From 3c104692d4a014760c5c46de349b5637e824dc1e Mon Sep 17 00:00:00 2001
From: GeekMasher <geekmasher@gmail.com>
Date: Mon, 16 Jun 2025 13:14:47 +0100
Subject: [PATCH 1/2] fix: Simplify Boolean.getBool() method logic

---
 ql/lib/codeql/bicep/ast/Literals.qll | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ql/lib/codeql/bicep/ast/Literals.qll b/ql/lib/codeql/bicep/ast/Literals.qll
index 5b3e24d..75e9371 100644
--- a/ql/lib/codeql/bicep/ast/Literals.qll
+++ b/ql/lib/codeql/bicep/ast/Literals.qll
@@ -34,8 +34,7 @@ class Array extends Literals instanceof ArrayImpl {
  */
 class Boolean extends Literals instanceof BooleanImpl {
   boolean getBool() {
-    exists(string bl |
-      bl = BooleanImpl.super.getValue().toLowerCase() and
+    exists(string bl | bl = BooleanImpl.super.getValue().toLowerCase() |
       bl = "true" and
       result = true
       or

From 1c851bb84cfb0f179dce5c0087dd7c755658f5c8 Mon Sep 17 00:00:00 2001
From: GeekMasher <geekmasher@gmail.com>
Date: Mon, 16 Jun 2025 13:17:55 +0100
Subject: [PATCH 2/2] fix: Remove duplicate expected output for AKS cluster API
 server and TLS disabled tests

---
 ql/test/queries-tests/security/AKS/AKSPublicApi.expected         | 1 -
 .../security/CWE-327/TlsDisabled/TlsDisabled.expected            | 1 -
 2 files changed, 2 deletions(-)

diff --git a/ql/test/queries-tests/security/AKS/AKSPublicApi.expected b/ql/test/queries-tests/security/AKS/AKSPublicApi.expected
index ccd9011..0f68a1b 100644
--- a/ql/test/queries-tests/security/AKS/AKSPublicApi.expected
+++ b/ql/test/queries-tests/security/AKS/AKSPublicApi.expected
@@ -1,2 +1 @@
 | aks-security-examples.bicep:2:1:30:1 | ManagedContainerResource | AKS cluster API server is publicly accessible (private cluster not enabled). |
-| aks-security-examples.bicep:32:1:62:1 | ManagedContainerResource | AKS cluster API server is publicly accessible (private cluster not enabled). |
diff --git a/ql/test/queries-tests/security/CWE-327/TlsDisabled/TlsDisabled.expected b/ql/test/queries-tests/security/CWE-327/TlsDisabled/TlsDisabled.expected
index eb6a6b7..0ad405b 100644
--- a/ql/test/queries-tests/security/CWE-327/TlsDisabled/TlsDisabled.expected
+++ b/ql/test/queries-tests/security/CWE-327/TlsDisabled/TlsDisabled.expected
@@ -1,2 +1 @@
-| app.bicep:12:1:19:1 | RedisCacheResource | TLS is disabled for this resource |
 | app.bicep:22:1:29:1 | RedisCacheResource | TLS is disabled for this resource |