prefer-some-iteration: fix false positive in rule head key (#565)

Fixes #425 Signed-off-by: Anders Eknert <anders@styra.com>
StyraInc · Feb 20, 2024 · f11eef4 · f11eef4
1 parent 4625e7a
commit f11eef4
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 1 deletion.
diff --git a/bundle/regal/rules/style/prefer_some_in_iteration.rego b/bundle/regal/rules/style/prefer_some_in_iteration.rego
@@ -67,5 +67,9 @@ invalid_some_context(rule, path) if {
 
 	node := object.get(rule, p, [])
 
-	node.type in {"array", "object", "set"}
+	impossible_some(node)
 }
+
+impossible_some(node) if node.type in {"array", "object", "set"}
+
+impossible_some(node) if node.key
diff --git a/bundle/regal/rules/style/prefer_some_in_iteration_test.rego b/bundle/regal/rules/style/prefer_some_in_iteration_test.rego
@@ -15,6 +15,15 @@ test_fail_simple_iteration if {
 	r == with_location({"col": 3, "file": "policy.rego", "row": 4, "text": "\t\tinput.foo[_] == \"bar\""})
 }
 
+test_fail_simple_iteration_comprehension if {
+	policy := ast.policy(`s := {p |
+		p := input.foo[_]
+	}`)
+
+	r := rule.report with config.for_rule as allow_nesting(2) with input as policy
+	r == with_location({"col": 8, "file": "policy.rego", "row": 4, "text": "\t\tp := input.foo[_]"})
+}
+
 test_fail_simple_iteration_output_var if {
 	policy := ast.policy(`allow {
 		input.foo[x] == 1
@@ -186,6 +195,18 @@ test_success_allow_if_inside_object if {
 	r == set()
 }
 
+test_success_allow_if_inside_rule_head_key if {
+	policy := ast.with_rego_v1(`s contains input.foo[_]`)
+
+	r := rule.report with config.for_rule as {
+		"level": "error",
+		"ignore-if-sub-attribute": true,
+		"ignore-nesting-level": 5,
+	}
+		with input as policy
+	r == set()
+}
+
 allow_nesting(i) := {
 	"level": "error",
 	"ignore-nesting-level": i,