Merge pull request #1 from GitHubSecurityLab/database

Add Database Support

Author: GeekMasher

CONTRIBUTING.md

@@ -28,6 +28,7 @@ If you have an idea for a new feature or enhancement, [please open an issue on G
 3. Make your changes
 4. Write tests for your changes (if applicable)
 5. Run the tests to make sure everything is working
+6. Submit a [pull request][pr] with a clear description of your changes
 
 ### Requirements
 

ql/lib/bicep.qll

@@ -2,5 +2,8 @@ import codeql.Locations
 import codeql.files.FileSystem
 // AST
 import codeql.bicep.AST
+// CFG
+import codeql.bicep.CFG
 // Frameworks
 import codeql.bicep.Frameworks
+import codeql.bicep.Concepts

ql/lib/codeql/bicep/Concepts.qll

@@ -1,2 +1,30 @@
 private import codeql.bicep.AST
 private import codeql.bicep.CFG
+
+/**
+ *  A Public Resource is a resource that is publicly accessible to the Internet.
+ */
+abstract class PublicResource extends Resource {
+  /**
+   *  Returns the property that indicates public access.
+   */
+  abstract Expr getPublicAccessProperty();
+}
+
+module Cryptography {
+  abstract class WeakTlsVersion extends Resource {
+    abstract StringLiteral getWeakTlsVersionProperty();
+
+    /**
+     *  Returns true if the resource has a weak TLS version.
+     * 
+     *  1.0 and 1.1 are considered weak TLS versions.
+     */
+    predicate hasWeakTlsVersion() {
+      exists(StringLiteral literal |
+        literal = this.getWeakTlsVersionProperty() and
+        literal.getValue().regexpMatch("^(1\\.0|1\\.1)$")
+      )
+    }
+  }
+}

ql/lib/codeql/bicep/Frameworks.qll

@@ -1,3 +1,4 @@
 import frameworks.Microsoft.Compute
 import frameworks.Microsoft.Network
-import frameworks.Microsoft.Storage
+import frameworks.Microsoft.Storage
+import frameworks.Microsoft.Databases

ql/lib/codeql/bicep/ast/Resources.qll

@@ -3,7 +3,6 @@ private import codeql.Locations
 private import Expr
 private import Idents
 private import Literals
-
 private import internal.ResourceDeclaration
 private import internal.ObjectProperty
 private import internal.Object
@@ -79,7 +78,6 @@ Resource resolveResource(Expr expr) {
   )
 }
 
-
 class Resource extends TResource {
   private ResourceDeclaration resource;
 
@@ -89,10 +87,15 @@ class Resource extends TResource {
     exists(StringLiteral sl | sl = resource.getName() | result = sl.getValue())
   }
 
-  Expr getProperty(string name) {
-    result = resource.getProperty(name)
+  string getName() {
+    exists(StringLiteral name |
+      name = resource.getProperty("name") and
+      result = name.getValue()
+    )
   }
 
+  Expr getProperty(string name) { result = resource.getProperty(name) }
+
   Resource getParent() { result = resolveResource(this.getProperty("parent")) }
 
   string toString() { result = resource.toString() }