fix: Update to point to the resource

GeekMasher · GeekMasher · commit 34ce9fb9ea40 · 2024-09-25T17:27:10.000+01:00
diff --git a/ql/lib/codeql/hcl/security/PublicStorage.qll b/ql/lib/codeql/hcl/security/PublicStorage.qll
@@ -14,7 +14,7 @@ class AzurePublicStorage extends PublicStorage {
       storage_container.getContainerAccessType() = "blob" and
       storage_container.getProperty("publicAccess").(StringLiteral).getValue() = "blob"
       and
-      this = storage_container.getProperty("publicAccess")
+      this = storage_container
     )
     or
     // Azure Storage Accounts
@@ -23,13 +23,18 @@ class AzurePublicStorage extends PublicStorage {
         // v2
         storage_acount.getAllowBlobPublicAccessValue() = true and
         this = storage_acount.getAllowBlobPublicAccess()
-        ) or
+      )
+      or
+      (
+        // v3
         (
-          // v3
+          storage_acount.getPublicNetworkAccessValue() = true
+          or
           storage_acount.getAllowNestedItemsToBePublicValue() = true
-          and
-          this = storage_acount.getAllowNestedItemsToBePublic()
         )
+        and
+        this = storage_acount
+      )
     )
   }
 
diff --git a/ql/test/queries-tests/Terraform/Azure/Storage/PublicAccess/PublicAccess.expected b/ql/test/queries-tests/Terraform/Azure/Storage/PublicAccess/PublicAccess.expected
@@ -1,2 +1,2 @@
-| storage.tf:13:22:13:27 | blob | Azure Storage is Public |
-| storage.tf:26:37:26:40 | true | Azure Storage is Public |
+| storage.tf:9:1:15:1 | resource azurerm_storage_container insecure-storage-container | Azure Storage is Public |
+| storage.tf:18:1:28:1 | resource azurerm_storage_account insecure-storage-account | Azure Storage is Public |
