diff --git a/src/Analyzer.Core.UnitTests/TemplateAnalyzerTests.cs b/src/Analyzer.Core.UnitTests/TemplateAnalyzerTests.cs
index 0eb7636f..e73f5cf3 100644
--- a/src/Analyzer.Core.UnitTests/TemplateAnalyzerTests.cs
+++ b/src/Analyzer.Core.UnitTests/TemplateAnalyzerTests.cs
@@ -226,6 +226,20 @@ public void FilterRules_ValidConfiguration_NoExceptionThrown()
TemplateAnalyzer.Create(false).FilterRules(new ConfigurationDefinition());
}
+ [TestMethod]
+ public void Analyze_NoPowershellRules_NoExceptionThrown()
+ {
+ string[] resourceProperties = {
+ GenerateResource(
+ @"{ ""azureActiveDirectory"": { ""tenantId"": ""tenantIdValue"" } }",
+ "Microsoft.ServiceFabric/clusters", "resource1")
+ };
+
+ string template = GenerateTemplate(resourceProperties);
+
+ TemplateAnalyzer.Create(false, includePowerShellRules: false).AnalyzeTemplate(template, "aFilePath");
+ }
+
[TestMethod]
public void CustomRulesFileIsProvided_NoExceptionThrown()
{
diff --git a/src/Analyzer.Core/TemplateAnalyzer.cs b/src/Analyzer.Core/TemplateAnalyzer.cs
index 88ce1876..3572bdb7 100644
--- a/src/Analyzer.Core/TemplateAnalyzer.cs
+++ b/src/Analyzer.Core/TemplateAnalyzer.cs
@@ -52,8 +52,9 @@ private TemplateAnalyzer(JsonRuleEngine jsonRuleEngine, PowerShellRuleEngine pow
/// Whether or not to run also non-security rules against the template.
/// A logger to report errors and debug information
/// An optional custom rules json file path.
+ /// Whether or not to run also powershell rules against the template.
/// A new instance.
- public static TemplateAnalyzer Create(bool includeNonSecurityRules, ILogger logger = null, FileInfo customJsonRulesPath = null)
+ public static TemplateAnalyzer Create(bool includeNonSecurityRules, ILogger logger = null, FileInfo customJsonRulesPath = null, bool includePowerShellRules = true)
{
string rules;
try
@@ -72,7 +73,7 @@ public static TemplateAnalyzer Create(bool includeNonSecurityRules, ILogger logg
? new BicepSourceLocationResolver(templateContext)
: new JsonSourceLocationResolver(templateContext),
logger),
- new PowerShellRuleEngine(includeNonSecurityRules, logger),
+ includePowerShellRules ? new PowerShellRuleEngine(includeNonSecurityRules, logger) : null,
logger);
}
@@ -158,7 +159,9 @@ private IEnumerable AnalyzeAllIncludedTemplates(string populatedTem
try
{
IEnumerable evaluations = this.jsonRuleEngine.AnalyzeTemplate(templateContext);
- evaluations = evaluations.Concat(this.powerShellRuleEngine.AnalyzeTemplate(templateContext));
+
+ if(this.powerShellRuleEngine is not null)
+ evaluations = evaluations.Concat(this.powerShellRuleEngine.AnalyzeTemplate(templateContext));
// Recursively handle nested templates
var jsonTemplate = JObject.Parse(populatedTemplate);
@@ -187,7 +190,7 @@ private IEnumerable AnalyzeAllIncludedTemplates(string populatedTem
// Variables, parameters and functions inherited from parent template
string functionsKey = populatedNestedTemplate.InsensitiveToken("functions")?.Parent.Path ?? "functions";
string variablesKey = populatedNestedTemplate.InsensitiveToken("variables")?.Parent.Path ?? "variables";
- string parametersKey = populatedNestedTemplate.InsensitiveToken("parameters")?.Parent.Path ?? "parameters" ;
+ string parametersKey = populatedNestedTemplate.InsensitiveToken("parameters")?.Parent.Path ?? "parameters";
populatedNestedTemplate[functionsKey] = jsonTemplate.InsensitiveToken("functions");
populatedNestedTemplate[variablesKey] = jsonTemplate.InsensitiveToken("variables");