chore: remove Go checks

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
aquasecurity · Nov 12, 2024 · 29d4eb4 · 29d4eb4
1 parent 4721240
commit 29d4eb4
Show file tree

Hide file tree

Showing 19 changed files with 63 additions and 515 deletions.
diff --git a/pkg/fanal/artifact/local/fs_test.go b/pkg/fanal/artifact/local/fs_test.go
@@ -918,7 +918,6 @@ func TestTerraformPlanSnapshotMisconfScan(t *testing.T) {
 					types.SystemFileFilteringPostHandler,
 				},
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					DisableEmbeddedPolicies:  true,
 					DisableEmbeddedLibraries: false,
 					Namespaces:               []string{"user"},
@@ -956,7 +955,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/single-failure/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1017,7 +1015,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/multiple-failures/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1100,7 +1097,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/no-results/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1131,7 +1127,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/params/code/rego"},
 					CloudFormationParamVars:  []string{"./testdata/misconfig/cloudformation/params/cfparams.json"},
@@ -1188,7 +1183,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/passed/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1275,7 +1269,6 @@ func TestDockerfileMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/dockerfile/single-failure/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1332,7 +1325,6 @@ func TestDockerfileMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/dockerfile/multiple-failures/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1389,7 +1381,6 @@ func TestDockerfileMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/dockerfile/no-results/rego"},
 				},
@@ -1419,7 +1410,6 @@ func TestDockerfileMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/dockerfile/passed/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1508,7 +1498,6 @@ func TestKubernetesMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/kubernetes/single-failure/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1570,7 +1559,6 @@ func TestKubernetesMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/kubernetes/multiple-failures/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1655,7 +1643,6 @@ func TestKubernetesMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/kubernetes/no-results/rego"},
 				},
@@ -1685,7 +1672,6 @@ func TestKubernetesMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/kubernetes/passed/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1774,7 +1760,6 @@ func TestAzureARMMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/azurearm/single-failure/rego"},
 				},
@@ -1834,7 +1819,6 @@ func TestAzureARMMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/azurearm/multiple-failures/rego"},
 				},
@@ -1916,7 +1900,6 @@ func TestAzureARMMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/azurearm/no-results/rego"},
 				},
@@ -1946,7 +1929,6 @@ func TestAzureARMMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/azurearm/passed/rego"},
 				},
@@ -2032,7 +2014,6 @@ func TestMixedConfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/mixed/rego"},
 					DisableEmbeddedLibraries: true,
@@ -2153,7 +2134,6 @@ func TestJSONConfigScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/json/passed/checks"},
 				},
@@ -2226,7 +2206,6 @@ func TestJSONConfigScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/json/with-schema/checks"},
 				},
@@ -2316,7 +2295,6 @@ func TestYAMLConfigScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/yaml/passed/checks"},
 				},
@@ -2389,7 +2367,6 @@ func TestYAMLConfigScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/yaml/with-schema/checks"},
 				},

diff --git a/pkg/iac/rego/embed.go b/pkg/iac/rego/embed.go
@@ -71,15 +71,6 @@ func RegisterRegoRules(modules map[string]*ast.Module) {
 
 		rules.Register(metadata.ToRule())
 	}
-
-	for _, check := range rules.GetRegistered() {
-		if !check.Deprecated && check.CanCheck() {
-			if _, exists := regoCheckIDs[check.AVDID]; exists {
-				log.Warn("Ignore duplicate Go check", log.String("avdid", check.AVDID))
-				rules.Deregister(check)
-			}
-		}
-	}
 }
 
 func LoadEmbeddedPolicies() (map[string]*ast.Module, error) {

diff --git a/pkg/iac/rego/embed_test.go b/pkg/iac/rego/embed_test.go
@@ -2,7 +2,6 @@ package rego
 
 import (
 	"testing"
-	"testing/fstest"
 
 	"github.com/open-policy-agent/opa/ast"
 	"github.com/stretchr/testify/assert"
@@ -11,7 +10,6 @@ import (
 	checks "github.com/aquasecurity/trivy-checks"
 	"github.com/aquasecurity/trivy/pkg/iac/rules"
 	"github.com/aquasecurity/trivy/pkg/iac/scan"
-	"github.com/aquasecurity/trivy/pkg/iac/state"
 )
 
 func Test_EmbeddedLoading(t *testing.T) {
@@ -207,49 +205,3 @@ deny[res]{
 		})
 	}
 }
-
-func Test_IgnoreDuplicateChecks(t *testing.T) {
-	rules.Reset()
-
-	r := scan.Rule{
-		AVDID: "TEST001",
-		Check: func(s *state.State) (results scan.Results) {
-			for _, bucket := range s.AWS.S3.Buckets {
-				if bucket.Name.Value() == "evil" {
-					results.Add("Bucket name should not be evil", bucket.Name)
-				}
-			}
-			return
-		},
-	}
-	reg := rules.Register(r)
-	defer rules.Deregister(reg)
-
-	fsys := fstest.MapFS{
-		"test.rego": &fstest.MapFile{
-			Data: []byte(`
-# METADATA
-# title: "Test rego"
-# scope: package
-# schemas:
-# - input: schema["cloud"]
-# custom:
-#   avd_id: TEST001
-#   severity: LOW
-package user.test001
-
-deny[res] {
-	res := result.new("test", {})
-}
-`),
-		},
-	}
-
-	modules, err := LoadPoliciesFromDirs(fsys, ".")
-	require.NoError(t, err)
-
-	RegisterRegoRules(modules)
-	registered := rules.GetRegistered()
-	assert.Len(t, registered, 1)
-	assert.Equal(t, "TEST001", registered[0].AVDID)
-}
diff --git a/pkg/iac/rules/rules.go b/pkg/iac/rules/rules.go
diff --git a/pkg/iac/scan/rule.go b/pkg/iac/scan/rule.go
@@ -84,21 +84,6 @@ func (r Rule) ShortCodeDisplayName() string {
 	return nicify(r.ShortCode)
 }
 
-func (r Rule) CanCheck() bool {
-	return r.Check != nil
-}
-
-func (r Rule) Evaluate(s *state.State) Results {
-	if !r.CanCheck() {
-		return nil
-	}
-	results := r.Check(s)
-	for i := range results {
-		results[i].SetRule(r)
-	}
-	return results
-}
-
 var acronyms = []string{
 	"acl",
 	"alb",