diff --git a/rules/S6656/azureresourcemanager/rule.adoc b/rules/S6656/azureresourcemanager/rule.adoc index 66d4d8341b2..7af19c8128d 100644 --- a/rules/S6656/azureresourcemanager/rule.adoc +++ b/rules/S6656/azureresourcemanager/rule.adoc @@ -18,4 +18,28 @@ include::how-to-fix-it/arm.adoc[] === Standards * https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor -* https://cwe.mitre.org/data/definitions/532[MITRE, CWE-532] - Insertion of Sensitive Information into Log File \ No newline at end of file +* https://cwe.mitre.org/data/definitions/532[MITRE, CWE-532] - Insertion of Sensitive Information into Log File + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +=== Message +==== Primary Message +Change this code to not use an outer expression evaluation scope in nested templates. + +==== Secondary Message +This secure parameter is leaked through the deployment history. + +=== Highlighting +==== Primary Highlight +If `properties.expressionEvaluationOptions.scope` is set to an incorrect value, then highlight the `properties.expressionEvaluationOptions.scope` property. + +If `properties.expressionEvaluationOptions.scope` or `properties.expressionEvaluationOptions` is not set at all, then highlight `properties` entirely (of the `"Microsoft.Resources/deployments"` resource where it should be set.) + +==== Secondary Highlight +Highlight the secure parameter in the nested template that is at risk here. + +endif::env-github,rspecator-view[] \ No newline at end of file