search

Azure / PSRule.Rules.Azure

Rules to validate Azure resources and infrastructure as code (IaC) using PSRule.
https://azure.github.io/PSRule.Rules.Azure/
MIT License
394 stars 86 forks source link

[BUG] Incorrect calculation of expressions with contains() #2531

Closed dmgonch closed 12 months ago

dmgonch commented 12 months ago

Existing rule

No response

Description of the issue

An expression that includes contains() seems to always returns true (at least in the repro below). See as well the correct result produced by az deployment group create --what-if ... command.

Error messages

The result of running repro steps below is incorrect - doesNotContain must be false

        "properties": {
            "doesNotContain": true,
            "doesContain": true,
            "indexOfSubstring": 1,
            "stringToCheck": "abcd",
            "stringToFind": "bc",

Reproduction

Create bug.bicep:

var stringToCheck = 'abcd'
var stringToFind = 'bc'
var doesNotContain = !(contains(stringToCheck, stringToFind))
var doesContain = contains(stringToCheck, stringToFind)
var indexOfSubstring = indexOf(stringToCheck, stringToFind)

#disable-next-line BCP081 no-deployments-resources
resource taskDeployment 'Microsoft.Resources/deployments@2020-10-01' = {
  name: 'name'
  properties: {
    mode: 'Incremental'
    template: {
      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
      contentVersion: '1.0.0.0'
      resources: [
        {
          apiVersion: '2019-12-01'
          type: 'Microsoft.ManagedIdentity/userAssignedIdentities'
          name: 'test'
          properties: {
            doesNotContain: doesNotContain
            doesContain: doesContain
            indexOfSubstring: indexOfSubstring
            stringToCheck: stringToCheck
            stringToFind: stringToFind
          }
        }
      ]
    }
  }
}

Running az deployment group create --what-if -x Ignore --subscription <SUB-ID> -g <RG-NAME> -f bug.bicep produces the correct result:

      properties.doesContain:      true
      properties.doesNotContain:   false
      properties.indexOfSubstring: 1
      properties.stringToCheck:    "abcd"
      properties.stringToFind:     "bc"

Version of PSRule

2.9.0

Version of PSRule for Azure

1.31.0

Additional context

$PSVersionTable 

Name                           Value
----                           -----
PSVersion                      7.3.4
PSEdition                      Core
GitCommitId                    7.3.4
OS                             Linux 5.10.102.1-microsoft-standard-WSL2 #1 SMP Wed Mar 2 00:30:59 UTC 2022
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0
BernieWhite commented 12 months ago

@dmgonch Thanks for reporting the issue.