Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(queries): fix defer redundant alias regal lint issue #7367

Open
wants to merge 97 commits into
base: master
Choose a base branch
from
Open

feat(queries): fix defer redundant alias regal lint issue #7367

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
97 commits
Select commit Hold shift + click to select a range
4477f67
add initial regal lint setup
ArturRibeiro-CX Feb 23, 2025
3cd6fc2
test regal linter
ArturRibeiro-CX Feb 23, 2025
bb6bc2f
revert rego changes
ArturRibeiro-CX Feb 23, 2025
b012c13
opa fmt lint fixes on all rego files
ArturRibeiro-CX Feb 23, 2025
336243f
ignore all linter rules besides opa-fmt
ArturRibeiro-CX Feb 23, 2025
70b2757
add new lint rules to ignore
ArturRibeiro-CX Feb 23, 2025
7223ef4
reorganize lint rules into the right rule
ArturRibeiro-CX Feb 23, 2025
24470f0
add more rules to the config file
ArturRibeiro-CX Feb 23, 2025
505e5c4
add more rules and fix opa-fmt problem
ArturRibeiro-CX Feb 23, 2025
3da838e
test to check lint rule-shadows-builtin issues
ArturRibeiro-CX Feb 24, 2025
4a7a327
fix rule shadows builtin lint issue in .rego queries
ArturRibeiro-CX Feb 24, 2025
2f8f66d
fix lint
ArturRibeiro-CX Feb 24, 2025
a1c5db6
update level on var-shadows-builtin to tackle lint issues
ArturRibeiro-CX Feb 24, 2025
853b31f
fix var-shadows-builtin lint issues
ArturRibeiro-CX Feb 24, 2025
5e4cbf8
fix var-shadows-builtin lint issues
ArturRibeiro-CX Feb 25, 2025
f6b7aa8
Merge branch 'master' into regal-var-shadows-builtin
ArturRibeiro-CX Feb 25, 2025
d0bfc17
Merge branch 'regal-var-shadows-builtin' of https://github.com/Checkm…
ArturRibeiro-CX Feb 25, 2025
0954762
fix var-shadows-builtin lint issues
ArturRibeiro-CX Feb 25, 2025
383e6c5
first commit to trigger regal linter non-raw-regex-pattern
ArturRibeiro-CX Feb 26, 2025
f8740d1
fix non-raw-regex-pattern lint issues
ArturRibeiro-CX Feb 26, 2025
14bc51e
fix non-raw-regex-pattern lint issues
ArturRibeiro-CX Feb 26, 2025
b70dd5b
initial commit to trigger regal linter no-whitespace-comment rule
ArturRibeiro-CX Feb 28, 2025
03a7880
Merge branch 'master' into regal-no-whitespace-comment
ArturRibeiro-CX Feb 28, 2025
84eb2e8
initial fix to regal linter no-whitespace-comment rule
ArturRibeiro-CX Feb 28, 2025
1a12a27
fix to regal linter no-whitespace-comment rule
ArturRibeiro-CX Feb 28, 2025
d872fb5
fix to regal linter no-whitespace-comment rule
ArturRibeiro-CX Feb 28, 2025
5837e53
fix to regal linter no-whitespace-comment rule
ArturRibeiro-CX Feb 28, 2025
543fd8e
fix to regal linter no-whitespace-comment rule
ArturRibeiro-CX Feb 28, 2025
d18bcdb
initial commit to trigger to regal linter use-in-operator rule
ArturRibeiro-CX Feb 28, 2025
a0e06ca
Fix regal linter use-in-operator rule
ArturRibeiro-CX Feb 28, 2025
b1f6f12
Fix regal linter use-in-operator rule
ArturRibeiro-CX Feb 28, 2025
5b15168
Fix regal linter use-in-operator rule
ArturRibeiro-CX Feb 28, 2025
c6dbf01
test fix reverting one lint change
ArturRibeiro-CX Mar 1, 2025
8bcdb28
test fix reverting one lint change
ArturRibeiro-CX Mar 1, 2025
356ed5b
fix all tests by reverting some lint change
ArturRibeiro-CX Mar 1, 2025
030c9ef
fix use in operator lint issue
ArturRibeiro-CX Mar 1, 2025
a40dddd
fix openAPI tests removing in keyword
ArturRibeiro-CX Mar 1, 2025
9f187c2
fix openAPI lint issues
ArturRibeiro-CX Mar 1, 2025
35d47fe
fix gcp test errors
ArturRibeiro-CX Mar 1, 2025
6918d24
fix unit k8s tests
ArturRibeiro-CX Mar 1, 2025
8a74e62
Initial commit to trigger custom has key construct regal lint issue
ArturRibeiro-CX Mar 1, 2025
78c3227
revert last commit
ArturRibeiro-CX Mar 1, 2025
f3e6a01
Initial commit to trigger custom has key construct regal lint issue
ArturRibeiro-CX Mar 1, 2025
5d565c5
fix custom has key construct regal lint issue
ArturRibeiro-CX Mar 1, 2025
5122515
fix errors
ArturRibeiro-CX Mar 1, 2025
a5003ec
fix errors
ArturRibeiro-CX Mar 1, 2025
ed8fce6
fix remaining regal lint issues
ArturRibeiro-CX Mar 1, 2025
e308947
remove unused function
ArturRibeiro-CX Mar 1, 2025
012069c
initial commit to trigger equals-pattern-matching regal lint issue
ArturRibeiro-CX Mar 1, 2025
694621e
fix equals-pattern-matching regal lint issue
ArturRibeiro-CX Mar 1, 2025
3bfd723
initial commit to trigger equals-pattern-matching regal lint rule
ArturRibeiro-CX Mar 1, 2025
488e539
fix equals-pattern-matching regal lint issue
ArturRibeiro-CX Mar 1, 2025
9df2555
update regal lint rules from warn to warning
ArturRibeiro-CX Mar 1, 2025
d1ffbb2
initial commit to trigger non-loop-expression regal lint rule
ArturRibeiro-CX Mar 1, 2025
d05af31
initial test to fix non-loop-expression regal lint issue
ArturRibeiro-CX Mar 1, 2025
ee7b129
fix non-loop-expression regal lint issue
ArturRibeiro-CX Mar 1, 2025
0dc199d
fix remaining regal lint issues
ArturRibeiro-CX Mar 1, 2025
dd29028
fix non-loop-expression regal lint issue
ArturRibeiro-CX Mar 1, 2025
67fde67
test regal with version statement
ArturRibeiro-CX Mar 1, 2025
c36a477
revert version on regal and try a new validation to fix non loop expr…
ArturRibeiro-CX Mar 2, 2025
39afcc1
fix non loop expression with a more efficient solution
ArturRibeiro-CX Mar 2, 2025
fbf200d
fix lint issues and try a new approach on k8s client certificate query
ArturRibeiro-CX Mar 2, 2025
347ceda
try a fix on linting problem k8s client_certificate
ArturRibeiro-CX Mar 2, 2025
d2707c5
try a fix on linting problem k8s client_certificate
ArturRibeiro-CX Mar 2, 2025
ced3791
fix non loop expressions regal lint issue
ArturRibeiro-CX Mar 2, 2025
ba9227c
fix last lint issue opa fmt
ArturRibeiro-CX Mar 2, 2025
d430fe5
try to apply opa fmt automatically into rego files commited
ArturRibeiro-CX Mar 2, 2025
45b62c3
try with no sha code
ArturRibeiro-CX Mar 2, 2025
0e4e366
try with no new instruction
ArturRibeiro-CX Mar 2, 2025
c2bd8c1
same opa version as the go.mod package
ArturRibeiro-CX Mar 2, 2025
ab62fc5
revert addition of opa fmt rule to action
ArturRibeiro-CX Mar 2, 2025
58f2425
initial commit to trigger defer-assignment regal lint issue
ArturRibeiro-CX Mar 2, 2025
7622faf
initial try to fix defer assignment regal lint issue
ArturRibeiro-CX Mar 2, 2025
65d2044
another try to fix defer assignment regal lint issue
ArturRibeiro-CX Mar 2, 2025
70fd5b1
another try to fix defer assignment regal lint issue
ArturRibeiro-CX Mar 2, 2025
8552dba
another try to fix defer assignment regal lint issue
ArturRibeiro-CX Mar 2, 2025
432bb6b
test fix defer assigment k8s pod or container query
ArturRibeiro-CX Mar 2, 2025
94b1d46
test fix defer assigment
ArturRibeiro-CX Mar 2, 2025
c69c2e9
fix typo
ArturRibeiro-CX Mar 2, 2025
544cefe
fix defer assignment regal lint issue
ArturRibeiro-CX Mar 2, 2025
4d21bf1
fix defer assignment regal lint issue cloudformation
ArturRibeiro-CX Mar 2, 2025
ad01db6
fix defer assignment regal lint issue cloudformation
ArturRibeiro-CX Mar 2, 2025
7d2dce4
fix defer assignment regal lint issue cloudformation app_access query
ArturRibeiro-CX Mar 2, 2025
f7fef2a
try fix test
ArturRibeiro-CX Mar 2, 2025
e72919c
try fix regal linter defer assignment test
ArturRibeiro-CX Mar 2, 2025
3c57fde
try fix regal linter defer assignment test
ArturRibeiro-CX Mar 2, 2025
853fe81
fix regal lint issue
ArturRibeiro-CX Mar 2, 2025
3a55edd
fix regal lint defer-assignment issue
ArturRibeiro-CX Mar 2, 2025
ed6007b
try to fix regal lint defer-assignment issue
ArturRibeiro-CX Mar 2, 2025
c2f0dec
try to fix regal lint defer-assignment issue
ArturRibeiro-CX Mar 2, 2025
3403309
fix regal lint defer-assignment issue
ArturRibeiro-CX Mar 2, 2025
4346e70
fix regal lint defer-assignment issues
ArturRibeiro-CX Mar 2, 2025
aeadfd7
fix regal lint defer-assignment issues
ArturRibeiro-CX Mar 2, 2025
413ddf2
fix regal lint defer-assignment issues
ArturRibeiro-CX Mar 2, 2025
b828991
fix tests
ArturRibeiro-CX Mar 2, 2025
7be0d81
initial commit to trigger redundant-alias regal lint issues
ArturRibeiro-CX Mar 2, 2025
21c88a6
fix redundant-alias regal lint issues
ArturRibeiro-CX Mar 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
24 changes: 24 additions & 0 deletions .github/workflows/validate-rego.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: validate-rego

on:
pull_request:
paths:
- "assets/**/*.rego"

jobs:
lint-rego:
name: Run Regal Linter on Rego Files
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false

- name: Setup Regal
uses: StyraInc/setup-regal@33a142b1189004e0f14bf42b15972c67eecce776 # v1.0.0
with:
version: v0.31.1

- name: Run Regal Linter
run: regal lint --format=github assets --config-file=assets/.regal/config.yml
138 changes: 138 additions & 0 deletions assets/.regal/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
# Since the linting rules will be tackled in separate PRs, we are temporarily ignoring all rules.
# We will update rule severities as each PR is merged.

rules:
bugs:
not-equals-in-loop:
# https://docs.styra.com/regal/rules/bugs/not-equals-in-loop
level: ignore
rule-shadows-builtin:
# https://docs.styra.com/regal/rules/bugs/rule-shadows-builtin
level: warning
var-shadows-builtin:
# https://docs.styra.com/regal/rules/bugs/var-shadows-builtin
level: warning
unused-output-variable:
# https://docs.styra.com/regal/rules/bugs/unused-output-variable
level: ignore
deprecated-builtin:
# https://docs.styra.com/regal/rules/bugs/deprecated-builtin
level: ignore
leaked-internal-reference:
# https://docs.styra.com/regal/rules/bugs/leaked-internal-reference
level: ignore
sprintf-arguments-mismatch:
# https://docs.styra.com/regal/rules/bugs/sprintf-arguments-mismatch
level: ignore
inconsistent-args:
# https://docs.styra.com/regal/rules/bugs/inconsistent-args
level: ignore
redundant-existence-check:
# https://docs.styra.com/regal/rules/bugs/redundant-existence-check
level: ignore
idiomatic:
no-defined-entrypoint:
# https://docs.styra.com/regal/rules/idiomatic/no-defined-entrypoint
# No single entrypoint for this project
level: ignore
# temporary
non-raw-regex-pattern:
# https://docs.styra.com/regal/rules/idiomatic/non-raw-regex-pattern
level: warning
use-in-operator:
# https://docs.styra.com/regal/rules/idiomatic/use-in-operator
level: warning
use-some-for-output-vars:
# https://docs.styra.com/regal/rules/idiomatic/use-some-for-output-vars
# These would be good to address, but would require a concentrated effort
level: ignore
custom-has-key-construct:
# https://docs.styra.com/regal/rules/idiomatic/custom-has-key-construct
level: warning
equals-pattern-matching:
# https://docs.styra.com/regal/rules/idiomatic/equals-pattern-matching
level: warning
use-contains:
# https://docs.styra.com/regal/rules/idiomatic/use-contains
level: ignore
use-if:
# https://docs.styra.com/regal/rules/idiomatic/use-if
level: ignore
directory-package-mismatch:
# https://docs.styra.com/regal/rules/idiomatic/directory-package-mismatch
level: ignore
custom-in-construct:
# https://docs.styra.com/regal/rules/idiomatic/custom-in-construct
level: ignore
style:
avoid-get-and-list-prefix:
# https://docs.styra.com/regal/rules/style/avoid-get-and-list-prefix
level: ignore
external-reference:
# https://docs.styra.com/regal/rules/style/external-reference
level: ignore
file-length:
# https://docs.styra.com/regal/rules/style/file-length
level: ignore
line-length:
# https://docs.styra.com/regal/rules/style/line-length
level: ignore
no-whitespace-comment:
# https://docs.styra.com/regal/rules/style/no-whitespace-comment
level: warning
opa-fmt:
# https://docs.styra.com/regal/rules/style/opa-fmt
level: warning
prefer-some-in-iteration:
# https://docs.styra.com/regal/rules/style/prefer-some-in-iteration
# 10000+ violations fixed but way more to go
level: ignore
prefer-snake-case:
# https://docs.styra.com/regal/rules/style/prefer-snake-case
level: ignore
rule-length:
# https://docs.styra.com/regal/rules/style/rule-length
level: ignore
todo-comment:
# https://docs.styra.com/regal/rules/style/todo-comment
# only one TODO comment in the codebase to fix this issue
level: ignore
use-assignment-operator:
# https://docs.styra.com/regal/rules/style/use-assignment-operator
level: ignore
rule-name-repeats-package:
# https://docs.styra.com/regal/rules/style/rule-name-repeats-package
level: ignore
messy-rule:
# https://docs.styra.com/regal/rules/style/messy-rule
level: ignore
comprehension-term-assignment:
# https://docs.styra.com/regal/rules/style/comprehension-term-assignment
level: ignore
pointless-reassignment:
# https://docs.styra.com/regal/rules/style/pointless-reassignment
level: ignore
unconditional-assignment:
# https://docs.styra.com/regal/rules/style/unconditional-assignment
level: ignore
default-over-else:
# https://docs.styra.com/regal/rules/style/default-over-else
level: ignore
imports:
use-rego-v1:
# https://docs.styra.com/regal/rules/imports/use-rego-v1
level: ignore
redundant-alias:
# https://docs.styra.com/regal/rules/imports/redundant-alias
level: warning
import-after-rule:
# https://docs.styra.com/regal/rules/imports/import-after-rule
level: warning
performance:
non-loop-expression:
# https://docs.styra.com/regal/rules/performance/non-loop-expression
level: warning
defer-assignment:
# https://docs.styra.com/regal/rules/performance/defer-assignment
level: warning

35 changes: 17 additions & 18 deletions assets/libraries/ansible.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package generic.ansible

import future.keywords.in

# Global variable with all tasks in input
tasks := TasksPerDocument

Expand Down Expand Up @@ -33,14 +35,12 @@ getTasksFromBlocks(playbook) = result {
not task.block
validPath(path)
]
} else = [playbook] {
true
}
} else = [playbook]

# Validates the path of a nested element inside a block task to assure it's a task
validPath(path) {
count(path) > 1
validGroup(path[minus(count(path), 2)])
validGroup(path[count(path) - 2])
}

# Identifies a block task
Expand Down Expand Up @@ -89,16 +89,15 @@ allowsPort(allowed, port) {
some i
contains(allowed.ports[i], "-")
port_bounds := split(allowed.ports[i], "-")
low := to_number(port_bounds[0])
high := to_number(port_bounds[1])

low := to_number(port_bounds[0])
low <= portNumber

high := to_number(port_bounds[1])
high >= portNumber
} else {
allowed.ports[_] == port
} else = false {
true
}
port in allowed.ports
} else = false

# Checks if a given port is included in a network rule
isPortInRule(rule, portNumber) {
Expand All @@ -112,7 +111,7 @@ isPortInRule(rule, portNumber) {
}

isPortInRule(rule, portNumber) {
rule.ports[_] == portNumber
portNumber in rule.ports
}

isPortInRule(rule, portNumber) {
Expand Down Expand Up @@ -149,11 +148,11 @@ isEntireNetwork(cidr) {
}

installer_modules := [
"community.general.apk", "ansible.builtin.apt", "ansible.builtin.apt", "community.general.bundler", "ansible.builtin.dnf", "community.general.easy_install",
"community.general.gem", "community.general.homebrew", "community.general.jenkins_plugin", "community.general.npm", "community.general.openbsd_pkg",
"ansible.builtin.package", "ansible.builtin.package", "community.general.pear", "community.general.pacman", "ansible.builtin.pip", "community.general.pkg5",
"community.general.pkgutil", "community.general.pkgutil", "community.general.portage", "community.general.slackpkg", "community.general.sorcery",
"community.general.swdepot", "win_chocolatey", "community.general.yarn", "ansible.builtin.yum", "community.general.zypper", "apk", "apt", "bower", "bundler",
"dnf", "easy_install", "gem", "homebrew", "jenkins_plugin", "npm", "openbsd_package", "openbsd_pkg", "package", "pacman", "pear", "pip", "pkg5", "pkgutil",
"community.general.apk", "ansible.builtin.apt", "ansible.builtin.apt", "community.general.bundler", "ansible.builtin.dnf", "community.general.easy_install",
"community.general.gem", "community.general.homebrew", "community.general.jenkins_plugin", "community.general.npm", "community.general.openbsd_pkg",
"ansible.builtin.package", "ansible.builtin.package", "community.general.pear", "community.general.pacman", "ansible.builtin.pip", "community.general.pkg5",
"community.general.pkgutil", "community.general.pkgutil", "community.general.portage", "community.general.slackpkg", "community.general.sorcery",
"community.general.swdepot", "win_chocolatey", "community.general.yarn", "ansible.builtin.yum", "community.general.zypper", "apk", "apt", "bower", "bundler",
"dnf", "easy_install", "gem", "homebrew", "jenkins_plugin", "npm", "openbsd_package", "openbsd_pkg", "package", "pacman", "pear", "pip", "pkg5", "pkgutil",
"portage", "slackpkg", "sorcery", "swdepot", "win_chocolatey", "yarn", "yum", "zypper",
]
]
21 changes: 10 additions & 11 deletions assets/libraries/azureresourcemanager.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,20 @@ package generic.azureresourcemanager

# gets the network security group properties for two types of resource ('Microsoft.Network/networkSecurityGroups' and 'Microsoft.Network/networkSecurityGroups/securityRules')
get_sg_info(value) = typeInfo {
value.type == "Microsoft.Network/networkSecurityGroups/securityRules"
value.type == "Microsoft.Network/networkSecurityGroups/securityRules"
typeInfo := {
"type": value.type,
"properties": value.properties,
"type": value.type,
"properties": value.properties,
"path": "resources.type={{Microsoft.Network/networkSecurityGroups/securityRules}}.properties",
"sl": ["properties"]
}
"sl": ["properties"],
}
} else = typeInfo {
value.type == "securityRules"
typeInfo := {
"type": value.type,
"properties": value.properties,
"type": value.type,
"properties": value.properties,
"path": "resources.type={{securityRules}}.properties",
"sl": ["properties"]
"sl": ["properties"],
}
}

Expand Down Expand Up @@ -84,11 +84,10 @@ isParameterReference(valueToCheck) = parameterName {
parameterName := trim_right(trim_left(trim_left(valueToCheck, "[parameters"), "('"), "')]")
}


isDisabledOrUndefined(doc, resource, parametersPath){
isDisabledOrUndefined(doc, resource, parametersPath) {
object.get(resource, split(parametersPath, "."), "not defined") == "not defined"
} else {
value := object.get(resource, split(parametersPath, "."),"")
value := object.get(resource, split(parametersPath, "."), "")
[check, _] := getDefaultValueFromParametersIfPresent(doc, value)
check == false
}
1 change: 0 additions & 1 deletion assets/libraries/cicd.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
package generic.cicd

Loading
Loading