feat: Move to using an "Azure Resource"

Author: GeekMasher

ql/lib/codeql/bicep/frameworks/Microsoft/AKS.qll

@@ -6,7 +6,7 @@ module AKS {
    * Represents a Microsoft.ContainerService/managedClusters resource (AKS) in a Bicep file.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters
    */
-  class ManagedContainerResource extends Resource {
+  class ManagedContainerResource extends AzureResource {
     /**
      * Constructs a ManagedContainerResource for Microsoft.ContainerService/managedClusters resources.
      */
@@ -158,11 +158,6 @@ module AKS {
        */
       Expr getStorageProfile() { result = this.getProperty("storageProfile") }
 
-      /**
-       * Gets the SKU for the cluster.
-       */
-      Sku getSku() { result = this.getProperty("sku") }
-
       /**
        * Gets the tags for the cluster.
        */

ql/lib/codeql/bicep/frameworks/Microsoft/Cache.qll

@@ -2,7 +2,7 @@ private import bicep
 private import codeql.bicep.Concepts
 
 module Cache {
-  abstract class CacheResource extends Resource { }
+  abstract class CacheResource extends AzureResource { }
 
   /**
    * Represents an Azure Cache for Redis resource.
@@ -22,11 +22,6 @@ module Cache {
       result = this.getProperties().getProperty("redisConfiguration")
     }
 
-    /**
-     * Returns the SKU of the Redis cache.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
     /**
      * Returns the Redis version.
      */

ql/lib/codeql/bicep/frameworks/Microsoft/Compute.qll

@@ -8,7 +8,7 @@ module Compute {
    * Represents a generic Microsoft.Compute resource.
    * Matches any resource of type Microsoft.Compute/*.
    */
-  class ComputeResource extends Resource {
+  class ComputeResource extends AzureResource {
     /**
      * Constructs a ComputeResource for any Microsoft.Compute resource type.
      */

ql/lib/codeql/bicep/frameworks/Microsoft/Containers.qll

@@ -5,7 +5,7 @@ module Containers {
    * Represents a Microsoft.ContainerApp/containerApps resource (2025-02-02-preview).
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.app/containerapps
    */
-  class ContainerResource extends Resource {
+  class ContainerResource extends AzureResource {
     /**
      * Constructs a ContainerResource for Microsoft.App/containerApps resources.
      */
@@ -73,34 +73,20 @@ module Containers {
 
     Network::CorsPolicy getCorsPolicy() { result = this.getNetworkIngress().getCorsPolicy() }
 
-    /**
-     * Returns the SKU object for the container registry resource.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
-    Tags getTags() { result = this.getProperty("tags") }
-
     /**
      * Returns a string representation of the container app resource.
      */
     override string toString() { result = "ContainerResource" }
   }
 
-  class ContainerRegistry extends Resource {
+  class ContainerRegistry extends AzureResource {
     /**
      * Constructs a ContainerRegistry for Microsoft.ContainerRegistry/containerRegistries resources (2025-02-02-preview).
      */
     ContainerRegistry() {
       this.getResourceType().regexpMatch("^Microsoft.ContainerRegistry/registries@.*$")
     }
 
-    /**
-     * Returns the SKU object for the container registry resource.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
-    Tags getTags() { result = this.getProperty("tags") }
-
     override string toString() { result = "ContainerRegistry" }
   }
 

ql/lib/codeql/bicep/frameworks/Microsoft/Databases.qll

@@ -6,7 +6,7 @@ module Databases {
    * Base class for all database resources in Azure.
    * Provides common properties and methods for Azure database resources.
    */
-  abstract class DatabaseResource extends Resource {
+  abstract class DatabaseResource extends AzureResource {
     /**
      * Returns the type of the database resource (e.g., sql, postgresql, etc).
      */

ql/lib/codeql/bicep/frameworks/Microsoft/General.qll

@@ -1,5 +1,15 @@
 private import bicep
 
+abstract class AzureResource extends Resource {
+  string resourceLocation() {
+    result = this.getProperty("location").(StringLiteral).getValue()
+  }
+
+  Sku getSku() { result = this.getProperty("sku") }
+
+  Tags getTags() { result = this.getProperty("tags") }
+}
+
 abstract class ResourceProperties extends Object {
   string toString() {
     result = super.toString()

ql/lib/codeql/bicep/frameworks/Microsoft/KeyVault.qll

@@ -6,7 +6,7 @@ module KeyVault {
    * Represents a Microsoft.KeyVault resource in a Bicep file.
    * Provides access to Key Vault properties, access policies, and network ACLs.
    */
-  class VaultResource extends Resource {
+  class VaultResource extends AzureResource {
     /**
      * Constructs a VaultResource for any Microsoft.KeyVault resource type.
      * Matches resources with type starting with "Microsoft.KeyVault/".

ql/lib/codeql/bicep/frameworks/Microsoft/Network.qll

@@ -5,7 +5,7 @@ module Network {
    * Represents a generic Microsoft.Network resource.
    * Matches any resource of type Microsoft.Network/*.
    */
-  class NetworkResource extends Resource {
+  class NetworkResource extends AzureResource {
     /**
      * Constructs a NetworkResource for any Microsoft.Network resource type.
      */
@@ -103,7 +103,7 @@ module Network {
   /**
    * Represents a Microsoft.Network/virtualNetworks/subnets resource.
    */
-  class VirtualNetworkSubnets extends Resource {
+  class VirtualNetworkSubnets extends AzureResource {
     /**
      * Constructs a VirtualNetworkSubnets resource.
      */

ql/lib/codeql/bicep/frameworks/Microsoft/Storage.qll

@@ -6,7 +6,7 @@ module Storage {
    * Provides access to storage account properties, kind, network ACLs, and SKU.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts
    */
-  class StorageAccounts extends Resource {
+  class StorageAccounts extends AzureResource {
     /**
      * Constructs a StorageAccounts resource.
      */
@@ -33,11 +33,6 @@ module Storage {
      */
     Network::NetworkAcl getNetworkAcls() { result = this.getProperties().getNetworkAcls() }
 
-    /**
-     * Gets the SKU for the storage account.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
     override string toString() { result = "StorageAccount[" + this.getName() + "]" }
   }
 
@@ -46,7 +41,7 @@ module Storage {
    * Provides access to disk properties, encryption, zones, and disk pools.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/disks
    */
-  class Disks extends Resource {
+  class Disks extends AzureResource {
     /**
      * Constructs a Disks resource.
      */
@@ -107,7 +102,7 @@ module Storage {
    * Provides access to disk pool properties, attached disks, and SKU.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.storagepool/diskpools
    */
-  class DiskPools extends Resource {
+  class DiskPools extends AzureResource {
     /**
      * Constructs a DiskPools resource.
      */
@@ -130,11 +125,6 @@ module Storage {
       )
     }
 
-    /**
-     * Gets the SKU for the disk pool.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
     override string toString() { result = "DiskPools" }
   }
 
@@ -143,7 +133,7 @@ module Storage {
    * Provides access to container properties and public access settings.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts/blobservices/containers
    */
-  class BlobServiceContainers extends Resource {
+  class BlobServiceContainers extends AzureResource {
     /**
      * Constructs a BlobServiceContainers resource.
      */