advanced-security
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/build.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎Cargo.lock‎
Lines changed: 26 additions & 34 deletions b/‎Cargo.lock‎
Lines changed: 26 additions & 34 deletions
diff --git a/‎codeql-extractor.yml‎
Lines changed: 10 additions & 6 deletions b/‎codeql-extractor.yml‎
Lines changed: 10 additions & 6 deletions
diff --git a/‎docs/languages-and-frameworks.md‎
Lines changed: 2 additions & 1 deletion b/‎docs/languages-and-frameworks.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎extractor/Cargo.toml‎
Lines changed: 1 addition & 0 deletions b/‎extractor/Cargo.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎extractor/src/autobuilder.rs‎
Lines changed: 1 addition & 0 deletions b/‎extractor/src/autobuilder.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎extractor/src/extractor.rs‎
Lines changed: 6 additions & 0 deletions b/‎extractor/src/extractor.rs‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎extractor/src/generator.rs‎
Lines changed: 4 additions & 0 deletions b/‎extractor/src/generator.rs‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎ql/lib/bicep.qll‎
Lines changed: 6 additions & 0 deletions b/‎ql/lib/bicep.qll‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎ql/lib/codeql/bicep/AST.qll‎
Lines changed: 4 additions & 0 deletions b/‎ql/lib/codeql/bicep/AST.qll‎
Lines changed: 4 additions & 0 deletions
@@ -37,6 +37,8 @@ jobs:
 
           ./scripts/create-extractor-pack.sh
 
+          gh codeql resolve languages --format=json --search-path ./extractor-pack
+
       - name: "Run Tests"
         if: steps.changes.outputs.src == 'true'
         run: |
 
@@ -1,29 +1,33 @@
 name: "iac"
 display_name: "IAC"
-version: 0.0.3
+version: 0.0.4
 column_kind: "utf8"
 legacy_qltest_extraction: true
 github_api_languages:
   - HCL
   - Docker
+  - Bicep
 scc_languages:
   - HCL
   - Docker
+  - Bicep
 
 # File types
 file_types:
   - name: hcl
     display_name: HCL
     extensions:
       - .tf
-      - .ftvars
+      - .tfvars
       - .hcl
-  - name: json
-    display_name: JSON
-    extensions:
-      - .json
+
   - name: dockerfile
     display_name: Dockerfile
     extensions:
       - .Dockerfile
       - .Containerfile
+
+  - name: bicep
+    display_name: Bicep
+    extensions:
+      - .bicep
@@ -10,6 +10,7 @@ The `codeql-extractor-iac` extractor supports the following languages:
 | JSON            | `.json`, `.jsonl`, `.jsonc`     |
 | YAML            | `.yaml`, `.yml`                 |
 | Container files | `*Dockerfile`, `*Containerfile` |
+| Bicep           | `.bicep`                        |
 
 All of these files will be extracted and stored inside the IaC CodeQL Database.
 
@@ -30,7 +31,7 @@ The following table lists the supported frameworks and technologies:
 | Docker / Container file(s) |      2      | extractor and library           |
 | GitHub Actions             |      2      | extractor and library           |
 | OpenAPI / Swagger          |      2      | extractor and library           |
-| Azure Bicep                |      0      | currently unsupported           |
+| Azure Bicep                |      2      | extractor and library           |
 
 _levels grades are based on completeness, higher the grade the better its supported._
 
 
@@ -12,6 +12,7 @@ flate2 = "1.0"
 tree-sitter = ">= 0.20, < 0.21"
 tree-sitter-hcl = { git = "https://github.com/GeekMasher/tree-sitter-hcl", rev = "5e045dd1ff7852511c249c4c5d919d9556751d98" }
 tree-sitter-dockerfile = { git = "https://github.com/GeekMasher/tree-sitter-dockerfile", rev = "c0a9d694d9bf8ab79a919f5f9c7bc9c169caf321" }
+tree-sitter-bicep = { git = "https://github.com/GeekMasher/tree-sitter-bicep", rev = "3604d8c961ab129d2bfc6dfca56419c236ccdb83" }
 clap = { version = "4.4", features = ["derive"] }
 tracing = "0.1"
 tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
 
@@ -19,6 +19,7 @@ pub fn run(_: Options) -> std::io::Result<()> {
             ".tf",
             ".ftvars",     // Terraform / HCL files
             ".Dockerfile", // Docker files
+            ".bicep",      // Bicep files
         ])
         .include_globs(&[
             "**/Dockerfile",
 
@@ -42,6 +42,12 @@ pub fn run(options: Options) -> std::io::Result<()> {
                 node_types: tree_sitter_dockerfile::NODE_TYPES,
                 file_globs: vec!["*Dockerfile".into(), "*Containerfile".into()],
             },
+            simple::LanguageSpec {
+                prefix: "bicep",
+                ts_language: tree_sitter_bicep::language(),
+                node_types: tree_sitter_bicep::NODE_TYPES,
+                file_globs: vec!["*.bicep".into()],
+            },
         ],
         trap_dir: options.output_dir,
         trap_compression: trap::Compression::from_env("CODEQL_IAC_TRAP_COMPRESSION"),
 
@@ -31,6 +31,10 @@ pub fn run(options: Options) -> std::io::Result<()> {
             name: "DOCKERFILE".to_owned(),
             node_types: tree_sitter_dockerfile::NODE_TYPES,
         },
+        Language {
+            name: "BICEP".to_owned(),
+            node_types: tree_sitter_bicep::NODE_TYPES,
+        },
     ];
 
     generate(languages, options.dbscheme, options.library)
 
@@ -0,0 +1,6 @@
+import codeql.Locations
+import codeql.files.FileSystem
+import codeql.bicep.AST
+// Resources
+import codeql.bicep.microsoft.Compute
+import codeql.bicep.microsoft.Storage
@@ -0,0 +1,4 @@
+import codeql.bicep.ast.AstNodes
+import codeql.bicep.ast.Expr
+import codeql.bicep.ast.Literal
+import codeql.bicep.ast.Resources