fix RegisteredRule issues

pkg/scanners/azure/arm/scanner.go

@@ -158,11 +158,11 @@ func (s *Scanner) scanDeployment(ctx context.Context, deployment azure.Deploymen
 				return nil, ctx.Err()
 			default:
 			}
-			if rule.Rule().RegoPackage != "" {
+			if rule.GetRule().RegoPackage != "" {
 				continue
 			}
 			ruleResults := rule.Evaluate(deploymentState)
-			s.debug.Log("Found %d results for %s", len(ruleResults), rule.Rule().AVDID)
+			s.debug.Log("Found %d results for %s", len(ruleResults), rule.GetRule().AVDID)
 			if len(ruleResults) > 0 {
 				results = append(results, ruleResults...)
 			}

pkg/scanners/cloudformation/scanner.go

@@ -187,12 +187,12 @@ func (s *Scanner) scanFileContext(ctx context.Context, regoScanner *rego.Scanner
 				return nil, ctx.Err()
 			default:
 			}
-			if rule.Rule().RegoPackage != "" {
+			if rule.GetRule().RegoPackage != "" {
 				continue
 			}
 			evalResult := rule.Evaluate(state)
 			if len(evalResult) > 0 {
-				s.debug.Log("Found %d results for %s", len(evalResult), rule.Rule().AVDID)
+				s.debug.Log("Found %d results for %s", len(evalResult), rule.GetRule().AVDID)
 				for _, scanResult := range evalResult {
 
 					ref := scanResult.Metadata().Reference()

pkg/scanners/terraform/executor/executor.go

@@ -14,6 +14,7 @@ import (
 	adapter "github.com/aquasecurity/trivy-iac/internal/adapters/terraform"
 	"github.com/aquasecurity/trivy-policies/pkg/rego"
 	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/types"
 )
 
 // Executor scans HCL blocks by running all registered rules against them
@@ -104,11 +105,11 @@ func (e *Executor) Execute(modules terraform.Modules) (scan.Results, Metrics, er
 	}
 
 	checksTime := time.Now()
-	var registeredRules []RegisteredRule
+	var registeredRules []types.RegisteredRule
 	a := rules.GetRegistered(e.frameworks...)
 	for _, r := range a {
 		rule := r
-		registeredRules = append(registeredRules, &rule)
+		registeredRules = append(registeredRules, rule)
 	}
 	e.debug.Log("Initialised %d rule(s).", len(registeredRules))
 

pkg/scanners/terraform/executor/pool.go

@@ -13,24 +13,25 @@ import (
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/terraform"
 	"github.com/aquasecurity/trivy-policies/pkg/rego"
+	"github.com/aquasecurity/trivy-policies/pkg/types"
 )
 
 type RegisteredRule interface {
-	Rule() scan.Rule
+	GetRule() scan.Rule
 	Evaluate(s *state.State) scan.Results
 }
 
 type Pool struct {
 	size         int
 	modules      terraform.Modules
 	state        *state.State
-	rules        []RegisteredRule
+	rules        []types.RegisteredRule
 	ignoreErrors bool
 	rs           *rego.Scanner
 	regoOnly     bool
 }
 
-func NewPool(size int, rules []RegisteredRule, modules terraform.Modules, state *state.State, ignoreErrors bool, regoScanner *rego.Scanner, regoOnly bool) *Pool {
+func NewPool(size int, rules []types.RegisteredRule, modules terraform.Modules, state *state.State, ignoreErrors bool, regoScanner *rego.Scanner, regoOnly bool) *Pool {
 	return &Pool{
 		size:         size,
 		rules:        rules,
@@ -68,21 +69,21 @@ func (p *Pool) Run() (scan.Results, error) {
 
 	if !p.regoOnly {
 		for _, r := range p.rules {
-			if r.Rule().CustomChecks.Terraform != nil && r.Rule().CustomChecks.Terraform.Check != nil {
+			if r.GetRule().CustomChecks.Terraform != nil && r.GetRule().CustomChecks.Terraform.Check != nil {
 				// run local hcl rule
 				for _, module := range p.modules {
 					mod := *module
 					outgoing <- &hclModuleRuleJob{
 						module:       &mod,
-						rule:         r,
+						rule:         &r,
 						ignoreErrors: p.ignoreErrors,
 					}
 				}
 			} else {
 				// run defsec rule
 				outgoing <- &infraRuleJob{
 					state:        p.state,
-					rule:         r,
+					rule:         &r,
 					ignoreErrors: p.ignoreErrors,
 				}
 			}
@@ -144,14 +145,14 @@ func (h *hclModuleRuleJob) Run() (results scan.Results, err error) {
 			}
 		}()
 	}
-	customCheck := h.rule.Rule().CustomChecks.Terraform
+	customCheck := h.rule.GetRule().CustomChecks.Terraform
 	for _, block := range h.module.GetBlocks() {
 		if !isCustomCheckRequiredForBlock(customCheck, block) {
 			continue
 		}
 		results = append(results, customCheck.Check(block, h.module)...)
 	}
-	results.SetRule(h.rule.Rule())
+	results.SetRule(h.rule.GetRule())
 	return
 }
 

test/docker_test.go

@@ -12,6 +12,7 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/scanners/options"
 	"github.com/aquasecurity/trivy-iac/pkg/scanners/dockerfile"
+	"github.com/aquasecurity/trivy-policies/pkg/rego"
 	"github.com/liamg/memoryfs"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -30,7 +31,7 @@ func addFilesToMemFS(memfs *memoryfs.FS, typePolicy bool, folderName string) err
 			if info.IsDir() {
 				return nil
 			}
-			if typePolicy && !isRegoFile(info.Name()) {
+			if typePolicy && !rego.IsRegoFile(info.Name()) {
 				return nil
 			}
 			data, err := os.ReadFile(fpath)

test/module_test.go

@@ -626,6 +626,6 @@ data "aws_iam_policy_document" "policy" {
 	modules, _, err := p.EvaluateAll(context.TODO())
 	require.NoError(t, err)
 	results, _, _ := executor.New().Execute(modules)
-	testutil.AssertRuleNotFound(t, iam.CheckEnforceGroupMFA.Rule().LongID(), results, "")
+	testutil.AssertRuleNotFound(t, iam.CheckEnforceGroupMFA.GetRule().LongID(), results, "")
 
 }

test/performance_test.go

@@ -44,11 +44,11 @@ module "something" {
 `
 
 	for _, rule := range rules.GetRegistered() {
-		if rule.Rule().Terraform == nil {
+		if rule.GetRule().Terraform == nil {
 			continue
 		}
-		for i, bad := range rule.Rule().Terraform.BadExamples {
-			filename := fmt.Sprintf("/modules/problem/%s-%d.tf", rule.Rule().LongID(), i)
+		for i, bad := range rule.GetRule().Terraform.BadExamples {
+			filename := fmt.Sprintf("/modules/problem/%s-%d.tf", rule.GetRule().LongID(), i)
 			files[filename] = bad
 		}
 	}