@azure-tools/typespec-azure-resource-manager 0.62.0-dev.3 → 0.62.0-dev.4

package/README.md

@@ -60,6 +60,7 @@ Available ruleSets:
 | `@azure-tools/typespec-azure-resource-manager/resource-name`                                                                                                                                             | Check the resource name.                                                                                                                                                                                                                              |
 | `@azure-tools/typespec-azure-resource-manager/retry-after`                                                                                                                                               | Check if retry-after header appears in response body.                                                                                                                                                                                                 |
 | [`@azure-tools/typespec-azure-resource-manager/unsupported-type`](https://azure.github.io/typespec-azure/docs/libraries/azure-resource-manager/rules/unsupported-type)                                   | Check for unsupported ARM types.                                                                                                                                                                                                                      |
+| [`@azure-tools/typespec-azure-resource-manager/secret-prop`](https://azure.github.io/typespec-azure/docs/libraries/azure-resource-manager/rules/secret-prop)                                             | RPC-v1-13: Check that property with names indicating sensitive information(e.g. contains auth, password, token, secret, etc.) are marked with @secret decorator.                                                                                      |
 | [`@azure-tools/typespec-azure-resource-manager/no-empty-model`](https://azure.github.io/typespec-azure/docs/libraries/azure-resource-manager/rules/no-empty-model)                                       | ARM Properties with type:object that don't reference a model definition are not allowed. ARM doesn't allow generic type definitions as this leads to bad customer experience.                                                                         |
 
 ## Decorators

package/dist/src/linter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"linter.d.ts","sourceRoot":"","sources":["../../src/linter.ts"],"names":[],"mappings":"AAuEA,eAAO,MAAM,OAAO,+CAElB,CAAC"}
+{"version":3,"file":"linter.d.ts","sourceRoot":"","sources":["../../src/linter.ts"],"names":[],"mappings":"AAyEA,eAAO,MAAM,OAAO,+CAElB,CAAC"}

package/dist/src/linter.js

@@ -31,6 +31,7 @@ import { operationsInterfaceMissingRule } from "./rules/operations-interface-mis
 import { patchEnvelopePropertiesRules } from "./rules/patch-envelope-properties.js";
 import { resourceNameRule } from "./rules/resource-name.js";
 import { retryAfterRule } from "./rules/retry-after.js";
+import { secretProprule } from "./rules/secret-prop.js";
 import { unsupportedTypeRule } from "./rules/unsupported-type.js";
 const rules = [
     armNoRecordRule,
@@ -65,6 +66,7 @@ const rules = [
     resourceNameRule,
     retryAfterRule,
     unsupportedTypeRule,
+    secretProprule,
     noEmptyModel,
 ];
 export const $linter = defineLinter({

package/dist/src/linter.js.map

@@ -1 +1 @@
-{"version":3,"file":"linter.js","sourceRoot":"","sources":["../../src/linter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,iDAAiD,CAAC;AACnG,OAAO,EAAE,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAClF,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AAC5E,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,kCAAkC,EAAE,MAAM,4CAA4C,CAAC;AAChG,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAAE,gCAAgC,EAAE,MAAM,6CAA6C,CAAC;AAC/F,OAAO,EAAE,6BAA6B,EAAE,MAAM,mDAAmD,CAAC;AAClG,OAAO,EAAE,mCAAmC,EAAE,MAAM,gDAAgD,CAAC;AACrG,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAClF,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,+BAA+B,EAAE,MAAM,4CAA4C,CAAC;AAC7F,OAAO,EAAE,gCAAgC,EAAE,MAAM,iDAAiD,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EAAE,qCAAqC,EAAE,MAAM,iDAAiD,CAAC;AACxG,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AACrF,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,4BAA4B,EAAE,MAAM,sCAAsC,CAAC;AACpF,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAElE,MAAM,KAAK,GAAG;IACZ,eAAe;IACf,yBAAyB;IACzB,0BAA0B;IAC1B,uBAAuB;IACvB,wBAAwB;IACxB,8BAA8B;IAC9B,kCAAkC;IAClC,6BAA6B;IAC7B,mCAAmC;IACnC,8BAA8B;IAC9B,0BAA0B;IAC1B,yBAAyB;IACzB,+BAA+B;IAC/B,gCAAgC;IAChC,sBAAsB;IACtB,gCAAgC;IAChC,iBAAiB;IACjB,kBAAkB;IAClB,0BAA0B;IAC1B,uBAAuB;IACvB,cAAc;IACd,gCAAgC;IAChC,qCAAqC;IACrC,qBAAqB;IACrB,yBAAyB;IACzB,kBAAkB;IAClB,8BAA8B;IAC9B,4BAA4B;IAC5B,mBAAmB;IACnB,gBAAgB;IAChB,cAAc;IACd,mBAAmB;IACnB,YAAY;CACb,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAG,YAAY,CAAC;IAClC,KAAK;CACN,CAAC,CAAC"}
+{"version":3,"file":"linter.js","sourceRoot":"","sources":["../../src/linter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,iDAAiD,CAAC;AACnG,OAAO,EAAE,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAClF,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AAC5E,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,kCAAkC,EAAE,MAAM,4CAA4C,CAAC;AAChG,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAAE,gCAAgC,EAAE,MAAM,6CAA6C,CAAC;AAC/F,OAAO,EAAE,6BAA6B,EAAE,MAAM,mDAAmD,CAAC;AAClG,OAAO,EAAE,mCAAmC,EAAE,MAAM,gDAAgD,CAAC;AACrG,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAClF,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,+BAA+B,EAAE,MAAM,4CAA4C,CAAC;AAC7F,OAAO,EAAE,gCAAgC,EAAE,MAAM,iDAAiD,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EAAE,qCAAqC,EAAE,MAAM,iDAAiD,CAAC;AACxG,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AACrF,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,4BAA4B,EAAE,MAAM,sCAAsC,CAAC;AACpF,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAElE,MAAM,KAAK,GAAG;IACZ,eAAe;IACf,yBAAyB;IACzB,0BAA0B;IAC1B,uBAAuB;IACvB,wBAAwB;IACxB,8BAA8B;IAC9B,kCAAkC;IAClC,6BAA6B;IAC7B,mCAAmC;IACnC,8BAA8B;IAC9B,0BAA0B;IAC1B,yBAAyB;IACzB,+BAA+B;IAC/B,gCAAgC;IAChC,sBAAsB;IACtB,gCAAgC;IAChC,iBAAiB;IACjB,kBAAkB;IAClB,0BAA0B;IAC1B,uBAAuB;IACvB,cAAc;IACd,gCAAgC;IAChC,qCAAqC;IACrC,qBAAqB;IACrB,yBAAyB;IACzB,kBAAkB;IAClB,8BAA8B;IAC9B,4BAA4B;IAC5B,mBAAmB;IACnB,gBAAgB;IAChB,cAAc;IACd,mBAAmB;IACnB,cAAc;IACd,YAAY;CACb,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAG,YAAY,CAAC;IAClC,KAAK;CACN,CAAC,CAAC"}

package/dist/src/rules/secret-prop.d.ts

@@ -0,0 +1,4 @@
+export declare const secretProprule: import("@typespec/compiler").LinterRuleDefinition<"secret-prop", {
+    readonly default: import("@typespec/compiler").CallableMessage<["propertyName"]>;
+}>;
+//# sourceMappingURL=secret-prop.d.ts.map

package/dist/src/rules/secret-prop.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-prop.d.ts","sourceRoot":"","sources":["../../../src/rules/secret-prop.ts"],"names":[],"mappings":"AAiBA,eAAO,MAAM,cAAc;;EAiCzB,CAAC"}

package/dist/src/rules/secret-prop.js

@@ -0,0 +1,57 @@
+import { UsageFlags, createRule, isSecret, paramMessage, resolveUsages, } from "@typespec/compiler";
+import { $ } from "@typespec/compiler/typekit";
+function isKeyValuePairKeyProp(property) {
+    return (property.name === "key" &&
+        property.model?.properties.has("value") === true &&
+        property.model?.properties.size === 2);
+}
+export const secretProprule = createRule({
+    name: "secret-prop",
+    description: `RPC-v1-13: Check that property with names indicating sensitive information(e.g. contains auth, password, token, secret, etc.) are marked with @secret decorator.`,
+    severity: "warning",
+    url: "https://azure.github.io/typespec-azure/docs/libraries/azure-resource-manager/rules/secret-prop",
+    messages: {
+        default: paramMessage `Property '${"propertyName"}' looks like it contains sensitive information. Consider marking it with @secret decorator to ensure it is handled securely.`,
+    },
+    create(context) {
+        const usages = resolveUsages(context.program.getGlobalNamespaceType());
+        return {
+            modelProperty: (property) => {
+                if (!property.model || !usages.isUsedAs(property.model, UsageFlags.Output)) {
+                    return;
+                }
+                const tk = $(context.program);
+                if (isPotentialSensitiveProperty(property.name) &&
+                    !isSecret(context.program, property) &&
+                    !isSecret(context.program, property.type) &&
+                    property.type === tk.builtin.string &&
+                    !isKeyValuePairKeyProp(property)) {
+                    context.reportDiagnostic({
+                        target: property,
+                        format: {
+                            propertyName: property.name,
+                        },
+                    });
+                }
+            },
+        };
+    },
+});
+const sensitiveKeywords = [
+    "access",
+    "credential",
+    "secret",
+    "password",
+    "key",
+    "token",
+    "auth",
+    "connection",
+].map((keyword) => keyword.toUpperCase());
+/** Set of keyword that shouldn't be flagged */
+const excludeKeywords = ["publicKey"].map((keyword) => keyword.toUpperCase());
+function isPotentialSensitiveProperty(propertyName) {
+    const upperName = propertyName.toUpperCase();
+    return (sensitiveKeywords.some((keyword) => upperName.endsWith(keyword)) &&
+        !excludeKeywords.some((keyword) => upperName.endsWith(keyword)));
+}
+//# sourceMappingURL=secret-prop.js.map

package/dist/src/rules/secret-prop.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-prop.js","sourceRoot":"","sources":["../../../src/rules/secret-prop.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,UAAU,EACV,UAAU,EACV,QAAQ,EACR,YAAY,EACZ,aAAa,GACd,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,CAAC,EAAE,MAAM,4BAA4B,CAAC;AAE/C,SAAS,qBAAqB,CAAC,QAAuB;IACpD,OAAO,CACL,QAAQ,CAAC,IAAI,KAAK,KAAK;QACvB,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI;QAChD,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC,IAAI,KAAK,CAAC,CACtC,CAAC;AACJ,CAAC;AACD,MAAM,CAAC,MAAM,cAAc,GAAG,UAAU,CAAC;IACvC,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE,kKAAkK;IAC/K,QAAQ,EAAE,SAAS;IACnB,GAAG,EAAE,gGAAgG;IACrG,QAAQ,EAAE;QACR,OAAO,EAAE,YAAY,CAAA,aAAa,cAAc,8HAA8H;KAC/K;IACD,MAAM,CAAC,OAAO;QACZ,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC;QACvE,OAAO;YACL,aAAa,EAAE,CAAC,QAAuB,EAAE,EAAE;gBACzC,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3E,OAAO;gBACT,CAAC;gBACD,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC9B,IACE,4BAA4B,CAAC,QAAQ,CAAC,IAAI,CAAC;oBAC3C,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC;oBACpC,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC;oBACzC,QAAQ,CAAC,IAAI,KAAK,EAAE,CAAC,OAAO,CAAC,MAAM;oBACnC,CAAC,qBAAqB,CAAC,QAAQ,CAAC,EAChC,CAAC;oBACD,OAAO,CAAC,gBAAgB,CAAC;wBACvB,MAAM,EAAE,QAAQ;wBAChB,MAAM,EAAE;4BACN,YAAY,EAAE,QAAQ,CAAC,IAAI;yBAC5B;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG;IACxB,QAAQ;IACR,YAAY;IACZ,QAAQ;IACR,UAAU;IACV,KAAK;IACL,OAAO;IACP,MAAM;IACN,YAAY;CACb,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;AAE1C,+CAA+C;AAC/C,MAAM,eAAe,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;AAC9E,SAAS,4BAA4B,CAAC,YAAoB;IACxD,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,EAAE,CAAC;IAC7C,OAAO,CACL,iBAAiB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAChE,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@azure-tools/typespec-azure-resource-manager",
-  "version": "0.62.0-dev.3",
+  "version": "0.62.0-dev.4",
   "author": "Microsoft Corporation",
   "description": "TypeSpec Azure Resource Manager library",
   "homepage": "https://azure.github.io/typespec-azure",