feat: Update Databases support

Author: GeekMasher

ql/lib/codeql/bicep/frameworks/Microsoft/Databases.qll

@@ -10,8 +10,28 @@ module Databases {
      */
     abstract string databaseType();
 
-    override string toString() {
-      result = "DatabaseResource[" + this.databaseType() + "]"
+    override string toString() { result = "DatabaseResource[" + this.databaseType() + "]" }
+
+    DatabaseProperties::Properties getProperties() { result = this.getProperty("properties") }
+
+    string version() {
+      result = this.getProperties().getProperty("version").(StringLiteral).getValue()
+    }
+
+    string sslEnforcement() {
+      result = this.getProperties().getProperty("sslEnforcement").(StringLiteral).getValue()
+    }
+
+    string infrastructureEncryption() {
+      result = this.getProperties().getProperty("infrastructureEncryption").(StringLiteral).getValue()
+    }
+
+    string minimalTlsVersion() {
+      result = this.getProperties().getProperty("minimalTlsVersion").(StringLiteral).getValue()
+    }
+
+    DatabaseProperties::StorageProfile getStorageProfile() {
+      result = this.getProperties().getProperty("storageProfile")
     }
   }
 
@@ -33,6 +53,19 @@ module Databases {
     }
 
     override string databaseType() { result = "cosmosdb" }
+
+    string databaseAccountOfferType() {
+      result =
+        this.getProperties().getProperty("databaseAccountOfferType").(StringLiteral).getValue()
+    }
+
+    boolean isEnableMultipleWriteLocations() {
+      result = this.getProperties().getProperty("enableMultipleWriteLocations").(Boolean).getBool()
+    }
+
+    DatabaseProperties::BackupPolicy getBackupPolicy() {
+      result = this.getProperties().getProperty("backupPolicy")
+    }
   }
 
   /**
@@ -103,4 +136,56 @@ module Databases {
 
     override string databaseType() { result = "arc-sql-managed-instance" }
   }
+
+  module DatabaseProperties {
+    class Properties extends Object {
+      private Resource resource;
+
+      Properties() { this = resource.getProperty("properties") }
+
+      Resource getResource() { result = resource }
+    }
+
+    class Backup extends Object {
+      private Properties properties;
+
+      Backup() { this = properties.getProperty("backup") }
+
+      string toString() { result = "Backup" }
+
+      string geoRedundantBackup() {
+        result = this.getProperty("geoRedundantBackup").(StringLiteral).getValue()
+      }
+    }
+
+    class BackupPolicy extends Object {
+      private Properties properties;
+
+      BackupPolicy() { this = properties.getProperty("backupPolicy") }
+
+      string toString() { result = "BackupPolicy" }
+
+      string getBackupPolicyType() { result = this.getProperty("type").(StringLiteral).getValue() }
+
+      Expr getBackupRetentionDays() { result = this.getProperty("backupRetentionDays") }
+
+      Expr getBackupStorageRedundancy() { result = this.getProperty("backupStorageRedundancy") }
+    }
+
+    class StorageProfile extends Object {
+      private Properties properties;
+
+      StorageProfile() { this = properties.getProperty("storageProfile") }
+
+      string toString() { result = "StorageProfile" }
+
+      int storageMB() {
+        result = this.getProperty("storageMB").(Number).getValue()
+      }
+
+      string autoGrow() {
+        result = this.getProperty("autoGrow").(StringLiteral).getValue()
+      }
+    }
+  }
 }

ql/test/library-tests/frameworks/databases/Databases.expected

@@ -1,9 +1,13 @@
-| app.bicep:2:1:9:1 | DatabaseResource[sql] |
-| app.bicep:12:1:18:1 | DatabaseResource[cosmosdb] |
-| app.bicep:21:1:29:1 | DatabaseResource[postgresql] |
-| app.bicep:32:1:40:1 | DatabaseResource[mysql] |
-| app.bicep:43:1:51:1 | DatabaseResource[mariadb] |
-| app.bicep:54:1:58:1 | DatabaseResource[datalakestore] |
-| app.bicep:61:1:71:1 | DatabaseResource[redis] |
-| app.bicep:74:1:83:1 | DatabaseResource[kusto] |
-| app.bicep:86:1:93:1 | DatabaseResource[arc-sql-managed-instance] |
+| app.bicep:2:1:8:1 | DatabaseResource[cosmosdb] |
+| app.bicep:11:1:30:1 | DatabaseResource[cosmosdb] |
+| app.bicep:33:1:42:1 | DatabaseResource[cosmosdb] |
+| app.bicep:45:1:58:1 | DatabaseResource[cosmosdb] |
+| app.bicep:62:1:69:1 | DatabaseResource[sql] |
+| app.bicep:72:1:78:1 | DatabaseResource[cosmosdb] |
+| app.bicep:81:1:95:1 | DatabaseResource[postgresql] |
+| app.bicep:98:1:111:1 | DatabaseResource[mysql] |
+| app.bicep:114:1:124:1 | DatabaseResource[mariadb] |
+| app.bicep:127:1:131:1 | DatabaseResource[datalakestore] |
+| app.bicep:134:1:144:1 | DatabaseResource[redis] |
+| app.bicep:147:1:156:1 | DatabaseResource[kusto] |
+| app.bicep:159:1:166:1 | DatabaseResource[arc-sql-managed-instance] |

ql/test/library-tests/frameworks/databases/app.bicep

@@ -1,3 +1,63 @@
+// Cosmos DB Account with default settings
+resource cosmosDbDefault 'Microsoft.DocumentDB/databaseAccounts@2022-03-15' = {
+  name: 'cosmosdb-default'
+  location: 'eastus'
+  properties: {
+    databaseAccountOfferType: 'Standard'
+  }
+}
+
+// Cosmos DB Account with geo-redundancy and multi-region write
+resource cosmosDbGeo 'Microsoft.DocumentDB/databaseAccounts@2022-03-15' = {
+  name: 'cosmosdb-geo'
+  location: 'eastus'
+  properties: {
+    databaseAccountOfferType: 'Standard'
+    enableMultipleWriteLocations: true
+    locations: [
+      {
+        locationName: 'eastus'
+        failoverPriority: 0
+        isZoneRedundant: false
+      }
+      {
+        locationName: 'westus'
+        failoverPriority: 1
+        isZoneRedundant: true
+      }
+    ]
+  }
+}
+
+// Cosmos DB Account with continuous backup
+resource cosmosDbContinuousBackup 'Microsoft.DocumentDB/databaseAccounts@2022-03-15' = {
+  name: 'cosmosdb-continuous'
+  location: 'eastus'
+  properties: {
+    databaseAccountOfferType: 'Standard'
+    backupPolicy: {
+      type: 'Continuous'
+    }
+  }
+}
+
+// Cosmos DB Account with periodic backup and custom retention
+resource cosmosDbPeriodicBackup 'Microsoft.DocumentDB/databaseAccounts@2022-03-15' = {
+  name: 'cosmosdb-periodic'
+  location: 'eastus'
+  properties: {
+    databaseAccountOfferType: 'Standard'
+    backupPolicy: {
+      type: 'Periodic'
+      periodicModeProperties: {
+        backupIntervalInMinutes: 240
+        backupRetentionIntervalInHours: 24
+      }
+    }
+  }
+}
+
+
 // Azure SQL Database
 resource sqlDb 'Microsoft.Sql/servers@2022-02-01' = {
   name: 'sqlserver1'
@@ -17,36 +77,49 @@ resource cosmosDb 'Microsoft.DocumentDB/databaseAccounts@2022-03-15' = {
   }
 }
 
-// Azure Database for PostgreSQL
+// Azure Database for PostgreSQL with geo-redundant backup and high availability
 resource postgresqlDb 'Microsoft.DBforPostgreSQL/servers@2022-01-20' = {
   name: 'pgserver1'
   location: 'eastus'
   properties: {
     administratorLogin: 'pgadmin'
     administratorLoginPassword: 'P@ssw0rd!'
     version: '11'
+    backup': {
+      geoRedundantBackup: 'Enabled'
+    }
+    highAvailability: {
+      mode: 'ZoneRedundant'
+    }
   }
 }
 
-// Azure Database for MySQL
+// Azure Database for MySQL with SSL enforcement and auto-grow
 resource mysqlDb 'Microsoft.DBforMySQL/servers@2022-01-20' = {
   name: 'mysqlserver1'
   location: 'eastus'
   properties: {
     administratorLogin: 'mysqladmin'
     administratorLoginPassword: 'P@ssw0rd!'
     version: '5.7'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      storageMB: 51200
+      autoGrow: 'Enabled'
+    }
   }
 }
 
-// Azure Database for MariaDB
+// Azure Database for MariaDB with backup retention and geo-redundancy
 resource mariadbDb 'Microsoft.DBforMariaDB/servers@2018-06-01' = {
   name: 'mariadbserver1'
   location: 'eastus'
   properties: {
     administratorLogin: 'mariadbadmin'
     administratorLoginPassword: 'P@ssw0rd!'
     version: '10.2'
+    backupRetentionDays: 14
+    geoRedundantBackup: 'Enabled'
   }
 }