Bug in VerifyNSG() function result initialisation

bengimblett · web-flow · commit b55122c2d853 · 2018-12-21T10:56:24.000Z
VerifyNSG() has a simple bug - on entering the function the result success flag is incorrectly initialised to $true (optimistic) - when it should be initialised to $false (pessimistic) ... The function can ONLY be successful on one path; IF an NSG is found WITH valid rules. As it was, if NO NSG is found the function will STILL return success and therefore the following script / code used for mitigation will not be executed.
diff --git a/samples/manage/azure-sql-db-managed-instance/prepare-subnet/prepareSubnet.ps1 b/samples/manage/azure-sql-db-managed-instance/prepare-subnet/prepareSubnet.ps1
@@ -485,7 +485,7 @@ function VerifyNSG {
         $result = @{ 
             nsgSecurityRules = New-Object "$NScollections.List``1[$NSnetworkModels.PSSecurityRule]"
             failedSecurityRules = New-Object "$NScollections.List``1[$NSnetworkModels.PSSecurityRule]"
-            success = $true 
+            success = $false 
         }
         Write-Host("Verifying Network security group for subnet '{0}'."-f $subnet.Name)
         $nsg = LoadNetworkSecurityGroup $subnet

Original file line number	Diff line number	Diff line change
`@@ -485,7 +485,7 @@ function VerifyNSG {`
`485`	`485`	`$result = @{`
`486`	`486`	nsgSecurityRules = New-Object "$NScollections.List``1[$NSnetworkModels.PSSecurityRule]"
`487`	`487`	failedSecurityRules = New-Object "$NScollections.List``1[$NSnetworkModels.PSSecurityRule]"
`488`		`- success = $true`
	`488`	`+ success = $false`
`489`	`489`	`}`
`490`	`490`	`Write-Host("Verifying Network security group for subnet '{0}'."-f $subnet.Name)`
`491`	`491`	`$nsg = LoadNetworkSecurityGroup $subnet`