diff --git a/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs b/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs index b4a57ee3a11..fdfc77206d2 100644 --- a/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs +++ b/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs @@ -201,5 +201,32 @@ public void HandlesSyntaxErrors(int diagnosticCount, string text) AssertLinterRuleDiagnostics(SecureParameterDefaultRule.Code, text, diagnosticCount, new Options(OnCompileErrors.Ignore)); } + [DataRow(0, @" +@secure() +param param1 string + +@secure() +param param2 string = param1 +")] + [DataRow(0, @" +@secure() +param param1 string = '' + +@secure() +param param2 string = param1 +")] + [DataRow(1, @" +@secure() +param param1 string = 'abc' + +@secure() +param param2 string = param1 +")] + [DataTestMethod] + public void ParameterReassignment_TestPasses(int diagnosticCount, string text) + { + AssertLinterRuleDiagnostics(SecureParameterDefaultRule.Code, text, diagnosticCount); + } + } } diff --git a/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs b/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs index 5d062814d05..766aac5792c 100644 --- a/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs +++ b/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs @@ -5,6 +5,7 @@ using Bicep.Core.Diagnostics; using Bicep.Core.Semantics; using Bicep.Core.Syntax; +using Bicep.Core.TypeSystem; namespace Bicep.Core.Analyzers.Linter.Rules { @@ -34,6 +35,11 @@ override public IEnumerable AnalyzeInternal(SemanticModel model, Di // Empty string - okay continue; } + else if (model.GetTypeInfo(defaultValue).ValidationFlags.HasFlag(TypeSymbolValidationFlags.IsSecure)) + { + // has @secure attribute - okay + continue; + } else if (defaultValue is ObjectSyntax objectSyntax && !objectSyntax.Properties.Any()) { // Empty object - okay