feat: Add docs

GeekMasher · GeekMasher · commit e3f59eb66571 · 2025-06-12T12:59:42.000+01:00
diff --git a/ql/lib/codeql/bicep/frameworks/Microsoft/Storage.qll b/ql/lib/codeql/bicep/frameworks/Microsoft/Storage.qll
@@ -39,7 +39,7 @@ module Storage {
 
   /**
    * Represents a resource of type Microsoft.Compute/disks in Bicep.
-   * Provides access to disk pools and disk properties.
+   * Provides access to disk properties, encryption, zones, and disk pools.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/disks
    */
   class Disks extends Resource {
@@ -48,12 +48,21 @@ module Storage {
      */
     Disks() { this.getResourceType().regexpMatch("^Microsoft.Compute/disks@.*") }
 
+    /**
+     * Gets the properties object for the disk.
+     */
     DisksProperties::Properties getProperties() { result = this.getProperty("properties") }
 
+    /**
+     * Gets the zones for the disk as an array of strings.
+     */
     StringLiteral getZones() {
       result = this.getProperty("zones").(Array).getElements()
     }
-  
+
+    /**
+     * Gets the encryption settings for the disk.
+     */
     DisksProperties::EncryptionSettings getEncryptionSettings() {
       result = this.getProperties().getEncryptionSettings()
     }
@@ -66,15 +75,24 @@ module Storage {
     override string toString() { result = "Disks" }
   }
 
+  /**
+   * Represents a public disk resource where blob public access is enabled.
+   */
   private class PublicDisks extends PublicResource {
     private StorageAccounts accounts;
 
+    /**
+     * Constructs a PublicDisks resource if blob public access is enabled.
+     */
     PublicDisks() {
       accounts.getProperties().allowBlobPublicAccess() = true
       and
       this = accounts
     }
 
+    /**
+     * Gets the property indicating public access for the disk.
+     */
     override Expr getPublicAccessProperty() { 
       result = accounts.getProperties().getAllowBlobPublicAccess()
     }
@@ -151,28 +169,61 @@ module Storage {
     class Properties extends ResourceProperties {
       private StorageAccounts storageAccounts;
 
+      /**
+       * Constructs a Properties object for storage accounts.
+       */
       Properties() { this = storageAccounts.getProperty("properties") }
 
+      /**
+       * Gets the minimum TLS version for the storage account.
+       */
       StringLiteral getMinimumTlsVersion() { result = this.getProperty("minimumTlsVersion") }
 
+      /**
+       * Gets the minimum TLS version as a string.
+       */
       string minimumTlsVersion() { result = this.getMinimumTlsVersion().getValue() }
 
+      /**
+       * Gets the property indicating whether blob public access is allowed.
+       */
       Boolean getAllowBlobPublicAccess() { result = this.getProperty("allowBlobPublicAccess") }
 
+      /**
+       * Gets whether blob public access is allowed as a boolean.
+       */
       boolean allowBlobPublicAccess() { result = this.getAllowBlobPublicAccess().getBool() }
 
+      /**
+       * Gets the property indicating whether HTTPS traffic is supported only.
+       */
       Boolean getSupportsHttpsTrafficOnly() {
         result = this.getProperty("supportsHttpsTrafficOnly")
       }
 
+      /**
+       * Gets the network ACLs for the storage account.
+       */
       Network::NetworkAcl getNetworkAcls() { result = this.getProperty("networkAcls") }
 
+      /**
+       * Gets the access tier for the storage account.
+       */
       StringLiteral getAccessTier() { result = this.getProperty("accessTier") }
 
+      /**
+       * Gets the access tier as a string.
+       */
       string accessTier() { result = this.getAccessTier().getValue() }
 
+      /**
+       * Gets the property indicating whether hierarchical namespace is enabled.
+       */
       Boolean getIsHnsEnabled() { result = this.getProperty("isHnsEnabled") }
 
+      /**
+       * Gets whether hierarchical namespace is enabled as a boolean.
+       */
       boolean isHnsEnabled() { result = this.getIsHnsEnabled().getBool() }
 
       /**
@@ -181,6 +232,9 @@ module Storage {
        */
       boolean supportsHttpsTrafficOnly() { result = this.getSupportsHttpsTrafficOnly().getBool() }
 
+      /**
+       * Converts the properties object to a string representation.
+       */
       string toString() { result = "StorageAccountsProperties" }
     }
   }
@@ -193,34 +247,67 @@ module Storage {
     class Properties extends ResourceProperties {
       private Disks disks;
 
+      /**
+       * Constructs a Properties object for disks.
+       */
       Properties() { this = disks.getProperty("properties") }
 
+      /**
+       * Gets the encryption settings for the disk.
+       */
       EncryptionSettings getEncryptionSettings() {
         result = this.getProperty("encryption")
       }
 
+      /**
+       * Gets whether encryption is enabled for the disk.
+       */
       boolean getEncryptionEnabled() {
         result = this.getEncryptionSettings().getProperty("enabled").(Boolean).getBool()
       }
 
+      /**
+       * Gets the size of the disk in GB.
+       */
       Number getDiskSizeGB() { result = this.getProperty("diskSizeGB") }
 
+      /**
+       * Converts the properties object to a string representation.
+       */
       string toString() { result = "DiskProperties" }
     }
 
+    /**
+     * Represents the encryption settings object for disks in Bicep.
+     */
     class EncryptionSettings extends Object {
       private Object encryptionSettings;
 
+      /**
+       * Constructs an EncryptionSettings object for disks.
+       */
       EncryptionSettings() { this = encryptionSettings.getProperty("encryption") }
 
+      /**
+       * Gets the type of encryption used for the disk.
+       */
       StringLiteral getType() { result = this.getProperty("type") }
 
+      /**
+       * Gets whether encryption is enabled for the disk.
+       */
       boolean isEncryptionEnabled() { result = this.getProperty("enabled").(Boolean).getBool() }
 
+      /**
+       * Gets the URI of the key vault key used for encryption.
+       */
       string getKeyVaultKeyUri() {
         result = this.getProperty("keyVaultKeyUri").(StringLiteral).getValue()
       }
 
+      /**
+       * Converts the encryption settings object to a string representation.
+       */
       string toString() { result = "DiskEncryptionSettings" }
     }
   }
@@ -233,24 +320,51 @@ module Storage {
     class Properties extends ResourceProperties {
       private DiskPools diskPools;
 
+      /**
+       * Constructs a Properties object for disk pools.
+       */
       Properties() { this = diskPools.getProperty("properties") }
 
+      /**
+       * Gets the provisioning state of the disk pool.
+       */
       StringLiteral getProvisioningState() { result = this.getProperty("provisioningState") }
 
+      /**
+       * Gets the references to disks attached to the disk pool.
+       */
       DiskRef getDisksRef() { result = this.getProperty("disks").(Array).getElements() }
 
+      /**
+       * Converts the properties object to a string representation.
+       */
       string toString() { result = "DiskPoolProperties" }
     }
 
+    /**
+     * Represents a reference to a disk in a disk pool.
+     */
     class DiskRef extends Object {
       private Properties properties;
 
+      /**
+       * Constructs a DiskRef object for a disk in a disk pool.
+       */
       DiskRef() { this = properties.getProperty("disks").(Array).getElements() }
 
+      /**
+       * Gets the ID of the disk reference.
+       */
       MemberExpression getId() { result = this.getProperty("id") }
 
+      /**
+       * Gets the ID of the disk reference as a string.
+       */
       string id() { result = this.getId().getNamespace().getName() }
 
+      /**
+       * Converts the disk reference object to a string representation.
+       */
       string toString() { result = "DiskRef" }
     }
   }
