From ac5f76f80442175f740ee9404b19ef60001f5427 Mon Sep 17 00:00:00 2001
From: Anders Eknert <anders@styra.com>
Date: Mon, 29 Jul 2024 23:53:51 +0200
Subject: [PATCH] Extend `redundant-existence-check` to fail redundant ref
 checks

Fixes #936

Signed-off-by: Anders Eknert <anders@styra.com>
---
 .../rules/bugs/redundant_existence_check.rego | 20 ++++++++++++++++++-
 .../bugs/redundant_existence_check_test.rego  | 19 ++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/bundle/regal/rules/bugs/redundant_existence_check.rego b/bundle/regal/rules/bugs/redundant_existence_check.rego
index 869c203f5..2f8d720a5 100644
--- a/bundle/regal/rules/bugs/redundant_existence_check.rego
+++ b/bundle/regal/rules/bugs/redundant_existence_check.rego
@@ -7,6 +7,8 @@ import rego.v1
 import data.regal.ast
 import data.regal.result
 
+# METADATA
+# description: check rule bodies for redundant existence checks
 report contains violation if {
 	some rule_index, rule in input.rules
 	some expr_index, expr in ast.exprs[rule_index]
@@ -18,7 +20,6 @@ report contains violation if {
 	ast.static_ref(expr.terms)
 
 	ref_str := ast.ref_to_string(expr.terms.value)
-
 	next_expr := rule.body[expr_index + 1]
 
 	some term in next_expr.terms
@@ -27,3 +28,20 @@ report contains violation if {
 
 	violation := result.fail(rego.metadata.chain(), result.location(expr))
 }
+
+# METADATA
+# description: check for redundant existence checks in rule head assignment
+report contains violation if {
+	some rule_index, rule in input.rules
+
+	rule.head.value.type == "ref"
+
+	ref_str := ast.ref_to_string(rule.head.value.value)
+
+	some expr in ast.exprs[rule_index]
+
+	expr.terms.type == "ref"
+	ast.ref_to_string(expr.terms.value) == ref_str
+
+	violation := result.fail(rego.metadata.chain(), result.location(expr.terms))
+}
diff --git a/bundle/regal/rules/bugs/redundant_existence_check_test.rego b/bundle/regal/rules/bugs/redundant_existence_check_test.rego
index e684e9c6a..1eee972ad 100644
--- a/bundle/regal/rules/bugs/redundant_existence_check_test.rego
+++ b/bundle/regal/rules/bugs/redundant_existence_check_test.rego
@@ -47,3 +47,22 @@ test_success_not_redundant_existence_check_with_cancels if {
 	r := rule.report with input as module
 	r == set()
 }
+
+test_fail_redundant_existence_check_head_assignment_of_ref if {
+	module := ast.with_rego_v1(`
+	redundant := input.foo if {
+		input.foo
+	}`)
+	r := rule.report with input as module
+	r == {{
+		"category": "bugs",
+		"description": "Redundant existence check",
+		"level": "error",
+		"location": {"col": 3, "file": "policy.rego", "row": 7, "text": "\t\tinput.foo"},
+		"related_resources": [{
+			"description": "documentation",
+			"ref": config.docs.resolve_url("$baseUrl/$category/redundant-existence-check", "bugs"),
+		}],
+		"title": "redundant-existence-check",
+	}}
+}