v0.2.2

.coverage.json

@@ -32,6 +32,14 @@
       "covered": false,
       "test_files": []
     },
+    {
+      "path": "ql/src/security/CWE-319/InsecureWebAppTlsVersion.ql",
+      "name": "InsecureWebAppTlsVersion",
+      "category": "security",
+      "cwe": "CWE-319",
+      "covered": false,
+      "test_files": []
+    },
     {
       "path": "ql/src/security/CWE-319/DatabaseSslNotEnforced.ql",
       "name": "DatabaseSslNotEnforced",
@@ -56,6 +64,14 @@
       "covered": false,
       "test_files": []
     },
+    {
+      "path": "ql/src/security/CWE-319/InsecureWebAppFtpsState.ql",
+      "name": "InsecureWebAppFtpsState",
+      "category": "security",
+      "cwe": "CWE-319",
+      "covered": false,
+      "test_files": []
+    },
     {
       "path": "ql/src/security/CWE-319/SslEnforement.ql",
       "name": "SslEnforement",
@@ -136,6 +152,14 @@
       "covered": false,
       "test_files": []
     },
+    {
+      "path": "ql/src/security/CWE-284/WebAppPublicNetworkAccess.ql",
+      "name": "WebAppPublicNetworkAccess",
+      "category": "security",
+      "cwe": "CWE-284",
+      "covered": false,
+      "test_files": []
+    },
     {
       "path": "ql/src/security/CWE-284/AKSPublicNetworkAccess.ql",
       "name": "AKSPublicNetworkAccess",
@@ -296,6 +320,14 @@
       "covered": false,
       "test_files": []
     },
+    {
+      "path": "ql/src/security/CWE-306/WebAppRemoteDebugging.ql",
+      "name": "WebAppRemoteDebugging",
+      "category": "security",
+      "cwe": "CWE-306",
+      "covered": false,
+      "test_files": []
+    },
     {
       "path": "ql/src/security/CWE-352/GrafanaCsrfDisabled.ql",
       "name": "GrafanaCsrfDisabled",
@@ -346,29 +378,29 @@
     }
   ],
   "metadata": {
-    "total_queries": 43,
+    "total_queries": 47,
     "covered_queries": 0,
     "categories": [
-      "testing",
+      "security",
       "diagnostics",
-      "security"
+      "testing"
     ],
     "cwes": [
-      "CWE-668",
+      "CWE-200",
       "CWE-311",
-      "CWE-400",
-      "CWE-306",
+      "CWE-798",
       "CWE-352",
+      "CWE-693",
+      "CWE-400",
+      "CWE-295",
+      "CWE-284",
       "CWE-319",
-      "CWE-942",
       "CWE-272",
-      "CWE-284",
-      "CWE-295",
-      "CWE-200",
-      "CWE-327",
-      "CWE-798",
-      "CWE-693",
-      "CWE-404"
+      "CWE-404",
+      "CWE-942",
+      "CWE-306",
+      "CWE-668",
+      "CWE-327"
     ],
     "coverage_percentage": 0.0
   }

.release.yml

@@ -1,6 +1,6 @@
 name: "codeql-extractor-bicep"
 repository: "GitHubSecurityLab/codeql-extractor-bicep"
-version: "0.2.1"
+version: "0.2.2"
 
 ecosystems:
   - Docs

README.md

@@ -18,7 +18,7 @@
 
 ```yaml
 - name: Initialize and Analyze Bicep
-  uses: GitHubSecurityLab/[email protected].1
+  uses: GitHubSecurityLab/[email protected].2
 ```
 
 ## Features
@@ -31,7 +31,7 @@
 
 | Metric | Value |
 |--------|-------|
-| Total Queries | 43 |
+| Total Queries | 47 |
 | Covered Queries | 0 |
 | Coverage Percentage | 0.0% |
 | Categories | 3 |
@@ -42,7 +42,7 @@
 | Category | Covered | Total | Percentage |
 |----------|---------|-------|------------|
 | Diagnostics | 0 | 2 | 0.0% |
-| Security | 0 | 40 | 0.0% |
+| Security | 0 | 44 | 0.0% |
 | Testing | 0 | 1 | 0.0% |
 
 ### Coverage by CWE
@@ -51,11 +51,11 @@
 |-----|-------------|---------|-------|------------|
 | CWE-200 | Information Exposure | 0 | 2 | 0.0% |
 | CWE-272 | Least Privilege Violation | 0 | 2 | 0.0% |
-| CWE-284 | Improper Access Control | 0 | 4 | 0.0% |
+| CWE-284 | Improper Access Control | 0 | 5 | 0.0% |
 | CWE-295 | Improper Certificate Validation | 0 | 1 | 0.0% |
-| CWE-306 | Missing Authentication | 0 | 3 | 0.0% |
+| CWE-306 | Missing Authentication | 0 | 4 | 0.0% |
 | CWE-311 | Missing Encryption | 0 | 2 | 0.0% |
-| CWE-319 | Cleartext Transmission | 0 | 4 | 0.0% |
+| CWE-319 | Cleartext Transmission | 0 | 6 | 0.0% |
 | CWE-327 | Broken/Risky Crypto Algorithm | 0 | 3 | 0.0% |
 | CWE-352 | Cross-Site Request Forgery | 0 | 1 | 0.0% |
 | CWE-400 | Resource Exhaustion | 0 | 2 | 0.0% |
@@ -65,7 +65,7 @@
 | CWE-798 | Hard-coded Credentials | 0 | 2 | 0.0% |
 | CWE-942 | Overly Permissive CORS | 0 | 4 | 0.0% |
 
-*Last updated: 2025-06-25 14:04:04 UTC*
+*Last updated: 2025-07-07 17:17:11 UTC*
 
 <!-- COVERAGE-REPORT:END -->
 

action.yml

@@ -25,7 +25,7 @@ runs:
       id: extractor
       with:
         token: ${{ inputs.token }}
-        extractors: "GitHubSecurityLab/[email protected].1"
+        extractors: "GitHubSecurityLab/[email protected].2"
         packs: githubsecuritylab/bicep-queries
         languages: "bicep"
         # Assumes GH is installed

codeql-extractor.yml

@@ -1,6 +1,6 @@
 name: bicep
 display_name: Bicep
-version: 0.2.1
+version: 0.2.2
 column_kind: utf8
 legacy_qltest_extraction: true
 build_modes:

ql/lib/qlpack.yml

@@ -2,7 +2,7 @@
 library: true
 warnOnImplicitThis: false
 name: githubsecuritylab/bicep-all
-version: 0.2.1
+version: 0.2.2
 dependencies:
   codeql/util: "^1.0.0"
   codeql/yaml: "^1.0.0"

ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: githubsecuritylab/bicep-queries
-version: 0.2.1
+version: 0.2.2
 groups: 
   - bicep
   - queries