Skip to content

Commit

Permalink
Extend redundant-existence-check to fail redundant ref checks
Browse files Browse the repository at this point in the history
Fixes #936

Signed-off-by: Anders Eknert <anders@styra.com>
  • Loading branch information
anderseknert committed Jul 29, 2024
1 parent 99fb078 commit ac5f76f
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 1 deletion.
20 changes: 19 additions & 1 deletion bundle/regal/rules/bugs/redundant_existence_check.rego
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ import rego.v1
import data.regal.ast
import data.regal.result

# METADATA
# description: check rule bodies for redundant existence checks
report contains violation if {
some rule_index, rule in input.rules
some expr_index, expr in ast.exprs[rule_index]
Expand All @@ -18,7 +20,6 @@ report contains violation if {
ast.static_ref(expr.terms)

ref_str := ast.ref_to_string(expr.terms.value)

next_expr := rule.body[expr_index + 1]

some term in next_expr.terms
Expand All @@ -27,3 +28,20 @@ report contains violation if {

violation := result.fail(rego.metadata.chain(), result.location(expr))
}

# METADATA
# description: check for redundant existence checks in rule head assignment
report contains violation if {
some rule_index, rule in input.rules

rule.head.value.type == "ref"

ref_str := ast.ref_to_string(rule.head.value.value)

some expr in ast.exprs[rule_index]

expr.terms.type == "ref"
ast.ref_to_string(expr.terms.value) == ref_str

violation := result.fail(rego.metadata.chain(), result.location(expr.terms))
}
19 changes: 19 additions & 0 deletions bundle/regal/rules/bugs/redundant_existence_check_test.rego
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,22 @@ test_success_not_redundant_existence_check_with_cancels if {
r := rule.report with input as module
r == set()
}

test_fail_redundant_existence_check_head_assignment_of_ref if {
module := ast.with_rego_v1(`
redundant := input.foo if {
input.foo
}`)
r := rule.report with input as module
r == {{
"category": "bugs",
"description": "Redundant existence check",
"level": "error",
"location": {"col": 3, "file": "policy.rego", "row": 7, "text": "\t\tinput.foo"},
"related_resources": [{
"description": "documentation",
"ref": config.docs.resolve_url("$baseUrl/$category/redundant-existence-check", "bugs"),
}],
"title": "redundant-existence-check",
}}
}

0 comments on commit ac5f76f

Please sign in to comment.