diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/AKS.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/AKS.qll index 15c8886..ca4936f 100644 --- a/ql/lib/codeql/bicep/frameworks/Microsoft/AKS.qll +++ b/ql/lib/codeql/bicep/frameworks/Microsoft/AKS.qll @@ -6,7 +6,7 @@ module AKS { * Represents a Microsoft.ContainerService/managedClusters resource (AKS) in a Bicep file. * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters */ - class ManagedContainerResource extends Resource { + class ManagedContainerResource extends AzureResource { /** * Constructs a ManagedContainerResource for Microsoft.ContainerService/managedClusters resources. */ @@ -158,11 +158,6 @@ module AKS { */ Expr getStorageProfile() { result = this.getProperty("storageProfile") } - /** - * Gets the SKU for the cluster. - */ - Sku getSku() { result = this.getProperty("sku") } - /** * Gets the tags for the cluster. */ diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/Cache.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/Cache.qll index 1b8c0d8..4be206a 100644 --- a/ql/lib/codeql/bicep/frameworks/Microsoft/Cache.qll +++ b/ql/lib/codeql/bicep/frameworks/Microsoft/Cache.qll @@ -2,7 +2,7 @@ private import bicep private import codeql.bicep.Concepts module Cache { - abstract class CacheResource extends Resource { } + abstract class CacheResource extends AzureResource { } /** * Represents an Azure Cache for Redis resource. @@ -22,11 +22,6 @@ module Cache { result = this.getProperties().getProperty("redisConfiguration") } - /** - * Returns the SKU of the Redis cache. - */ - Sku getSku() { result = this.getProperty("sku") } - /** * Returns the Redis version. */ diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/Compute.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/Compute.qll index 1f18576..8c3826a 100644 --- a/ql/lib/codeql/bicep/frameworks/Microsoft/Compute.qll +++ b/ql/lib/codeql/bicep/frameworks/Microsoft/Compute.qll @@ -8,7 +8,7 @@ module Compute { * Represents a generic Microsoft.Compute resource. * Matches any resource of type Microsoft.Compute/*. */ - class ComputeResource extends Resource { + class ComputeResource extends AzureResource { /** * Constructs a ComputeResource for any Microsoft.Compute resource type. */ diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/Containers.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/Containers.qll index 4d9cfd1..8fea5b4 100644 --- a/ql/lib/codeql/bicep/frameworks/Microsoft/Containers.qll +++ b/ql/lib/codeql/bicep/frameworks/Microsoft/Containers.qll @@ -5,7 +5,7 @@ module Containers { * Represents a Microsoft.ContainerApp/containerApps resource (2025-02-02-preview). * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.app/containerapps */ - class ContainerResource extends Resource { + class ContainerResource extends AzureResource { /** * Constructs a ContainerResource for Microsoft.App/containerApps resources. */ @@ -73,20 +73,13 @@ module Containers { Network::CorsPolicy getCorsPolicy() { result = this.getNetworkIngress().getCorsPolicy() } - /** - * Returns the SKU object for the container registry resource. - */ - Sku getSku() { result = this.getProperty("sku") } - - Tags getTags() { result = this.getProperty("tags") } - /** * Returns a string representation of the container app resource. */ override string toString() { result = "ContainerResource" } } - class ContainerRegistry extends Resource { + class ContainerRegistry extends AzureResource { /** * Constructs a ContainerRegistry for Microsoft.ContainerRegistry/containerRegistries resources (2025-02-02-preview). */ @@ -94,13 +87,6 @@ module Containers { this.getResourceType().regexpMatch("^Microsoft.ContainerRegistry/registries@.*$") } - /** - * Returns the SKU object for the container registry resource. - */ - Sku getSku() { result = this.getProperty("sku") } - - Tags getTags() { result = this.getProperty("tags") } - override string toString() { result = "ContainerRegistry" } } diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/Databases.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/Databases.qll index 3e3bbd3..180cc95 100644 --- a/ql/lib/codeql/bicep/frameworks/Microsoft/Databases.qll +++ b/ql/lib/codeql/bicep/frameworks/Microsoft/Databases.qll @@ -6,7 +6,7 @@ module Databases { * Base class for all database resources in Azure. * Provides common properties and methods for Azure database resources. */ - abstract class DatabaseResource extends Resource { + abstract class DatabaseResource extends AzureResource { /** * Returns the type of the database resource (e.g., sql, postgresql, etc). */ diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/General.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/General.qll index b9b4d64..3736021 100644 --- a/ql/lib/codeql/bicep/frameworks/Microsoft/General.qll +++ b/ql/lib/codeql/bicep/frameworks/Microsoft/General.qll @@ -1,11 +1,55 @@ +/** + * General resource property helpers for Azure resources in Bicep. + * + * Provides common property accessors for location, SKU, and tags. + * + * Classes: + * - AzureResource: Abstract base for Azure resources, provides access to location, SKU, and tags. + * - ResourceProperties: Abstract base for resource property objects. + * - Sku: Represents the SKU of a resource, with access to name and tier. + * - Tags: Represents the tags of a resource, with access to tag values by key. + */ private import bicep +/** + * Abstract base class for Azure resources in Bicep. + * Provides accessors for common resource properties such as location, SKU, and tags. + */ +abstract class AzureResource extends Resource { + /** + * Gets the location of the resource as a string value. + * @return The Azure region/location of the resource (e.g., "eastus"). + */ + string resourceLocation() { result = this.getProperty("location").(StringLiteral).getValue() } + + /** + * Gets the SKU object for the resource. + * @return The SKU object representing the resource's SKU. + */ + Sku getSku() { result = this.getProperty("sku") } + + /** + * Gets the Tags object for the resource. + * @return The Tags object representing the resource's tags. + */ + Tags getTags() { result = this.getProperty("tags") } +} + +/** + * Abstract base class for resource property objects. + * Can be extended to provide additional property accessors for specific resource types. + */ abstract class ResourceProperties extends Object { - string toString() { - result = super.toString() - } + /** + * Returns a string representation of the resource properties object. + */ + string toString() { result = super.toString() } } +/** + * Represents the SKU of an Azure resource. + * Provides access to the SKU name and tier. + */ class Sku extends Object { private Resource resource; @@ -14,19 +58,37 @@ class Sku extends Object { */ Sku() { this = resource.getProperty("sku") } + /** + * Gets the SKU name as a StringLiteral. + * @return The SKU name property as a StringLiteral. + */ + StringLiteral getName() { result = this.getProperty("name") } + /** * Returns the SKU name (e.g., Basic, Standard, Premium). + * @return The SKU name as a string. + */ + string name() { result = this.getName().getValue() } + + /** + * Gets the SKU tier as a StringLiteral. + * @return The SKU tier property as a StringLiteral. */ - string getName() { result = this.getProperty("name").(StringLiteral).getValue() } + StringLiteral getTier() { result = this.getProperty("tier") } /** * Returns the SKU tier (e.g., Basic, Standard, Premium). + * @return The SKU tier as a string. */ - string getTier() { result = this.getProperty("tier").(StringLiteral).getValue() } + string tier() { result = this.getTier().getValue() } string toString() { result = "SKU" } } +/** + * Represents the tags of an Azure resource. + * Provides access to tag values by key. + */ class Tags extends Object { private Resource resource; @@ -36,7 +98,9 @@ class Tags extends Object { Tags() { this = resource.getProperty("tags") } /** - * Returns the value of a tag by its key. + * Gets the value of a tag by its key. + * @param key The tag key to look up. + * @return The value of the tag as a Literals object, or undefined if not present. */ Literals getTag(string key) { result = this.getProperty(key) } diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/KeyVault.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/KeyVault.qll index 6e9334b..a734581 100644 --- a/ql/lib/codeql/bicep/frameworks/Microsoft/KeyVault.qll +++ b/ql/lib/codeql/bicep/frameworks/Microsoft/KeyVault.qll @@ -6,7 +6,7 @@ module KeyVault { * Represents a Microsoft.KeyVault resource in a Bicep file. * Provides access to Key Vault properties, access policies, and network ACLs. */ - class VaultResource extends Resource { + class VaultResource extends AzureResource { /** * Constructs a VaultResource for any Microsoft.KeyVault resource type. * Matches resources with type starting with "Microsoft.KeyVault/". diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/Network.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/Network.qll index 7553b3e..a4c8d6f 100644 --- a/ql/lib/codeql/bicep/frameworks/Microsoft/Network.qll +++ b/ql/lib/codeql/bicep/frameworks/Microsoft/Network.qll @@ -5,7 +5,7 @@ module Network { * Represents a generic Microsoft.Network resource. * Matches any resource of type Microsoft.Network/*. */ - class NetworkResource extends Resource { + class NetworkResource extends AzureResource { /** * Constructs a NetworkResource for any Microsoft.Network resource type. */ @@ -103,7 +103,7 @@ module Network { /** * Represents a Microsoft.Network/virtualNetworks/subnets resource. */ - class VirtualNetworkSubnets extends Resource { + class VirtualNetworkSubnets extends AzureResource { /** * Constructs a VirtualNetworkSubnets resource. */ diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/Storage.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/Storage.qll index a1e498f..783b35e 100644 --- a/ql/lib/codeql/bicep/frameworks/Microsoft/Storage.qll +++ b/ql/lib/codeql/bicep/frameworks/Microsoft/Storage.qll @@ -6,7 +6,7 @@ module Storage { * Provides access to storage account properties, kind, network ACLs, and SKU. * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts */ - class StorageAccounts extends Resource { + class StorageAccounts extends AzureResource { /** * Constructs a StorageAccounts resource. */ @@ -33,11 +33,6 @@ module Storage { */ Network::NetworkAcl getNetworkAcls() { result = this.getProperties().getNetworkAcls() } - /** - * Gets the SKU for the storage account. - */ - Sku getSku() { result = this.getProperty("sku") } - override string toString() { result = "StorageAccount[" + this.getName() + "]" } } @@ -46,7 +41,7 @@ module Storage { * Provides access to disk properties, encryption, zones, and disk pools. * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/disks */ - class Disks extends Resource { + class Disks extends AzureResource { /** * Constructs a Disks resource. */ @@ -107,7 +102,7 @@ module Storage { * Provides access to disk pool properties, attached disks, and SKU. * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.storagepool/diskpools */ - class DiskPools extends Resource { + class DiskPools extends AzureResource { /** * Constructs a DiskPools resource. */ @@ -130,11 +125,6 @@ module Storage { ) } - /** - * Gets the SKU for the disk pool. - */ - Sku getSku() { result = this.getProperty("sku") } - override string toString() { result = "DiskPools" } } @@ -143,7 +133,7 @@ module Storage { * Provides access to container properties and public access settings. * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts/blobservices/containers */ - class BlobServiceContainers extends Resource { + class BlobServiceContainers extends AzureResource { /** * Constructs a BlobServiceContainers resource. */