Skip to content

Commit b1c3c80

Browse files
GeekMasherGeekMasher
committed
feat(ast): Add resource declaration retrieval to Resource class and update variable handling
1 parent 282a84f commit b1c3c80

File tree

3 files changed

+36
-3
lines changed

3 files changed

+36
-3
lines changed

ql/lib/codeql/bicep/ast/Resources.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,8 @@ class Resource extends TResource {
9696

9797
Identifier getIdentifier() { result = resource.getIdentifier() }
9898

99+
ResourceDeclaration getResourceDeclaration() { result = resource }
100+
99101
string getName() {
100102
exists(StringLiteral name |
101103
name = resource.getProperty("name") and

ql/lib/codeql/bicep/ast/Variables.qll

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,11 @@ private predicate variableDecl(AstNode node, string name) {
3838
node = vardelc
3939
)
4040
or
41+
exists(Resource resource |
42+
resource.getIdentifier().getName() = name and
43+
node = resource.getResourceDeclaration()
44+
)
45+
or
4146
exists(OutputDeclaration output |
4247
output.getIdentifier().getName() = name and
4348
node = output
@@ -75,9 +80,9 @@ class Variable extends MkVariable {
7580
Type getType() {
7681
result = this.getParameter().getType()
7782
or
78-
result = this.getOutput().getType()
83+
result = this.getOutput().getType()
7984
}
80-
85+
8186
/**
8287
* Gets the parameter of this variable, if any.
8388
*/
@@ -167,6 +172,8 @@ class VariableWriteAccess extends VariableAccess {
167172
// SET
168173
this.getAstNode().getParent() instanceof VariableDeclaration
169174
or
175+
this.getAstNode().getParent() instanceof ResourceDeclaration
176+
or
170177
// Output
171178
this.getAstNode().getParent() instanceof OutputDeclaration
172179
}
@@ -193,7 +200,7 @@ cached
193200
private module Cached {
194201
cached
195202
newtype TVariable =
196-
TResource(Resource resource, string name) { resource.getName() = name } or
203+
TResource(Resource resource, string name) { resource.getIdentifier().getName() = name } or
197204
TVariableDecl(VariableDeclaration varDecl, string name) {
198205
varDecl.getIdentifier().getName() = name
199206
} or

ql/test/library-tests/ast/Variables.expected

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
variables
22
| conditions.bicep:1:1:1:39 | Variable[enableStorageAccount] |
33
| conditions.bicep:2:1:2:54 | Variable[storageAccountName] |
4+
| conditions.bicep:4:1:12:1 | Variable[storageAccount] |
45
| data.bicep:2:1:6:1 | Variable[multiLineArray] |
56
| data.bicep:8:1:8:43 | Variable[singleLineArray] |
67
| data.bicep:10:1:11:10 | Variable[mixedArray] |
@@ -29,11 +30,17 @@ variables
2930
| sample.bicep:7:1:7:36 | Variable[subnetName] |
3031
| sample.bicep:8:1:8:40 | Variable[publicIpName] |
3132
| sample.bicep:9:1:9:30 | Variable[nicName] |
33+
| sample.bicep:11:1:21:1 | Variable[storageAccount] |
34+
| sample.bicep:23:1:41:1 | Variable[vnet] |
35+
| sample.bicep:43:1:49:1 | Variable[publicIp] |
36+
| sample.bicep:51:1:70:1 | Variable[nic] |
37+
| sample.bicep:72:1:103:1 | Variable[vm] |
3238
variableAccess
3339
| conditions.bicep:1:1:1:39 | Variable[enableStorageAccount] | conditions.bicep:1:7:1:26 | VariableAccess[enableStorageAccount] |
3440
| conditions.bicep:1:1:1:39 | Variable[enableStorageAccount] | conditions.bicep:4:78:4:97 | VariableAccess[enableStorageAccount] |
3541
| conditions.bicep:2:1:2:54 | Variable[storageAccountName] | conditions.bicep:2:7:2:24 | VariableAccess[storageAccountName] |
3642
| conditions.bicep:2:1:2:54 | Variable[storageAccountName] | conditions.bicep:5:9:5:26 | VariableAccess[storageAccountName] |
43+
| conditions.bicep:4:1:12:1 | Variable[storageAccount] | conditions.bicep:4:10:4:23 | VariableAccess[storageAccount] |
3744
| data.bicep:13:1:13:28 | Variable[exampleArray] | data.bicep:14:27:14:38 | VariableAccess[exampleArray] |
3845
| data.bicep:13:1:13:28 | Variable[exampleArray] | data.bicep:15:27:15:38 | VariableAccess[exampleArray] |
3946
| data.bicep:13:1:13:28 | Variable[exampleArray] | data.bicep:18:28:18:39 | VariableAccess[exampleArray] |
@@ -76,6 +83,14 @@ variableAccess
7683
| sample.bicep:8:1:8:40 | Variable[publicIpName] | sample.bicep:44:9:44:20 | VariableAccess[publicIpName] |
7784
| sample.bicep:9:1:9:30 | Variable[nicName] | sample.bicep:9:7:9:13 | VariableAccess[nicName] |
7885
| sample.bicep:9:1:9:30 | Variable[nicName] | sample.bicep:52:9:52:15 | VariableAccess[nicName] |
86+
| sample.bicep:11:1:21:1 | Variable[storageAccount] | sample.bicep:11:10:11:23 | VariableAccess[storageAccount] |
87+
| sample.bicep:23:1:41:1 | Variable[vnet] | sample.bicep:23:10:23:13 | VariableAccess[vnet] |
88+
| sample.bicep:23:1:41:1 | Variable[vnet] | sample.bicep:60:17:60:20 | VariableAccess[vnet] |
89+
| sample.bicep:43:1:49:1 | Variable[publicIp] | sample.bicep:43:10:43:17 | VariableAccess[publicIp] |
90+
| sample.bicep:43:1:49:1 | Variable[publicIp] | sample.bicep:64:17:64:24 | VariableAccess[publicIp] |
91+
| sample.bicep:51:1:70:1 | Variable[nic] | sample.bicep:51:10:51:12 | VariableAccess[nic] |
92+
| sample.bicep:51:1:70:1 | Variable[nic] | sample.bicep:98:15:98:17 | VariableAccess[nic] |
93+
| sample.bicep:72:1:103:1 | Variable[vm] | sample.bicep:72:10:72:11 | VariableAccess[vm] |
7994
variableRead
8095
| conditions.bicep:4:78:4:97 | VariableAccess[enableStorageAccount] |
8196
| conditions.bicep:5:9:5:26 | VariableAccess[storageAccountName] |
@@ -96,6 +111,8 @@ variableRead
96111
| sample.bicep:52:9:52:15 | VariableAccess[nicName] |
97112
| sample.bicep:53:3:53:10 | VariableAccess[location] |
98113
| sample.bicep:53:13:53:20 | VariableAccess[location] |
114+
| sample.bicep:60:17:60:20 | VariableAccess[vnet] |
115+
| sample.bicep:64:17:64:24 | VariableAccess[publicIp] |
99116
| sample.bicep:73:9:73:14 | VariableAccess[vmName] |
100117
| sample.bicep:74:3:74:10 | VariableAccess[location] |
101118
| sample.bicep:74:13:74:20 | VariableAccess[location] |
@@ -104,9 +121,11 @@ variableRead
104121
| sample.bicep:81:22:81:34 | VariableAccess[adminUsername] |
105122
| sample.bicep:82:7:82:19 | VariableAccess[adminPassword] |
106123
| sample.bicep:82:22:82:34 | VariableAccess[adminPassword] |
124+
| sample.bicep:98:15:98:17 | VariableAccess[nic] |
107125
variableWrite
108126
| conditions.bicep:1:7:1:26 | VariableAccess[enableStorageAccount] |
109127
| conditions.bicep:2:7:2:24 | VariableAccess[storageAccountName] |
128+
| conditions.bicep:4:10:4:23 | VariableAccess[storageAccount] |
110129
| data.bicep:14:8:14:19 | VariableAccess[firstElement] |
111130
| data.bicep:15:8:15:19 | VariableAccess[thirdElement] |
112131
| data.bicep:18:8:18:20 | VariableAccess[secondElement] |
@@ -124,3 +143,8 @@ variableWrite
124143
| sample.bicep:7:7:7:16 | VariableAccess[subnetName] |
125144
| sample.bicep:8:7:8:18 | VariableAccess[publicIpName] |
126145
| sample.bicep:9:7:9:13 | VariableAccess[nicName] |
146+
| sample.bicep:11:10:11:23 | VariableAccess[storageAccount] |
147+
| sample.bicep:23:10:23:13 | VariableAccess[vnet] |
148+
| sample.bicep:43:10:43:17 | VariableAccess[publicIp] |
149+
| sample.bicep:51:10:51:12 | VariableAccess[nic] |
150+
| sample.bicep:72:10:72:11 | VariableAccess[vm] |

0 commit comments

Comments
 (0)