github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/config/testdata/rego/policy.rego

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/config/testdata/rego/policy.rego (about)

     1  package user.something
     2  
     3  __rego_metadata__ := {
     4  	"id": "TEST001",
     5  	"avd_id": "AVD-TEST-0001",
     6  	"title": "Test policy",
     7  	"short_code": "no-buckets",
     8  	"severity": "LOW",
     9  	"description": "This is a test policy.",
    10  	"recommended_actions": "Have a cup of tea.",
    11  	"url": "https://trivy.dev/",
    12  }
    13  
    14  # taken from defsec rego lib to mimic behaviour
    15  result(msg, cause) = result {
    16  	metadata := object.get(cause, "__defsec_metadata", cause)
    17  	result := {
    18  		"msg": msg,
    19  		"startline": object.get(metadata, "startline", object.get(metadata, "StartLine", 0)),
    20          "endline": object.get(metadata, "endline", object.get(metadata, "EndLine", 0)),
    21          "filepath": object.get(metadata, "filepath", object.get(metadata, "Path", "")),
    22  		"explicit": object.get(metadata, "explicit", false),
    23  		"managed": object.get(metadata, "managed", true),
    24  		"fskey": object.get(metadata, "fskey", ""),
    25  		"resource": object.get(metadata, "resource", ""),
    26  	}
    27  }
    28  
    29  deny[res] {
    30      cmd := input.stages[_][_]
    31      res := result("No commands allowed!", cmd)
    32  }