From 3ee6379371ed594c2e3a070a7f3c517b5060754b Mon Sep 17 00:00:00 2001
From: David Lloyd <david.lloyd.uk@hotmail.com>
Date: Thu, 28 Mar 2024 14:13:25 +0000
Subject: [PATCH] Amended as per suggestion

---
 .../SecureParameterDefaultRuleTests.cs        | 20 ++++++++++++++++---
 .../Rules/SecureParameterDefaultRule.cs       |  5 +++--
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs b/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs
index 476f13875a0..fdfc77206d2 100644
--- a/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs
+++ b/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs
@@ -203,13 +203,27 @@ public void HandlesSyntaxErrors(int diagnosticCount, string text)
 
         [DataRow(0, @"
 @secure()
-output param1 string
+param param1 string
+
+@secure()
+param param2 string = param1
+")]
+        [DataRow(0, @"
+@secure()
+param param1 string = ''
+
+@secure()
+param param2 string = param1
+")]
+        [DataRow(1, @"
+@secure()
+param param1 string = 'abc'
 
 @secure()
-output param2 string = param1
+param param2 string = param1
 ")]
         [DataTestMethod]
-        public void VariableAssignment_TestPasses(int diagnosticCount, string text)
+        public void ParameterReassignment_TestPasses(int diagnosticCount, string text)
         {
             AssertLinterRuleDiagnostics(SecureParameterDefaultRule.Code, text, diagnosticCount);
         }
diff --git a/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs b/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs
index f2da609bd2e..766aac5792c 100644
--- a/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs
+++ b/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs
@@ -5,6 +5,7 @@
 using Bicep.Core.Diagnostics;
 using Bicep.Core.Semantics;
 using Bicep.Core.Syntax;
+using Bicep.Core.TypeSystem;
 
 namespace Bicep.Core.Analyzers.Linter.Rules
 {
@@ -34,9 +35,9 @@ override public IEnumerable<IDiagnostic> AnalyzeInternal(SemanticModel model, Di
                     // Empty string - okay
                     continue;
                 }
-                else if (defaultValue is VariableAccessSyntax variableAccessSyntax)
+                else if (model.GetTypeInfo(defaultValue).ValidationFlags.HasFlag(TypeSymbolValidationFlags.IsSecure))
                 {
-                    // Variable - okay
+                    // has @secure attribute - okay
                     continue;
                 }
                 else if (defaultValue is ObjectSyntax objectSyntax && !objectSyntax.Properties.Any())