Get-AzSKARMTemplateSecurityStatus evaluates template with "Microsoft.Web/serverfarms" with rules for "Microsoft.Web/sites"

[Falconwmua]

Title

Get-AzSKARMTemplateSecurityStatus evaluates template with "Microsoft.Web/serverfarms" with rules for "Microsoft.Web/sites"

Description

When running Get-AzSKARMTemplateSecurityStatus against a directory with multiple templates a template only containing a resource of "Microsoft.Web/serverfarms" is evaluated with rules for "Microsoft.Web/sites"

Steps to reproduce

Create 3 templates in a directory. The AzSK ARM Template AppService.json can be used as the starter for these three templates.

• azuredeploy.json: This is the master template calling the deployment for the 2 child templates with a dependency for "appservicesite" on "appserviceplan"
  -appserviceplan.json: Only include the resource of "Microsoft.Web/serverfarms"
  -appservicesite.json: Only include the resource of "Microsoft.Web/sites"

Get-AzSKARMTemplateSecurityStatus -ARMTemplatePath <path to directory above>

Expected behavior

Results show tests for "Microsoft.Web/sites" against appservicesite.json and for "Microsoft.Web/serverfarms" against appserviceplan.json.
azuredeploy.json is skipped, with current rule set.

Actual behavior

Test show fail against appserviceplan.json for controls, that don't apply to that resource.
Current failing controls.
-Azure_AppService_Config_Disable_Remote_Debugging
-Azure_AppService_Config_Disable_Web_Sockets
-Azure_AppService_DP_Dont_Allow_HTTP_Access
-Azure_AppService_DP_Use_Secure_TLS_Version
-Azure_AppService_AuthN_Use_AAD_for_Client_AuthN

[ivcarreras]

I have hit this same issue. In my template example I only have serverfarm resource being deployed and it triggers all those controls plus these:

• Azure_AppService_Deploy_Use_Latest_Version
• Azure_AppService_BCDR_Use_AlwaysOn
• Azure_AppService_Audit_Enable_Logging_and_Monitoring
• Azure_AppService_AuthN_Use_Managed_Service_Identity