Azure · anthony-c-martin · Apr 3, 2024 · Mar 25, 2024 · Mar 28, 2024 · Apr 2, 2024
diff --git a/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs b/src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/SecureParameterDefaultRuleTests.cs
@@ -201,5 +201,32 @@ public void HandlesSyntaxErrors(int diagnosticCount, string text)
             AssertLinterRuleDiagnostics(SecureParameterDefaultRule.Code, text, diagnosticCount, new Options(OnCompileErrors.Ignore));
         }
 
+        [DataRow(0, @"
+@secure()
+param param1 string
+
+@secure()
+param param2 string = param1
+")]
+        [DataRow(0, @"
+@secure()
+param param1 string = ''
+
+@secure()
+param param2 string = param1
+")]
+        [DataRow(1, @"
+@secure()
+param param1 string = 'abc'
+
+@secure()
+param param2 string = param1
+")]
+        [DataTestMethod]
+        public void ParameterReassignment_TestPasses(int diagnosticCount, string text)
+        {
+            AssertLinterRuleDiagnostics(SecureParameterDefaultRule.Code, text, diagnosticCount);
+        }
+
     }
 }
diff --git a/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs b/src/Bicep.Core/Analyzers/Linter/Rules/SecureParameterDefaultRule.cs
@@ -5,6 +5,7 @@
 using Bicep.Core.Diagnostics;
 using Bicep.Core.Semantics;
 using Bicep.Core.Syntax;
+using Bicep.Core.TypeSystem;
 
 namespace Bicep.Core.Analyzers.Linter.Rules
 {
@@ -34,6 +35,11 @@ override public IEnumerable<IDiagnostic> AnalyzeInternal(SemanticModel model, Di
                     // Empty string - okay
                     continue;
                 }
+                else if (model.GetTypeInfo(defaultValue).ValidationFlags.HasFlag(TypeSymbolValidationFlags.IsSecure))
+                {
+                    // has @secure attribute - okay
+                    continue;
+                }
                 else if (defaultValue is ObjectSyntax objectSyntax && !objectSyntax.Properties.Any())
                 {
                     // Empty object - okay