Skip to content

Commit

Permalink
Modify rule S6656: Add missing message and highlighting info (#2668)
Browse files Browse the repository at this point in the history
## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
  • Loading branch information
egon-okerman-sonarsource authored Jul 31, 2023
1 parent 00dc8d7 commit 9c1875b
Showing 1 changed file with 25 additions and 1 deletion.
26 changes: 25 additions & 1 deletion rules/S6656/azureresourcemanager/rule.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,28 @@ include::how-to-fix-it/arm.adoc[]

=== Standards
* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor
* https://cwe.mitre.org/data/definitions/532[MITRE, CWE-532] - Insertion of Sensitive Information into Log File
* https://cwe.mitre.org/data/definitions/532[MITRE, CWE-532] - Insertion of Sensitive Information into Log File

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message
==== Primary Message
Change this code to not use an outer expression evaluation scope in nested templates.

==== Secondary Message
This secure parameter is leaked through the deployment history.

=== Highlighting
==== Primary Highlight
If `properties.expressionEvaluationOptions.scope` is set to an incorrect value, then highlight the `properties.expressionEvaluationOptions.scope` property.

If `properties.expressionEvaluationOptions.scope` or `properties.expressionEvaluationOptions` is not set at all, then highlight `properties` entirely (of the `"Microsoft.Resources/deployments"` resource where it should be set.)

==== Secondary Highlight
Highlight the secure parameter in the nested template that is at risk here.

endif::env-github,rspecator-view[]

0 comments on commit 9c1875b

Please sign in to comment.