SONARIAC-1892 Modify rule S6975: Fix how to fix it section split (#4604)

docs/header_names/allowed_framework_names.adoc

@@ -150,7 +150,7 @@
 * CryptoSwift
 * IDZSwiftCommonCrypto
 // Azure resource manager
-* ARM templates
+* JSON templates
 * Bicep
 // PL/SQL
 * DBMS_CRYPTO

rules/S117/azureresourcemanager/rule.adoc

@@ -10,7 +10,7 @@ include::../why-is-this-an-issue.adoc[]
 
 include::../what-is-the-potential-impact.adoc[]
 
-== How to fix it in ARM templates
+== How to fix it in JSON templates
 
 include::../how-to-fix-it-description.adoc[]
 

rules/S1192/azureresourcemanager/rule.adoc

@@ -6,7 +6,7 @@ include::../description.adoc[]
 
 include::exceptions-arm.adoc[]
 
-== How to fix it in ARM templates
+== How to fix it in JSON templates
 
 include::howtofix-arm.adoc[]
 

rules/S1481/azureresourcemanager/rule.adoc

@@ -1,6 +1,6 @@
 include::../rationale.adoc[]
 
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 The fix for this issue is straightforward.
 Once you ensure the unused variable is not part of an incomplete implementation leading to bugs, you just need to remove it.

rules/S6321/azureresourcemanager/how-to-fix-it/bicep.adoc

@@ -0,0 +1,37 @@
+== How to fix it in Bicep
+
+include::../../common/how-to-fix-it/intro.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,bicep,diff-id=2,diff-type=noncompliant]
+----
+resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = {
+  name: 'securityRules'
+  properties: {
+    direction: 'Inbound'
+    access: 'Allow'
+    protocol: '*'
+    destinationPortRange: '*'
+    sourceAddressPrefix: '*'
+  }
+}
+----
+
+==== Compliant solution
+
+[source,bicep,diff-id=2,diff-type=compliant]
+----
+resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = {
+  name: 'securityRules'
+  properties: {
+    direction: 'Inbound'
+    access: 'Allow'
+    protocol: '*'
+    destinationPortRange: '22'
+    sourceAddressPrefix: '10.0.0.0/24'
+  }
+}
+----

rules/S6321/azureresourcemanager/how-to-fix-it/json.adoc

@@ -0,0 +1,53 @@
+== How to fix it in JSON templates
+
+include::../../common/how-to-fix-it/intro.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,json,diff-id=1,diff-type=noncompliant]
+----
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "resources": [
+    {
+      "name": "networkSecurityGroups/example",
+      "type": "Microsoft.Network/networkSecurityGroups/securityRules",
+      "apiVersion": "2022-11-01",
+      "properties": {
+        "protocol": "*",
+        "destinationPortRange": "*",
+        "sourceAddressPrefix": "*",
+        "access": "Allow",
+        "direction": "Inbound"
+      }
+    }
+  ]
+}
+----
+
+==== Compliant solution
+
+[source,json,diff-id=1,diff-type=compliant]
+----
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "resources": [
+    {
+      "name": "networkSecurityGroups/example",
+      "type": "Microsoft.Network/networkSecurityGroups/securityRules",
+      "apiVersion": "2022-11-01",
+      "properties": {
+          "protocol": "*",
+          "destinationPortRange": "22",
+          "sourceAddressPrefix": "10.0.0.0/24",
+          "access": "Allow",
+          "direction": "Inbound"
+      }
+    }
+  ]
+}
+----

rules/S6321/azureresourcemanager/rule.adoc

@@ -6,87 +6,9 @@ Any firewall rule allowing traffic from all IP addresses to standard network por
 
 include::../impact.adoc[]
 
-== How to fix it
+include::how-to-fix-it/json.adoc[]
 
-include::../common/how-to-fix-it/intro.adoc[]
-
-=== Code examples
-
-==== Noncompliant code example
-
-[source,json,diff-id=1,diff-type=noncompliant]
-----
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "resources": [
-    {
-      "name": "networkSecurityGroups/example",
-      "type": "Microsoft.Network/networkSecurityGroups/securityRules",
-      "apiVersion": "2022-11-01",
-      "properties": {
-        "protocol": "*",
-        "destinationPortRange": "*",
-        "sourceAddressPrefix": "*",
-        "access": "Allow",
-        "direction": "Inbound"
-      }
-    }
-  ]
-}
-----
-
-[source,bicep,diff-id=2,diff-type=noncompliant]
-----
-resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = {
-  name: 'securityRules'
-  properties: {
-    direction: 'Inbound'
-    access: 'Allow'
-    protocol: '*'
-    destinationPortRange: '*'
-    sourceAddressPrefix: '*'
-  }
-}
-----
-
-==== Compliant solution
-
-[source,json,diff-id=1,diff-type=compliant]
-----
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "resources": [
-    {
-      "name": "networkSecurityGroups/example",
-      "type": "Microsoft.Network/networkSecurityGroups/securityRules",
-      "apiVersion": "2022-11-01",
-      "properties": {
-          "protocol": "*",
-          "destinationPortRange": "22",
-          "sourceAddressPrefix": "10.0.0.0/24",
-          "access": "Allow",
-          "direction": "Inbound"
-      }
-    }
-  ]
-}
-----
-
-[source,bicep,diff-id=2,diff-type=compliant]
-----
-resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = {
-  name: 'securityRules'
-  properties: {
-    direction: 'Inbound'
-    access: 'Allow'
-    protocol: '*'
-    destinationPortRange: '22'
-    sourceAddressPrefix: '10.0.0.0/24'
-  }
-}
-----
+include::how-to-fix-it/bicep.adoc[]
 
 == Resources
 

rules/S6378/azureresourcemanager/rule.adoc

@@ -6,7 +6,7 @@ include::../recommended.adoc[]
 
 == Sensitive Code Example
 
-Using ARM templates:
+Using JSON templates:
 
 [source,json,diff-id=1,diff-type=noncompliant]
 ----
@@ -35,7 +35,7 @@ resource sensitiveApiManagementService 'Microsoft.ApiManagement/service@2022-09-
 
 == Compliant Solution
 
-Using ARM templates:
+Using JSON templates:
 
 [source,json,diff-id=1,diff-type=compliant]
 ----

rules/S6385/azureresourcemanager/how-to-fix-it/bicep.adoc

@@ -0,0 +1,51 @@
+== How to fix it in Bicep
+
+include::../../common/fix/rationale.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,bicep,diff-id=2,diff-type=noncompliant]
+----
+targetScope = 'managementGroup'
+
+resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sensitive
+  properties: {
+    permissions: [
+      {
+        actions: ['*']
+        notActions: []
+      }
+    ]
+
+    assignableScopes: [
+      managementGroup().id
+    ]
+  }
+}
+----
+
+==== Compliant solution
+
+[source,bicep,diff-id=2,diff-type=compliant]
+----
+targetScope = 'managementGroup'
+
+resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
+  properties: {
+    permissions: [
+      {
+        actions: ['Microsoft.Compute/*']
+        notActions: []
+      }
+    ]
+
+    assignableScopes: [
+      managementGroup().id
+    ]
+  }
+}
+----
+
+include::../../common/fix/extra-mile.adoc[]

rules/S6385/azureresourcemanager/how_to_fix_it.adoc → rules/S6385/azureresourcemanager/how-to-fix-it/json.adoc

@@ -1,6 +1,6 @@
-== How to fix it
+== How to fix it in JSON templates
 
-include::../common/fix/rationale.adoc[]
+include::../../common/fix/rationale.adoc[]
 
 === Code examples
 
@@ -32,26 +32,6 @@ include::../common/fix/rationale.adoc[]
 }
 ----
 
-[source,bicep,diff-id=2,diff-type=noncompliant]
-----
-targetScope = 'managementGroup'
-
-resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sensitive
-  properties: {
-    permissions: [
-      {
-        actions: ['*']
-        notActions: []
-      }
-    ]
-
-    assignableScopes: [
-      managementGroup().id
-    ]
-  }
-}
-----
-
 ==== Compliant solution
 
 [source,json,diff-id=1,diff-type=compliant]
@@ -80,22 +60,4 @@ resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sen
 }
 ----
 
-[source,bicep,diff-id=2,diff-type=compliant]
-----
-targetScope = 'managementGroup'
-
-resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
-  properties: {
-    permissions: [
-      {
-        actions: ['Microsoft.Compute/*']
-        notActions: []
-      }
-    ]
-
-    assignableScopes: [
-      managementGroup().id
-    ]
-  }
-}
-----
+include::../../common/fix/extra-mile.adoc[]

rules/S6385/azureresourcemanager/rule.adoc

@@ -8,9 +8,9 @@ include::../common/description.adoc[]
 
 include::../common/impact/description.adoc[]
 
-include::how_to_fix_it.adoc[]
+include::how-to-fix-it/json.adoc[]
 
-include::../common/fix/extra-mile.adoc[]
+include::how-to-fix-it/bicep.adoc[]
 
 include::../see.adoc[]
 

rules/S6437/azureresourcemanager/rule.adoc

@@ -12,7 +12,7 @@ include::../../../shared_content/secrets/impact/financial_loss.adoc[]
 
 include::../../../shared_content/secrets/impact/security_downgrade.adoc[]
 
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 === Code examples
 

rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc → rules/S6648/azureresourcemanager/how-to-fix-it/json.adoc

@@ -1,4 +1,4 @@
-== How to fix it in ARM templates
+== How to fix it in JSON templates
 
 === Code examples
 
@@ -31,4 +31,4 @@
     }
   }
 }
-----
+----

rules/S6648/azureresourcemanager/rule.adoc

@@ -10,7 +10,7 @@ Secure parameters can be assigned a default value which will be used if the para
 
 If the default value contains a secret, it will be disclosed to all accounts that have read access to the deployment history. 
 
-include::how-to-fix-it/arm.adoc[]
+include::how-to-fix-it/json.adoc[]
 
 include::how-to-fix-it/bicep.adoc[]
 

rules/S6656/azureresourcemanager/how-to-fix-it/arm.adoc → rules/S6656/azureresourcemanager/how-to-fix-it/json.adoc

@@ -1,4 +1,4 @@
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 By setting `properties.expressionEvaluationOptions.scope` to `Inner` in the parent template, template evaluations are limited to the scope of the nested template. This makes it impossible to expose secure parameters defined in the parent template.