github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/artifact/local/testdata/misconfig/mixed/rego/policy.rego

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/artifact/local/testdata/misconfig/mixed/rego/policy.rego (about)

     1  package user.something
     2  
     3   __rego_metadata__ := {
     4   	"id": "TEST001",
     5   	"avd_id": "AVD-TEST-0001",
     6   	"title": "Test policy",
     7   	"short_code": "no-buckets",
     8   	"severity": "LOW",
     9   	"description": "This is a test policy.",
    10   	"recommended_actions": "Have a cup of tea.",
    11   	"url": "https://trivy.dev/",
    12   }
    13  
    14   # taken from defsec rego lib to mimic behaviour
    15   result(msg, cause) = result {
    16   	metadata := object.get(cause, "__defsec_metadata", cause)
    17   	result := {
    18   		"msg": msg,
    19   		"startline": object.get(metadata, "startline", 0),
    20   		"endline": object.get(metadata, "endline", 0),
    21   		"filepath": object.get(metadata, "filepath", ""),
    22   		"explicit": object.get(metadata, "explicit", false),
    23   		"managed": object.get(metadata, "managed", true),
    24   		"fskey": object.get(metadata, "fskey", ""),
    25   		"resource": object.get(metadata, "resource", ""),
    26   	}
    27   }
    28  
    29   deny[res] {
    30       bucket := input.aws.s3.buckets[_]
    31       res := result("No buckets allowed!", bucket)
    32   }