Merge pull request #382 from borisf94/borisf/skip_powershell_rules

JohnathonMohr · web-flow · commit 149886960ef5 · 2025-01-16T16:13:19.000-08:00
Allow to skip the powershell rules
diff --git a/src/Analyzer.Core.UnitTests/TemplateAnalyzerTests.cs b/src/Analyzer.Core.UnitTests/TemplateAnalyzerTests.cs
@@ -226,6 +226,22 @@ public void FilterRules_ValidConfiguration_NoExceptionThrown()
             TemplateAnalyzer.Create(false).FilterRules(new ConfigurationDefinition());
         }
 
+        [TestMethod]
+        public void AnalyzeTemplate_NoPowershellRulesRunning_ReturnsLessEvaluations()
+        {
+            string[] resourceProperties = {
+                GenerateResource(
+                    @"{ ""azureActiveDirectory"": { ""tenantId"": ""tenantIdValue"" } }",
+                    "Microsoft.ServiceFabric/clusters", "resource1")
+            };
+            string template = GenerateTemplate(resourceProperties);
+
+            var noPowershellEvaluations = TemplateAnalyzer.Create(includeNonSecurityRules: true, includePowerShellRules: false).AnalyzeTemplate(template, "aFilePath");
+            var allRules = templateAnalyzerAllRules.AnalyzeTemplate(template, "aFilePath");
+
+            Assert.IsTrue(noPowershellEvaluations.Count() < allRules.Count());
+        }
+
         [TestMethod]
         public void CustomRulesFileIsProvided_NoExceptionThrown()
         {
diff --git a/src/Analyzer.Core/TemplateAnalyzer.cs b/src/Analyzer.Core/TemplateAnalyzer.cs
@@ -1,4 +1,4 @@
-﻿// Copyright (c) Microsoft Corporation.
+// Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
 using System;
@@ -52,8 +52,9 @@ private TemplateAnalyzer(JsonRuleEngine jsonRuleEngine, PowerShellRuleEngine pow
         /// <param name="includeNonSecurityRules">Whether or not to run also non-security rules against the template.</param>
         /// <param name="logger">A logger to report errors and debug information</param>
         /// <param name="customJsonRulesPath">An optional custom rules json file path.</param>
+        /// <param name="includePowerShellRules">Whether or not to run also powershell rules against the template.</param>
         /// <returns>A new <see cref="TemplateAnalyzer"/> instance.</returns>
-        public static TemplateAnalyzer Create(bool includeNonSecurityRules, ILogger logger = null, FileInfo customJsonRulesPath = null)
+        public static TemplateAnalyzer Create(bool includeNonSecurityRules, ILogger logger = null, FileInfo customJsonRulesPath = null, bool includePowerShellRules = true)
         {
             string rules;
             try
@@ -72,7 +73,7 @@ public static TemplateAnalyzer Create(bool includeNonSecurityRules, ILogger logg
                         ? new BicepSourceLocationResolver(templateContext)
                         : new JsonSourceLocationResolver(templateContext),
                     logger),
-                new PowerShellRuleEngine(includeNonSecurityRules, logger),
+                includePowerShellRules ? new PowerShellRuleEngine(includeNonSecurityRules, logger) : null,
                 logger);
         }
 
@@ -158,7 +159,11 @@ private IEnumerable<IEvaluation> AnalyzeAllIncludedTemplates(string populatedTem
             try
             {
                 IEnumerable<IEvaluation> evaluations = this.jsonRuleEngine.AnalyzeTemplate(templateContext);
-                evaluations = evaluations.Concat(this.powerShellRuleEngine.AnalyzeTemplate(templateContext));
+
+                if (this.powerShellRuleEngine is not null)
+                {
+                    evaluations = evaluations.Concat(this.powerShellRuleEngine.AnalyzeTemplate(templateContext));
+                }
 
                 // Recursively handle nested templates 
                 var jsonTemplate = JObject.Parse(populatedTemplate);
@@ -187,7 +192,7 @@ private IEnumerable<IEvaluation> AnalyzeAllIncludedTemplates(string populatedTem
                             // Variables, parameters and functions inherited from parent template
                             string functionsKey = populatedNestedTemplate.InsensitiveToken("functions")?.Parent.Path ?? "functions";
                             string variablesKey = populatedNestedTemplate.InsensitiveToken("variables")?.Parent.Path ?? "variables";
-                            string parametersKey = populatedNestedTemplate.InsensitiveToken("parameters")?.Parent.Path ?? "parameters" ;
+                            string parametersKey = populatedNestedTemplate.InsensitiveToken("parameters")?.Parent.Path ?? "parameters";
 
                             populatedNestedTemplate[functionsKey] = jsonTemplate.InsensitiveToken("functions");
                             populatedNestedTemplate[variablesKey] = jsonTemplate.InsensitiveToken("variables");
