feat: Move to using an "Azure Resource"

ql/lib/codeql/bicep/frameworks/Microsoft/AKS.qll

@@ -6,7 +6,7 @@ module AKS {
    * Represents a Microsoft.ContainerService/managedClusters resource (AKS) in a Bicep file.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters
    */
-  class ManagedContainerResource extends Resource {
+  class ManagedContainerResource extends AzureResource {
     /**
      * Constructs a ManagedContainerResource for Microsoft.ContainerService/managedClusters resources.
      */
@@ -158,11 +158,6 @@ module AKS {
        */
       Expr getStorageProfile() { result = this.getProperty("storageProfile") }
 
-      /**
-       * Gets the SKU for the cluster.
-       */
-      Sku getSku() { result = this.getProperty("sku") }
-
       /**
        * Gets the tags for the cluster.
        */

ql/lib/codeql/bicep/frameworks/Microsoft/Cache.qll

@@ -2,7 +2,7 @@ private import bicep
 private import codeql.bicep.Concepts
 
 module Cache {
-  abstract class CacheResource extends Resource { }
+  abstract class CacheResource extends AzureResource { }
 
   /**
    * Represents an Azure Cache for Redis resource.
@@ -22,11 +22,6 @@ module Cache {
       result = this.getProperties().getProperty("redisConfiguration")
     }
 
-    /**
-     * Returns the SKU of the Redis cache.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
     /**
      * Returns the Redis version.
      */

ql/lib/codeql/bicep/frameworks/Microsoft/Compute.qll

@@ -8,7 +8,7 @@ module Compute {
    * Represents a generic Microsoft.Compute resource.
    * Matches any resource of type Microsoft.Compute/*.
    */
-  class ComputeResource extends Resource {
+  class ComputeResource extends AzureResource {
     /**
      * Constructs a ComputeResource for any Microsoft.Compute resource type.
      */

ql/lib/codeql/bicep/frameworks/Microsoft/Containers.qll

@@ -5,7 +5,7 @@ module Containers {
    * Represents a Microsoft.ContainerApp/containerApps resource (2025-02-02-preview).
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.app/containerapps
    */
-  class ContainerResource extends Resource {
+  class ContainerResource extends AzureResource {
     /**
      * Constructs a ContainerResource for Microsoft.App/containerApps resources.
      */
@@ -73,34 +73,20 @@ module Containers {
 
     Network::CorsPolicy getCorsPolicy() { result = this.getNetworkIngress().getCorsPolicy() }
 
-    /**
-     * Returns the SKU object for the container registry resource.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
-    Tags getTags() { result = this.getProperty("tags") }
-
     /**
      * Returns a string representation of the container app resource.
      */
     override string toString() { result = "ContainerResource" }
   }
 
-  class ContainerRegistry extends Resource {
+  class ContainerRegistry extends AzureResource {
     /**
      * Constructs a ContainerRegistry for Microsoft.ContainerRegistry/containerRegistries resources (2025-02-02-preview).
      */
     ContainerRegistry() {
       this.getResourceType().regexpMatch("^Microsoft.ContainerRegistry/registries@.*$")
     }
 
-    /**
-     * Returns the SKU object for the container registry resource.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
-    Tags getTags() { result = this.getProperty("tags") }
-
     override string toString() { result = "ContainerRegistry" }
   }
 

ql/lib/codeql/bicep/frameworks/Microsoft/Databases.qll

@@ -6,7 +6,7 @@ module Databases {
    * Base class for all database resources in Azure.
    * Provides common properties and methods for Azure database resources.
    */
-  abstract class DatabaseResource extends Resource {
+  abstract class DatabaseResource extends AzureResource {
     /**
      * Returns the type of the database resource (e.g., sql, postgresql, etc).
      */

ql/lib/codeql/bicep/frameworks/Microsoft/General.qll

@@ -1,11 +1,55 @@
+/**
+ * General resource property helpers for Azure resources in Bicep.
+ *
+ * Provides common property accessors for location, SKU, and tags.
+ *
+ * Classes:
+ * - AzureResource: Abstract base for Azure resources, provides access to location, SKU, and tags.
+ * - ResourceProperties: Abstract base for resource property objects.
+ * - Sku: Represents the SKU of a resource, with access to name and tier.
+ * - Tags: Represents the tags of a resource, with access to tag values by key.
+ */
 private import bicep
 
+/**
+ * Abstract base class for Azure resources in Bicep.
+ * Provides accessors for common resource properties such as location, SKU, and tags.
+ */
+abstract class AzureResource extends Resource {
+  /**
+   * Gets the location of the resource as a string value.
+   * @return The Azure region/location of the resource (e.g., "eastus").
+   */
+  string resourceLocation() { result = this.getProperty("location").(StringLiteral).getValue() }
+
+  /**
+   * Gets the SKU object for the resource.
+   * @return The SKU object representing the resource's SKU.
+   */
+  Sku getSku() { result = this.getProperty("sku") }
+
+  /**
+   * Gets the Tags object for the resource.
+   * @return The Tags object representing the resource's tags.
+   */
+  Tags getTags() { result = this.getProperty("tags") }
+}
+
+/**
+ * Abstract base class for resource property objects.
+ * Can be extended to provide additional property accessors for specific resource types.
+ */
 abstract class ResourceProperties extends Object {
-  string toString() {
-    result = super.toString()
-  }
+  /**
+   * Returns a string representation of the resource properties object.
+   */
+  string toString() { result = super.toString() }
 }
 
+/**
+ * Represents the SKU of an Azure resource.
+ * Provides access to the SKU name and tier.
+ */
 class Sku extends Object {
   private Resource resource;
 
@@ -14,19 +58,37 @@ class Sku extends Object {
    */
   Sku() { this = resource.getProperty("sku") }
 
+  /**
+   * Gets the SKU name as a StringLiteral.
+   * @return The SKU name property as a StringLiteral.
+   */
+  StringLiteral getName() { result = this.getProperty("name") }
+
   /**
    * Returns the SKU name (e.g., Basic, Standard, Premium).
+   * @return The SKU name as a string.
+   */
+  string name() { result = this.getName().getValue() }
+
+  /**
+   * Gets the SKU tier as a StringLiteral.
+   * @return The SKU tier property as a StringLiteral.
    */
-  string getName() { result = this.getProperty("name").(StringLiteral).getValue() }
+  StringLiteral getTier() { result = this.getProperty("tier") }
 
   /**
    * Returns the SKU tier (e.g., Basic, Standard, Premium).
+   * @return The SKU tier as a string.
    */
-  string getTier() { result = this.getProperty("tier").(StringLiteral).getValue() }
+  string tier() { result = this.getTier().getValue() }
 
   string toString() { result = "SKU" }
 }
 
+/**
+ * Represents the tags of an Azure resource.
+ * Provides access to tag values by key.
+ */
 class Tags extends Object {
   private Resource resource;
 
@@ -36,7 +98,9 @@ class Tags extends Object {
   Tags() { this = resource.getProperty("tags") }
 
   /**
-   * Returns the value of a tag by its key.
+   * Gets the value of a tag by its key.
+   * @param key The tag key to look up.
+   * @return The value of the tag as a Literals object, or undefined if not present.
    */
   Literals getTag(string key) { result = this.getProperty(key) }
 

ql/lib/codeql/bicep/frameworks/Microsoft/KeyVault.qll

@@ -6,7 +6,7 @@ module KeyVault {
    * Represents a Microsoft.KeyVault resource in a Bicep file.
    * Provides access to Key Vault properties, access policies, and network ACLs.
    */
-  class VaultResource extends Resource {
+  class VaultResource extends AzureResource {
     /**
      * Constructs a VaultResource for any Microsoft.KeyVault resource type.
      * Matches resources with type starting with "Microsoft.KeyVault/".

ql/lib/codeql/bicep/frameworks/Microsoft/Network.qll

@@ -5,7 +5,7 @@ module Network {
    * Represents a generic Microsoft.Network resource.
    * Matches any resource of type Microsoft.Network/*.
    */
-  class NetworkResource extends Resource {
+  class NetworkResource extends AzureResource {
     /**
      * Constructs a NetworkResource for any Microsoft.Network resource type.
      */
@@ -103,7 +103,7 @@ module Network {
   /**
    * Represents a Microsoft.Network/virtualNetworks/subnets resource.
    */
-  class VirtualNetworkSubnets extends Resource {
+  class VirtualNetworkSubnets extends AzureResource {
     /**
      * Constructs a VirtualNetworkSubnets resource.
      */

ql/lib/codeql/bicep/frameworks/Microsoft/Storage.qll

@@ -6,7 +6,7 @@ module Storage {
    * Provides access to storage account properties, kind, network ACLs, and SKU.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts
    */
-  class StorageAccounts extends Resource {
+  class StorageAccounts extends AzureResource {
     /**
      * Constructs a StorageAccounts resource.
      */
@@ -33,11 +33,6 @@ module Storage {
      */
     Network::NetworkAcl getNetworkAcls() { result = this.getProperties().getNetworkAcls() }
 
-    /**
-     * Gets the SKU for the storage account.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
     override string toString() { result = "StorageAccount[" + this.getName() + "]" }
   }
 
@@ -46,7 +41,7 @@ module Storage {
    * Provides access to disk properties, encryption, zones, and disk pools.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/disks
    */
-  class Disks extends Resource {
+  class Disks extends AzureResource {
     /**
      * Constructs a Disks resource.
      */
@@ -107,7 +102,7 @@ module Storage {
    * Provides access to disk pool properties, attached disks, and SKU.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.storagepool/diskpools
    */
-  class DiskPools extends Resource {
+  class DiskPools extends AzureResource {
     /**
      * Constructs a DiskPools resource.
      */
@@ -130,11 +125,6 @@ module Storage {
       )
     }
 
-    /**
-     * Gets the SKU for the disk pool.
-     */
-    Sku getSku() { result = this.getProperty("sku") }
-
     override string toString() { result = "DiskPools" }
   }
 
@@ -143,7 +133,7 @@ module Storage {
    * Provides access to container properties and public access settings.
    * See: https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts/blobservices/containers
    */
-  class BlobServiceContainers extends Resource {
+  class BlobServiceContainers extends AzureResource {
     /**
      * Constructs a BlobServiceContainers resource.
      */