core.IntegrationTests.AzTypesViaRegistryTests ‑ Bicep_compiler_handles_corrupted_extension_package_gracefully (\u001f�\u0008\u0000\u0000\u0000\u0000\u0000\u0000\u0003�ӽ\u000e�0\u0010\u0007��>\u0005OP�z-����+4J�G(\u0006J$1��e0q�� �����r�\�2��~[�Cٴ���R)�\u0006A����\u0000
�\u0017\u0010�Ƅ�I?�$#���&��D�\u001f����SU\u0016Ȕ�b0(��\u0002�6�n?y����cѹ��oN���
\u0005�T��\u001f�F���[=>�\u001f@	Ԭ\u0019�\u0002���$\u000c�_$�����c�	�(��5<\u00019X��\u0000\u000c\u0000\u0000,"The path: index.json was not found in artifact contents")
Bicep.Core.IntegrationTests.AzTypesViaRegistryTests ‑ Bicep_compiler_handles_corrupted_extension_package_gracefully (\u001f�\u0008\u0000\u0000\u0000\u0000\u0000\u0000\u0003�Խ
�0\u0010\u0007��>E�\u0003��4\u001fV� 8X�*\u0008�\u0012l�
��V(�\uda58\udcf8���C0�19�\u000b���۫z�U��\u0012��\u000b\u000f���!\u0018k=o\u0010&\u0011�o�@rA\u0010r��'i�(+U�Q������QU��H��S	�b\u0000�!�3sw�#�sW�%L�D��Z��<�*���V���
��[��2dv\u0000��Q�\u000c\u0010\u0008΄��(����?�(>.���9�bw�
<�L�eY��^<�{�\u0000\u000c\u0000\u0000,"'7' is an invalid end of a number. Expected a delimiter. Path: $.INVALID_JSON | LineNumber: 0 | BytePositionInLine: 20.")
Bicep.Core.IntegrationTests.AzTypesViaRegistryTests ‑ Bicep_compiler_handles_corrupted_extension_package_gracefully (\u001f�\u0008\u0000\u0000\u0000\u0000\u0000\u0000\u0003���
�0\u000c\u0000��}��\u0007��-]���\u0017��\u000fP��\u00137�:a ���A�lxُ`�c\u0013HJH����\u0016u��a�����ظ\u0015\u0001��w\u0004("�\u001b'\�H\u0010B��;�q7��m+s��AALu�\u0017�\u0008\u0015�a��\u000c\u0018\u0007�\u0000���ҡ�X�J7�$/3l����.�\u0018J_��΀�����m�y\u0008��\u0000P\u0002\u0002{\u000c\u0008���\u0008�β����\u000f�\u001dJl+L\u001b�vX\u001c��6���\u0006�K��8��L�\u0005	6�^\u0000\u000c\u0000\u0000,"Value cannot be null. (Parameter 'source')")
Bicep.Core.IntegrationTests.DecompilationTests ‑ Decompiler_handles_banned_function_replacement ("createArray(1, 2, 3)","array","[
  1
  2
  3
]")
Bicep.Core.IntegrationTests.DecompilationTests ‑ Decompiler_handles_banned_function_replacement ("createObject('key', 'value')","object","{
  key: 'value'
}")
Bicep.Core.IntegrationTests.DecompilationTests ‑ Decompiler_handles_strings_with_newlines ("
","\n")
Bicep.Core.IntegrationTests.DecompilationTests ‑ Decompiler_handles_strings_with_newlines ("
","\r\n")
…

@anthony-c-martin anthony-c-martin merged commit c937393 into main Jan 31, 2025
47 checks passed
@anthony-c-martin anthony-c-martin deleted the ant/issue15835 branch January 31, 2025 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Referencing a secure param in a regular (non-secure) param is not flagged
2 participants