GitHubSecurityLab · GeekMasher · Sep 5, 2025 · Sep 5, 2025 · Sep 5, 2025 · Sep 5, 2025
diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -0,0 +1,135 @@
+name: Bug Report
+description: Report an issue with the CodeQL Bicep extractor or queries
+title: "[Bug]: "
+labels: ["bug", "triage", "needs-investigation"]
+assignees:
+  - GeekMasher 
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+        Complete and detailed bug reports help us identify issues faster and improve the CodeQL Bicep extractor and queries. Please provide as much relevant information as possible.
+  - type: dropdown
+    id: bug-type
+    attributes:
+      label: Bug Type
+      description: What component of the Bicep CodeQL system is affected?
+      options:
+        - Extractor (code parsing/analysis)
+        - Query (false positive/negative)
+        - Database generation
+        - Performance issue
+        - Documentation
+        - Other
+      default: 0
+    validations:
+      required: true
+
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: Bug Description
+      description: Please provide a clear description of the bug, including what you expected to happen and what actually happened
+      placeholder: Describe the issue in detail...
+      value: "When running the PHP extractor on my codebase, I encountered the following issue:"
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: CodeQL Version
+      description: What version of CodeQL are you running?
+      placeholder: e.g., 2.15.4, 3.0.0, etc.
+    validations:
+      required: true
+
+  - type: input
+    id: bicep-version
+    attributes:
+      label: Bicep Version
+      description: What version of Bicep is in your codebase?
+      placeholder: e.g., 0.18.4, 0.20.0, etc.
+    validations:
+      required: false
+  - type: dropdown
+    id: environment
+    attributes:
+      label: Execution Environment
+      description: Where are you running the CodeQL PHP extractor?
+      multiple: true
+      options:
+        - GitHub Actions
+        - CodeQL CLI
+        - VS Code CodeQL extension
+        - GitHub Code Scanning
+        - Custom CI pipeline
+        - Other
+  - type: textarea
+    id: reproduction-steps
+    attributes:
+      label: Steps to Reproduce
+      description: Please provide detailed steps to reproduce the issue
+      placeholder: |
+        1. Run command '...'
+        2. Open file '...'
+        3. See error '...'
+      value: "1. \n2. \n3. "
+    validations:
+      required: true
+
+  - type: textarea
+    id: code-sample
+    attributes:
+      label: Minimal Code Sample
+      description: If applicable, provide a minimal code sample that demonstrates the issue (with sensitive data removed)
+      placeholder: |
+        // Example Bicep code that triggers the issue
+        resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
+          name: 'mystorage'
+          location: 'eastus'
+          // ...
+        }
+      render: bicep
+    validations:
+      required: false
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Log Output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      placeholder: Copy error messages, stack traces, or other relevant logs here
+      render: shell
+
+  - type: dropdown
+    id: operating-system
+    attributes:
+      label: Operating System
+      description: Which operating system are you using?
+      options:
+        - Windows
+        - macOS
+        - Linux
+        - Other
+    validations:
+      required: false
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here
+      placeholder: Any other information that might be helpful, such as framework/library versions, related issues, etc.
+    validations:
+      required: false
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/advanced-security/policy-as-code/blob/main/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
diff --git a/.github/ISSUE_TEMPLATE/framework.yml b/.github/ISSUE_TEMPLATE/framework.yml
@@ -0,0 +1,74 @@
+name: Request Framework Support
+description: Request support for a new Bicep framework in CodeQL
+title: "[Framework]: "
+labels: ["feature", "enhancement", "framework"]
+assignees:
+  - GeekMasher
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this framework support request! Adding support for Bicep frameworks helps improve the quality and coverage of CodeQL analysis.
+  - type: dropdown
+    id: framework-type
+    attributes:
+      label: Framework Type
+      description: What type of Bicep framework are you requesting support for?
+      options:
+        - Azure Service Framework (e.g., AKS, App Service)
+        - Infrastructure Pattern (e.g., Hub-Spoke, Landing Zone)
+        - Module Collection (e.g., Azure Verified Modules)
+        - Template Library (e.g., Bicep Registry)
+        - Other
+      default: 0
+    validations:
+      required: true
+
+  - type: textarea
+    id: framework-info
+    attributes:
+      label: Framework Information
+      description: Please provide details about the framework you want supported
+      placeholder: Framework name, version, GitHub repository link, etc.
+      value: "Framework: \nVersion: \nWebsite/Repo: "
+    validations:
+      required: true
+
+  - type: textarea
+    id: security-features
+    attributes:
+      label: Security Features
+      description: Please describe any security features or patterns specific to this framework that would benefit from CodeQL analysis
+      placeholder: Security mechanisms, authentication systems, CSRF protection, etc.
+      value: "Security features in this framework include:"
+    validations:
+      required: false
+
+  - type: textarea
+    id: example-code
+    attributes:
+      label: Example Code
+      description: Please provide example code snippets that show how the framework is typically used
+      placeholder: Framework-specific code examples (resources, modules, parameters, etc.)
+      value: "```bicep\n// Example framework usage\n```"
+    validations:
+      required: false
+
+  - type: textarea
+    id: vulnerable-patterns
+    attributes:
+      label: Known Vulnerable Patterns
+      description: If you're aware of any security vulnerabilities or problematic patterns specific to this framework, please describe them
+      placeholder: Common misconfigurations, known CVEs, typical security issues...
+      value: "Common vulnerability patterns include:"
+    validations:
+      required: false
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/advanced-security/policy-as-code/blob/main/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
diff --git a/.github/ISSUE_TEMPLATE/library.yml b/.github/ISSUE_TEMPLATE/library.yml
@@ -0,0 +1,88 @@
+name: Request CodeQL Library Feature
+description: Request a new feature or enhancement for the Bicep CodeQL library
+title: "[Library]: "
+labels: ["feature", "enhancement", "library"]
+assignees:
+  - GeekMasher
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this CodeQL library feature request! Enhancing the Bicep CodeQL library helps improve the quality and coverage of static analysis.
+  - type: dropdown
+    id: library-component
+    attributes:
+      label: Library Component(s)
+      description: Which CodeQL library component(s) does this feature request relate to? (Select all that apply)
+      options:
+        - AST (Abstract Syntax Tree)
+        - CFG (Control Flow Graph)
+        - Dataflow / TaintTracking
+        - ApiGraph
+        - TypeTracking
+        - Framework Support
+        - Security Analysis
+        - Other
+      multiple: true
+      default: 0
+    validations:
+      required: true
+
+  - type: textarea
+    id: feature-description
+    attributes:
+      label: Feature Description
+      description: Please provide a detailed description of the feature or enhancement you're requesting
+      placeholder: Explain what functionality you need and why it's important
+      value: "Feature: \nUse case: \nImportance: "
+    validations:
+      required: true
+
+  - type: textarea
+    id: technical-details
+    attributes:
+      label: Technical Details
+      description: Please provide any relevant technical details about the feature request
+      placeholder: Implementation ideas, related CodeQL concepts, links to documentation, etc.
+      value: "Technical implementation details:"
+    validations:
+      required: false
+
+  - type: textarea
+    id: example-code
+    attributes:
+      label: Example Code
+      description: Please provide Bicep code examples that demonstrate the functionality you're requesting
+      placeholder: Bicep code that illustrates the patterns you want to analyze
+      value: "```bicep\n// Example Bicep code that should be analyzed\n```"
+    validations:
+      required: false
+
+  - type: textarea
+    id: example-query
+    attributes:
+      label: Example Query
+      description: If applicable, please provide an example CodeQL query that would use this feature
+      placeholder: A sketch of a CodeQL query that would benefit from this feature
+      value: "```ql\n// Example CodeQL query using the requested feature\n```"
+    validations:
+      required: false
+
+  - type: textarea
+    id: benefits
+    attributes:
+      label: Expected Benefits
+      description: Please describe how this feature would improve the PHP CodeQL library
+      placeholder: Improved analysis accuracy, new detection capabilities, performance benefits...
+      value: "This feature would benefit CodeQL analysis by:"
+    validations:
+      required: false
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/advanced-security/policy-as-code/blob/main/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
diff --git a/.github/ISSUE_TEMPLATE/query.yml b/.github/ISSUE_TEMPLATE/query.yml
@@ -0,0 +1,82 @@
+name: Request new CodeQL Query
+description: Request a new Bicep analysis query for the CodeQL library
+title: "[Query]: "
+labels: ["feature", "enhancement", "query"]
+assignees:
+  - GeekMasher
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this query request! 
+
+        CodeQL queries help identify security vulnerabilities, bugs, and quality issues in Bicep code. Providing detailed information will help us create effective queries that address real-world needs.
+  - type: dropdown
+    id: query-type
+    attributes:
+      label: Query Type
+      description: What type of query are you requesting?
+      options:
+        - Security
+        - Performance Optimization
+        - Code Quality
+        - Maintainability
+        - Bug Detection
+        - Framework-specific Issues
+        - Other
+      default: 0
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Query Description
+      description: Please provide a clear description of the query you want to create
+      placeholder: Describe the issue this query should detect...
+      value: "This query should identify the following issue(s):"
+    validations:
+      required: true
+
+  - type: dropdown
+    id: query-severity
+    attributes:
+      label: Expected Severity
+      description: What is the expected severity level of issues found by this query?
+      options:
+        - Critical
+        - High
+        - Medium
+        - Low
+        - Informational
+      default: 2
+    validations:
+      required: true
+
+  - type: textarea
+    id: examples
+    attributes:
+      label: Code Example
+      description: Provide an example
+      placeholder: Example of vulnerabilities or issues this query should detect
+      value: "```bicep\n// Code example\n```"
+    validations:
+      required: false
+
+  - type: input
+    id: references
+    attributes:
+      label: References
+      description: Links to CVEs, research papers, articles, or other resources that describe this issue
+      placeholder: "e.g., https://cve.mitre.org/..."
+    validations:
+      required: false
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/advanced-security/policy-as-code/blob/main/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true