Merge pull request #7041 from Checkmarx/feature/kicsbot-update-querie…

…s-docs docs(queries): update queries catalog
Checkmarx · Jun 12, 2024 · 0dbe0c5 · 0dbe0c5
2 parents f565501 + e94d48b
commit 0dbe0c5
Show file tree

Hide file tree

Showing 95 changed files with 11,956 additions and 985 deletions.
diff --git a/docs/queries/all-queries.md b/docs/queries/all-queries.md
diff --git a/docs/queries/azureresourcemanager-queries.md b/docs/queries/azureresourcemanager-queries.md
@@ -21,7 +21,7 @@ This page contains all queries from AzureResourceManager.
 |AKS Cluster Network Policy Not Configured<br/><sup><sub>25c0228e-4444-459b-a2df-93c7df40b7ed</sub></sup>|<span style="color:#ff7213">Medium</span>|Insecure Configurations|<a href="../azureresourcemanager-queries/azure/25c0228e-4444-459b-a2df-93c7df40b7ed" target="_blank">Query details</a><br><a href="https://docs.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?tabs=json#containerservicenetworkprofile-object">Documentation</a><br/>|
 |Website Not Forcing HTTPS<br/><sup><sub>488847ff-6031-487c-bf42-98fd6ac5c9a0</sub></sup>|<span style="color:#ff7213">Medium</span>|Insecure Configurations|<a href="../azureresourcemanager-queries/azure/488847ff-6031-487c-bf42-98fd6ac5c9a0" target="_blank">Query details</a><br><a href="https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=json#siteproperties-object">Documentation</a><br/>|
 |MySQL Server SSL Enforcement Disabled<br/><sup><sub>90120147-f2e7-4fda-bb21-6fa9109afd63</sub></sup>|<span style="color:#ff7213">Medium</span>|Networking and Firewall|<a href="../azureresourcemanager-queries/azure/90120147-f2e7-4fda-bb21-6fa9109afd63" target="_blank">Query details</a><br><a href="https://docs.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers?tabs=json#serverpropertiesforcreate-object">Documentation</a><br/>|
-|Network Security Group With Unrestricted Access To SSH<br/><sup><sub>2ade1579-4b2c-4590-bebb-f99bf597f612</sub></sup>|<span style="color:#ff7213">Medium</span>|Networking and Firewall|<a href="../azureresourcemanager-queries/azure/2ade1579-4b2c-4590-bebb-f99bf597f612" target="_blank">Query details</a><br><a href="https://docs.microsoft.com/en-us/azure/templates/microsoft.network/2020-07-01/networksecuritygroups?tabs=json#securityrulepropertiesformat-object">Documentation</a><br/>|
+|Network Security Group With Unrestricted Access To SSH<br/><sup><sub>2ade1579-4b2c-4590-bebb-f99bf597f612</sub></sup>|<span style="color:#ff7213">Medium</span>|Networking and Firewall|<a href="../azureresourcemanager-queries/azure/2ade1579-4b2c-4590-bebb-f99bf597f612" target="_blank">Query details</a><br><a href="https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networksecuritygroups?pivots=deployment-language-bicep#securityrulepropertiesformat">Documentation</a><br/>|
 |PostgreSQL Database Server Log Checkpoints Disabled<br/><sup><sub>f9112910-c7bb-4864-9f5e-2059ba413bb7</sub></sup>|<span style="color:#ff7213">Medium</span>|Networking and Firewall|<a href="../azureresourcemanager-queries/azure/f9112910-c7bb-4864-9f5e-2059ba413bb7" target="_blank">Query details</a><br><a href="https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/2017-12-01/servers/configurations?tabs=json">Documentation</a><br/>|
 |PostgreSQL Database Server Log Connections Disabled<br/><sup><sub>e69bda39-e1e2-47ca-b9ee-b6531b23aedd</sub></sup>|<span style="color:#ff7213">Medium</span>|Networking and Firewall|<a href="../azureresourcemanager-queries/azure/e69bda39-e1e2-47ca-b9ee-b6531b23aedd" target="_blank">Query details</a><br><a href="https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers/configurations?tabs=json#configurationproperties-object">Documentation</a><br/>|
 |PostgreSQL Database Server SSL Disabled<br/><sup><sub>bf500309-da53-4dd3-bcf7-95f7974545a5</sub></sup>|<span style="color:#ff7213">Medium</span>|Networking and Firewall|<a href="../azureresourcemanager-queries/azure/bf500309-da53-4dd3-bcf7-95f7974545a5" target="_blank">Query details</a><br><a href="https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/2017-12-01/servers?tabs=json">Documentation</a><br/>|

diff --git a/...ries/azureresourcemanager-queries/azure/1367dd13-2c90-4020-80b7-e4339a3dc2c4.md b/...ries/azureresourcemanager-queries/azure/1367dd13-2c90-4020-80b7-e4339a3dc2c4.md
@@ -28,7 +28,25 @@ hide:
 
 ### Code samples
 #### Code samples with security vulnerabilities
-```json title="Positive test num. 1 - json file" hl_lines="19"
+```bicep title="Positive test num. 1 - bicep file" hl_lines="13"
+resource storageaccount1 'Microsoft.Storage/storageAccounts@2021-02-01' = {
+  name: 'storageaccount1'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+  properties: {
+    supportsHttpsTrafficOnly: false
+  }
+}
+
+```
+```json title="Positive test num. 2 - json file" hl_lines="19"
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
@@ -55,7 +73,24 @@ hide:
 }
 
 ```
-```json title="Positive test num. 2 - json file" hl_lines="6"
+```bicep title="Positive test num. 3 - bicep file" hl_lines="2"
+resource storageaccount1Positive2 'Microsoft.Storage/storageAccounts@2017-10-01' = {
+  name: 'storageaccount1Positive2'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+}
+
+```
+<details><summary>Positive test num. 4 - json file</summary>
+
+```json hl_lines="6"
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
@@ -79,7 +114,29 @@ hide:
 }
 
 ```
-```json title="Positive test num. 3 - json file" hl_lines="18"
+</details>
+<details><summary>Positive test num. 5 - bicep file</summary>
+
+```bicep hl_lines="12"
+resource storageaccount1Positive3 'Microsoft.Storage/storageAccounts@2018-02-01' = {
+  name: 'storageaccount1Positive3'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+  properties: {}
+}
+
+```
+</details>
+<details><summary>Positive test num. 6 - json file</summary>
+
+```json hl_lines="18"
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
@@ -104,7 +161,29 @@ hide:
 }
 
 ```
-<details><summary>Positive test num. 4 - json file</summary>
+</details>
+<details><summary>Positive test num. 7 - bicep file</summary>
+
+```bicep hl_lines="13"
+resource storageaccount1 'Microsoft.Storage/storageAccounts@2021-02-01' = {
+  name: 'storageaccount1'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+  properties: {
+    supportsHttpsTrafficOnly: false
+  }
+}
+
+```
+</details>
+<details><summary>Positive test num. 8 - json file</summary>
 
 ```json hl_lines="21"
 {
@@ -142,7 +221,25 @@ hide:
 
 ```
 </details>
-<details><summary>Positive test num. 5 - json file</summary>
+<details><summary>Positive test num. 9 - bicep file</summary>
+
+```bicep hl_lines="2"
+resource storageaccount1Positive2 'Microsoft.Storage/storageAccounts@2017-10-01' = {
+  name: 'storageaccount1Positive2'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+}
+
+```
+</details>
+<details><summary>Positive test num. 10 - json file</summary>
 
 ```json hl_lines="8"
 {
@@ -177,7 +274,26 @@ hide:
 
 ```
 </details>
-<details><summary>Positive test num. 6 - json file</summary>
+<details><summary>Positive test num. 11 - bicep file</summary>
+
+```bicep hl_lines="12"
+resource storageaccount1Positive3 'Microsoft.Storage/storageAccounts@2018-02-01' = {
+  name: 'storageaccount1Positive3'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+  properties: {}
+}
+
+```
+</details>
+<details><summary>Positive test num. 12 - json file</summary>
 
 ```json hl_lines="20"
 {
@@ -216,7 +332,25 @@ hide:
 
 
 #### Code samples without security vulnerabilities
-```json title="Negative test num. 1 - json file"
+```bicep title="Negative test num. 1 - bicep file"
+resource storageaccount1Negative1 'Microsoft.Storage/storageAccounts@2021-02-01' = {
+  name: 'storageaccount1Negative1'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+  properties: {
+    supportsHttpsTrafficOnly: true
+  }
+}
+
+```
+```json title="Negative test num. 2 - json file"
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
@@ -243,7 +377,25 @@ hide:
 }
 
 ```
-```json title="Negative test num. 2 - json file"
+```bicep title="Negative test num. 3 - bicep file"
+resource storageaccount1Positive3 'Microsoft.Storage/storageAccounts@2019-06-01' = {
+  name: 'storageaccount1Positive3'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+  properties: {}
+}
+
+```
+<details><summary>Negative test num. 4 - json file</summary>
+
+```json
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
@@ -268,7 +420,31 @@ hide:
 }
 
 ```
-```json title="Negative test num. 3 - json file"
+</details>
+<details><summary>Negative test num. 5 - bicep file</summary>
+
+```bicep
+resource storageaccount1Negative1 'Microsoft.Storage/storageAccounts@2021-02-01' = {
+  name: 'storageaccount1Negative1'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+  properties: {
+    supportsHttpsTrafficOnly: true
+  }
+}
+
+```
+</details>
+<details><summary>Negative test num. 6 - json file</summary>
+
+```json
 {
   "properties": {
     "template": {
@@ -303,7 +479,27 @@ hide:
 }
 
 ```
-<details><summary>Negative test num. 4 - json file</summary>
+</details>
+<details><summary>Negative test num. 7 - bicep file</summary>
+
+```bicep
+resource storageaccount1Positive3 'Microsoft.Storage/storageAccounts@2019-06-01' = {
+  name: 'storageaccount1Positive3'
+  tags: {
+    displayName: 'storageaccount1'
+  }
+  location: resourceGroup().location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Premium_LRS'
+    tier: 'Premium'
+  }
+  properties: {}
+}
+
+```
+</details>
+<details><summary>Negative test num. 8 - json file</summary>
 
 ```json
 {