SONARIAC-1892 Modify rule S6975: Fix how to fix it section split (#4604)

docs/header_names/allowed_framework_names.adoc

@@ -150,7 +150,7 @@
 * CryptoSwift
 * IDZSwiftCommonCrypto
 // Azure resource manager
-* ARM templates
+* JSON templates
 * Bicep
 // PL/SQL
 * DBMS_CRYPTO

rules/S117/azureresourcemanager/rule.adoc

@@ -10,7 +10,7 @@ include::../why-is-this-an-issue.adoc[]
 
 include::../what-is-the-potential-impact.adoc[]
 
-== How to fix it in ARM templates
+== How to fix it in JSON templates
 
 include::../how-to-fix-it-description.adoc[]
 

rules/S1192/azureresourcemanager/rule.adoc

@@ -6,7 +6,7 @@ include::../description.adoc[]
 
 include::exceptions-arm.adoc[]
 
-== How to fix it in ARM templates
+== How to fix it in JSON templates
 
 include::howtofix-arm.adoc[]
 

rules/S1481/azureresourcemanager/rule.adoc

@@ -1,6 +1,6 @@
 include::../rationale.adoc[]
 
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 The fix for this issue is straightforward.
 Once you ensure the unused variable is not part of an incomplete implementation leading to bugs, you just need to remove it.

rules/S6321/azureresourcemanager/how-to-fix-it/bicep.adoc

@@ -0,0 +1,37 @@
+== How to fix it in Bicep
+
+include::../../common/how-to-fix-it/intro.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,bicep,diff-id=2,diff-type=noncompliant]
+----
+resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = {
+  name: 'securityRules'
+  properties: {
+    direction: 'Inbound'
+    access: 'Allow'
+    protocol: '*'
+    destinationPortRange: '*'
+    sourceAddressPrefix: '*'
+  }
+}
+----
+
+==== Compliant solution
+
+[source,bicep,diff-id=2,diff-type=compliant]
+----
+resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = {
+  name: 'securityRules'
+  properties: {
+    direction: 'Inbound'
+    access: 'Allow'
+    protocol: '*'
+    destinationPortRange: '22'
+    sourceAddressPrefix: '10.0.0.0/24'
+  }
+}
+----

rules/S6321/azureresourcemanager/how-to-fix-it/json.adoc

@@ -0,0 +1,53 @@
+== How to fix it in JSON templates
+
+include::../../common/how-to-fix-it/intro.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,json,diff-id=1,diff-type=noncompliant]
+----
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "resources": [
+    {
+      "name": "networkSecurityGroups/example",
+      "type": "Microsoft.Network/networkSecurityGroups/securityRules",
+      "apiVersion": "2022-11-01",
+      "properties": {
+        "protocol": "*",
+        "destinationPortRange": "*",
+        "sourceAddressPrefix": "*",
+        "access": "Allow",
+        "direction": "Inbound"
+      }
+    }
+  ]
+}
+----
+
+==== Compliant solution
+
+[source,json,diff-id=1,diff-type=compliant]
+----
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "resources": [
+    {
+      "name": "networkSecurityGroups/example",
+      "type": "Microsoft.Network/networkSecurityGroups/securityRules",
+      "apiVersion": "2022-11-01",
+      "properties": {
+          "protocol": "*",
+          "destinationPortRange": "22",
+          "sourceAddressPrefix": "10.0.0.0/24",
+          "access": "Allow",
+          "direction": "Inbound"
+      }
+    }
+  ]
+}
+----

rules/S6321/azureresourcemanager/rule.adoc

@@ -6,87 +6,9 @@ Any firewall rule allowing traffic from all IP addresses to standard network por
 
 include::../impact.adoc[]
 
-== How to fix it
+include::how-to-fix-it/json.adoc[]
 
-include::../common/how-to-fix-it/intro.adoc[]
-
-=== Code examples
-
-==== Noncompliant code example
-
-[source,json,diff-id=1,diff-type=noncompliant]
-----
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "resources": [
-    {
-      "name": "networkSecurityGroups/example",
-      "type": "Microsoft.Network/networkSecurityGroups/securityRules",
-      "apiVersion": "2022-11-01",
-      "properties": {
-        "protocol": "*",
-        "destinationPortRange": "*",
-        "sourceAddressPrefix": "*",
-        "access": "Allow",
-        "direction": "Inbound"
-      }
-    }
-  ]
-}
-----
-
-[source,bicep,diff-id=2,diff-type=noncompliant]
-----
-resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = {
-  name: 'securityRules'
-  properties: {
-    direction: 'Inbound'
-    access: 'Allow'
-    protocol: '*'
-    destinationPortRange: '*'
-    sourceAddressPrefix: '*'
-  }
-}
-----
-
-==== Compliant solution
-
-[source,json,diff-id=1,diff-type=compliant]
-----
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "resources": [
-    {
-      "name": "networkSecurityGroups/example",
-      "type": "Microsoft.Network/networkSecurityGroups/securityRules",
-      "apiVersion": "2022-11-01",
-      "properties": {
-          "protocol": "*",
-          "destinationPortRange": "22",
-          "sourceAddressPrefix": "10.0.0.0/24",
-          "access": "Allow",
-          "direction": "Inbound"
-      }
-    }
-  ]
-}
-----
-
-[source,bicep,diff-id=2,diff-type=compliant]
-----
-resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = {
-  name: 'securityRules'
-  properties: {
-    direction: 'Inbound'
-    access: 'Allow'
-    protocol: '*'
-    destinationPortRange: '22'
-    sourceAddressPrefix: '10.0.0.0/24'
-  }
-}
-----
+include::how-to-fix-it/bicep.adoc[]
 
 == Resources
 

rules/S6378/azureresourcemanager/rule.adoc

@@ -6,7 +6,7 @@ include::../recommended.adoc[]
 
 == Sensitive Code Example
 
-Using ARM templates:
+Using JSON templates:
 
 [source,json,diff-id=1,diff-type=noncompliant]
 ----
@@ -35,7 +35,7 @@ resource sensitiveApiManagementService 'Microsoft.ApiManagement/service@2022-09-
 
 == Compliant Solution
 
-Using ARM templates:
+Using JSON templates:
 
 [source,json,diff-id=1,diff-type=compliant]
 ----

rules/S6385/azureresourcemanager/how-to-fix-it/bicep.adoc

@@ -0,0 +1,51 @@
+== How to fix it in Bicep
+
+include::../../common/fix/rationale.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,bicep,diff-id=2,diff-type=noncompliant]
+----
+targetScope = 'managementGroup'
+
+resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sensitive
+  properties: {
+    permissions: [
+      {
+        actions: ['*']
+        notActions: []
+      }
+    ]
+
+    assignableScopes: [
+      managementGroup().id
+    ]
+  }
+}
+----
+
+==== Compliant solution
+
+[source,bicep,diff-id=2,diff-type=compliant]
+----
+targetScope = 'managementGroup'
+
+resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
+  properties: {
+    permissions: [
+      {
+        actions: ['Microsoft.Compute/*']
+        notActions: []
+      }
+    ]
+
+    assignableScopes: [
+      managementGroup().id
+    ]
+  }
+}
+----
+
+include::../../common/fix/extra-mile.adoc[]

rules/S6385/azureresourcemanager/how-to-fix-it/json.adoc

@@ -1,6 +1,6 @@
-== How to fix it
+== How to fix it in JSON templates
 
-include::../common/fix/rationale.adoc[]
+include::../../common/fix/rationale.adoc[]
 
 === Code examples
 
@@ -32,26 +32,6 @@ include::../common/fix/rationale.adoc[]
 }
 ----
 
-[source,bicep,diff-id=2,diff-type=noncompliant]
-----
-targetScope = 'managementGroup'
-
-resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sensitive
-  properties: {
-    permissions: [
-      {
-        actions: ['*']
-        notActions: []
-      }
-    ]
-
-    assignableScopes: [
-      managementGroup().id
-    ]
-  }
-}
-----
-
 ==== Compliant solution
 
 [source,json,diff-id=1,diff-type=compliant]
@@ -80,22 +60,4 @@ resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sen
 }
 ----
 
-[source,bicep,diff-id=2,diff-type=compliant]
-----
-targetScope = 'managementGroup'
-
-resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
-  properties: {
-    permissions: [
-      {
-        actions: ['Microsoft.Compute/*']
-        notActions: []
-      }
-    ]
-
-    assignableScopes: [
-      managementGroup().id
-    ]
-  }
-}
-----
+include::../../common/fix/extra-mile.adoc[]

rules/S6385/azureresourcemanager/rule.adoc

@@ -8,9 +8,9 @@ include::../common/description.adoc[]
 
 include::../common/impact/description.adoc[]
 
-include::how_to_fix_it.adoc[]
+include::how-to-fix-it/json.adoc[]
 
-include::../common/fix/extra-mile.adoc[]
+include::how-to-fix-it/bicep.adoc[]
 
 include::../see.adoc[]
 

rules/S6437/azureresourcemanager/rule.adoc

@@ -12,7 +12,7 @@ include::../../../shared_content/secrets/impact/financial_loss.adoc[]
 
 include::../../../shared_content/secrets/impact/security_downgrade.adoc[]
 
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 === Code examples
 

rules/S6648/azureresourcemanager/how-to-fix-it/json.adoc

@@ -1,4 +1,4 @@
-== How to fix it in ARM templates
+== How to fix it in JSON templates
 
 === Code examples
 
@@ -31,4 +31,4 @@
     }
   }
 }
-----
+----

rules/S6648/azureresourcemanager/rule.adoc

@@ -10,7 +10,7 @@ Secure parameters can be assigned a default value which will be used if the para
 
 If the default value contains a secret, it will be disclosed to all accounts that have read access to the deployment history. 
 
-include::how-to-fix-it/arm.adoc[]
+include::how-to-fix-it/json.adoc[]
 
 include::how-to-fix-it/bicep.adoc[]
 

rules/S6656/azureresourcemanager/how-to-fix-it/json.adoc

@@ -1,4 +1,4 @@
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 By setting `properties.expressionEvaluationOptions.scope` to `Inner` in the parent template, template evaluations are limited to the scope of the nested template. This makes it impossible to expose secure parameters defined in the parent template.
 

rules/S6656/azureresourcemanager/rule.adoc

@@ -10,7 +10,7 @@ When used in nested deployments, however, it is possible to embed secure paramet
 
 If the nested deployment contains a secure parameter in this way, then the value of this parameter may be readable in the deployment history. This can lead to important credentials being leaked to unauthorized accounts. 
 
-include::how-to-fix-it/arm.adoc[]
+include::how-to-fix-it/json.adoc[]
 
 include::how-to-fix-it/bicep.adoc[]
 
@@ -44,4 +44,4 @@ If `properties.expressionEvaluationOptions.scope` or `properties.expressionEvalu
 ==== Secondary Highlight
 Highlight the secure parameter in the nested template that is at risk here.
 
-endif::env-github,rspecator-view[]
+endif::env-github,rspecator-view[]

rules/S6874/azureresourcemanager/rule.adoc

@@ -11,7 +11,7 @@ the latest version.
 This can lead to unexpected behaviors like deployment failures,
 when the API version you set for a resource doesn't match the properties in your template.
 
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 To avoid these issues, it is recommended to set the `apiVersion` to a hard-coded value for the resource type.
 

rules/S6949/azureresourcemanager/rule.adoc

@@ -6,7 +6,7 @@ When deploying an Azure Resource Manager template (ARM template), you must provi
 
 It is therefore recommended to use a parameter to specify the location for resources, with the default value set to `resourceGroup().location`. This practice ensures consistency in resource allocation and provides users of the template the flexibility to specify a location where they have the necessary permissions to deploy resources. This approach helps avoid hardcoding locations, which can lead to potential deployment issues and restrictions.
 
-== How to fix it in ARM templates
+== How to fix it in JSON templates
 
 Create a parameter for the location and set the default value to `resourceGroup().location`. Then, use the parameter to specify the location of resources.
 
@@ -115,4 +115,4 @@ Replace this hardcoded location with a parameter.
 === Highlighting
 Highlight the value of the hardcoded `location` property.
 
-endif::env-github,rspecator-view[]
+endif::env-github,rspecator-view[]

rules/S6952/azureresourcemanager/rule.adoc

@@ -10,7 +10,7 @@ However, a code smell arises when these dependencies are used simultaneously for
 This redundancy is unnecessary and can lead to confusion.
 Therefore, to maintain clarity and efficiency in your code, it is best to omit explicit dependencies when they are already defined implicitly.
 
-== How to fix it in ARM templates
+== How to fix it in JSON templates
 
 If a resource references another with a `reference` function, remove the `dependsOn` element if it points to the same resource.
 

rules/S6953/azureresourcemanager/rule.adoc

@@ -12,7 +12,7 @@ However, when it comes to a parameter defining the `location` of a resource, thi
 Specifically, setting `allowedValues` for a location parameter can cause issues because the locations list might not be exhaustive or suitable for all users.
 Users may be unable to deploy such a template if their desired location is not included in the `allowedValues`, causing inconvenience and potential delays in their work.
 
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 Remove `allowedValues` for the parameter specifying the location.
 
@@ -114,4 +114,4 @@ In case of ARM Tempates , highlight the `allowedValues` property in the paramete
 
 In case of Bicep, highlight the `@allowed` decorator above the parameter specifying the location.
 
-endif::env-github,rspecator-view[]
+endif::env-github,rspecator-view[]

rules/S6954/azureresourcemanager/rule.adoc

@@ -11,7 +11,7 @@ They are useless and prevent readability of the code.
 The top-level JSON template properties: `parameters`, `variables`, `functions`, `resources` and `outputs` are excluded from this rule.
 Also required properties are excluded from this rule.
 
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 Empty or null elements should be removed or completed with real code.
 

rules/S6955/azureresourcemanager/rule.adoc

@@ -24,7 +24,7 @@ In summary, unused local parameters can make your code less readable, more confu
 Therefore, it is best to remove them.
 
 
-== How to fix it in ARM Templates
+== How to fix it in JSON templates
 
 include::../how-to-fix-it-text.adoc[]
 

rules/S6956/azureresourcemanager/how-to-fix-it/bicep.adoc

@@ -0,0 +1,20 @@
+== How to fix it in Bicep
+
+=== Code examples
+
+==== Compliant solution
+
+*Recommended order of elements*:
+
+[source,bicep]
+----
+targetScope ...
+metadata ...
+param ...
+func ...
+var ...
+resource ... // (existing resources collected together)
+resource ... // (new resources)
+module ...
+output ...
+----

rules/S6956/azureresourcemanager/how-to-fix-it/json.adoc

@@ -0,0 +1,22 @@
+== How to fix it in JSON templates
+
+=== Code examples
+
+==== Compliant solution
+
+*Recommended order of properties*:
+
+[source,json]
+----
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/...",
+  "contentVersion": "1.0.0.0",
+  "metadata": {},
+  "apiProfile": "...",
+  "parameters": {},
+  "functions": {},
+  "variables": {},
+  "resources": [],
+  "outputs": {}
+}
+----

rules/S6956/azureresourcemanager/rule.adoc

@@ -6,41 +6,9 @@ This makes it easier to read and understand the template.
 Not following this convention has no technical impact,
 but will reduce the template's readability because most developers are used to the standard order.
 
-== How to fix it in ARM Templates
+include::how-to-fix-it/json.adoc[]
 
-*Recommended order of properties*:
-
-[source,json]
-----
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/...",
-  "contentVersion": "1.0.0.0",
-  "metadata": {},
-  "apiProfile": "...",
-  "parameters": {},
-  "functions": {},
-  "variables": {},
-  "resources": [],
-  "outputs": {}
-}
-----
-
-== How to fix it in Bicep
-
-*Recommended order of elements*:
-
-[source,bicep]
-----
-targetScope ...
-metadata ...
-param ...
-func ...
-var ...
-resource ... // (existing resources collected together)
-resource ... // (new resources)
-module ...
-output ...
-----
+include::how-to-fix-it/bicep.adoc[]
 
 == Resources
 === Documentation

rules/S6975/azureresourcemanager/how-to-fix-it/bicep.adoc

@@ -0,0 +1,30 @@
+== How to fix it in Bicep
+
+=== Code examples
+
+==== Compliant solution
+
+*Recommended order of the resource elements and decorators*:
+
+[source,bicep]
+----
+@description
+@batchSize
+resource resourceName
+  parent
+  scope
+  name
+  location/extendedLocation
+  zones
+  sku
+  kind
+  scale
+  plan
+  identity
+  dependsOn
+  tags
+  properties
+----
+
+Any other decorated not listed here should be placed before the `resource` object and after the other decorators.
+Any other elements not listed here should be placed before the `properties` object for the resource.

rules/S6975/azureresourcemanager/how-to-fix-it/json.adoc

@@ -0,0 +1,36 @@
+== How to fix it in JSON templates
+
+=== Code examples
+
+==== Compliant solution
+
+*Recommended order of the resource elements*:
+
+[source,json]
+----
+{
+  "resources": [
+    {
+      "comments": "if any",
+      "condition": true,
+      "scope": "% parent scope %",
+      "type": "Microsoft.Compute/virtualMachines",
+      "apiVersion": "2023-09-01",
+      "name": "resourceName",
+      "location": "[parameters('location')]",
+      "zones": [],
+      "sku": {},
+      "kind": "",
+      "scale": "",
+      "plan": {},
+      "identity": {},
+      "copy": {},
+      "dependsOn": [],
+      "tags": {},
+      "properties": {}
+    }
+  ]
+}
+----
+
+Any other properties not listed here should be placed before the `properties` object for the resource.

rules/S6975/azureresourcemanager/rule.adoc

@@ -6,65 +6,9 @@ This makes it easier to read and understand the template.
 Not following this convention has no technical impact,
 but will reduce the template's readability because most developers are used to the standard order.
 
-== How to fix it in ARM Templates
+include::how-to-fix-it/json.adoc[]
 
-*Recommended order of the resource elements*:
-
-[source,json]
-----
-{
-  "resources": [
-    {
-      "comments": "if any",
-      "condition": true,
-      "scope": "% parent scope %",
-      "type": "Microsoft.Compute/virtualMachines",
-      "apiVersion": "2023-09-01",
-      "name": "resourceName",
-      "location": "[parameters('location')]",
-      "zones": [],
-      "sku": {},
-      "kind": "",
-      "scale": "",
-      "plan": {},
-      "identity": {},
-      "copy": {},
-      "dependsOn": [],
-      "tags": {},
-      "properties": {}
-    }
-  ]
-}
-----
-
-Any other properties not listed here should be placed before the `properties` object for the resource.
-
-== How to fix it in Bicep
-
-*Recommended order of the resource elements and decorators*:
-
-[source,bicep]
-----
-@description
-@batchSize
-resource resourceName
-  parent
-  scope
-  name
-  location/extendedLocation
-  zones
-  sku
-  kind
-  scale
-  plan
-  identity
-  dependsOn
-  tags
-  properties
-----
-
-Any other decorated not listed here should be placed before the `resource` object and after the other decorators.
-Any other elements not listed here should be placed before the `properties` object for the resource.
+include::how-to-fix-it/bicep.adoc[]
 
 == Resources
 === Documentation