feat: Update resolution support and tests

Author: GeekMasher

ql/lib/codeql/bicep/ast/Expr.qll

@@ -59,9 +59,16 @@ final class LambdaExpression extends Expr instanceof LambdaExpressionImpl { }
  * A MemberExpression expression in the AST.
  */
 class MemberExpression extends Expr instanceof MemberExpressionImpl {
-    Object getObject() { result = super.getObject() }
 
-    Idents getProperty() { result = super.getProperty() }
+    /**
+     * The namespace of the member expression.
+     */
+    Expr getNamespace() { result = MemberExpressionImpl.super.getObject() }
+
+    /**
+     * The member of the member expression.
+     */
+    Idents getName() { result = MemberExpressionImpl.super.getProperty() }
 }
 
 /**

ql/lib/codeql/bicep/ast/Resources.qll

@@ -65,7 +65,7 @@ Resource resolveResource(Expr expr) {
     // {resource.id}.id
     exists(MemberExpr memexpr |
       memexpr = expr.(Object).getProperty("id") and
-      memexpr.getProperty().getName() = resource.getIdentifier().getName()
+      memexpr.getNamespace().(Idents).getName() = resource.getIdentifier().getName()
     |
       result = TResourceDeclaration(resource)
     )
@@ -93,6 +93,8 @@ class Resource extends TResource {
     result = resource.getProperty(name)
   }
 
+  Resource getParent() { result = resolveResource(this.getProperty("parent")) }
+
   string toString() { result = resource.toString() }
 
   string getAPrimaryQlClass() { result = "Resource" }

ql/lib/codeql/bicep/ast/internal/MemberExpression.qll

@@ -8,7 +8,6 @@ private import AstNodes
 private import TreeSitter
 private import codeql.bicep.ast.AstNodes
 private import Expr
-private import Object
 private import PropertyIdentifier
 
 /**
@@ -23,7 +22,7 @@ class MemberExpressionImpl extends TMemberExpression, ExprImpl {
 
   override string toString() { result = ast.toString() }
 
-  ObjectImpl getObject() { toTreeSitter(result) = ast.getObject() }
+  ExprImpl getObject() { toTreeSitter(result) = ast.getObject() }
 
   PropertyIdentifierImpl getProperty() { toTreeSitter(result) = ast.getProperty() }
 }

ql/test/library-tests/resource/Resolve.expected

@@ -0,0 +1,4 @@
+resolveIdentifier
+| sample.bicep:1:1:3:1 | VirtualNetworks Resource | sample.bicep:5:1:8:1 | ResourceDeclaration |
+resolveResource
+| sample.bicep:15:1:28:1 | VirtualMachines Resource | sample.bicep:10:1:13:1 | NetworkInterfaces Resource |

ql/test/library-tests/resource/Resolve.ql

@@ -0,0 +1,9 @@
+import bicep
+
+query predicate resolveIdentifier(Network::VirtualNetworks vn, Network::VirtualNetworkSubnets vns) {
+  vns.getParent() = vn
+}
+
+query predicate resolveResource(Compute::VirtualMachines vm, Network::NetworkInterfaces ni) {
+  ni = vm.getNetworkInterfaces()
+}

ql/test/library-tests/resource/sample.bicep

@@ -0,0 +1,28 @@
+resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = {
+  name: 'vnet'
+}
+
+resource existingSubnet 'Microsoft.Network/virtualNetworks/subnets@2021-02-01' = {
+  parent: vnet
+  name: 'subnet'
+}
+
+resource nic 'Microsoft.Network/networkInterfaces@2021-05-01' = {
+  name: '${name}-nic-${env}'
+  location: location
+}
+
+resource linuxVm 'Microsoft.Compute/virtualMachines@2020-06-01' = {
+  name: '${name}-linux-${env}'
+  location: location
+
+  properties: {
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: nic.id
+        }
+      ]
+    }
+  }
+}

ql/test/queries-tests/security/Storage/SupportHttpTraffic/SupportHttpTraffic.expected

@@ -1 +1,3 @@
-| http-traffic.bicep:35:31:35:35 | false | Supports non-HTTPS traffic for storage accounts. |
+| http-traffic.bicep:35:31:35:35 | false | Supports non-HTTPS traffic for storage accounts. |
+| http-traffic.bicep:35:31:35:35 | false | Supports non-HTTPS traffic for storage accounts. |
+| http-traffic.bicep:35:31:35:35 | false | Supports non-HTTPS traffic for storage accounts. |