Skip to content

Commit

Permalink
feat(misconf): ignore duplicate checks
Browse files Browse the repository at this point in the history 
Signed-off-by: nikpivkin <[email protected]>
  • Loading branch information
@nikpivkin
nikpivkin committed Aug 7, 2024
1 parent 7278abd commit d8c3416
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions pkg/iac/rego/embed.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ func RegisterRegoRules(modules map[string]*ast.Module) {
}

retriever := NewMetadataRetriever(compiler)

regoCheckIDs := make(map[string]struct{})

for _, module := range modules {
metadata, err := retriever.RetrieveMetadata(ctx, module)
if err != nil {
Expand All @@ -55,10 +58,23 @@ func RegisterRegoRules(modules map[string]*ast.Module) {
if metadata.AVDID == "" {
continue
}

if !metadata.Deprecated {
regoCheckIDs[metadata.AVDID] = struct{}{}
}

rules.Register(
metadata.ToRule(),
)
}

for _, check := range rules.GetRegistered() {
if !check.Deprecated && check.CanCheck() {
if _, exists := regoCheckIDs[check.AVDID]; exists {
rules.Deregister(check)
}
}
}
}

func LoadEmbeddedPolicies() (map[string]*ast.Module, error) {
Expand Down

0 comments on commit d8c3416

Please sign in to comment.