From d8c34164800099902f96415bc4508fb48a9c9ff9 Mon Sep 17 00:00:00 2001
From: nikpivkin <nikita.pivkin@smartforce.io>
Date: Wed, 7 Aug 2024 19:17:50 +0700
Subject: [PATCH] feat(misconf): ignore duplicate checks

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
---
 pkg/iac/rego/embed.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/pkg/iac/rego/embed.go b/pkg/iac/rego/embed.go
index 9d1ac6458c52..787cea92f742 100644
--- a/pkg/iac/rego/embed.go
+++ b/pkg/iac/rego/embed.go
@@ -47,6 +47,9 @@ func RegisterRegoRules(modules map[string]*ast.Module) {
 	}
 
 	retriever := NewMetadataRetriever(compiler)
+
+	regoCheckIDs := make(map[string]struct{})
+
 	for _, module := range modules {
 		metadata, err := retriever.RetrieveMetadata(ctx, module)
 		if err != nil {
@@ -55,10 +58,23 @@ func RegisterRegoRules(modules map[string]*ast.Module) {
 		if metadata.AVDID == "" {
 			continue
 		}
+
+		if !metadata.Deprecated {
+			regoCheckIDs[metadata.AVDID] = struct{}{}
+		}
+
 		rules.Register(
 			metadata.ToRule(),
 		)
 	}
+
+	for _, check := range rules.GetRegistered() {
+		if !check.Deprecated && check.CanCheck() {
+			if _, exists := regoCheckIDs[check.AVDID]; exists {
+				rules.Deregister(check)
+			}
+		}
+	}
 }
 
 func LoadEmbeddedPolicies() (map[string]*ast.Module, error) {