Extend redundant-existence-check to fail redundant ref checks (#949)

anderseknert · web-flow · commit 7bc7868e6775 · 2024-07-30T11:17:15.000+02:00
Also add end location to this rule's report Fixes #935 Signed-off-by: Anders Eknert <anders@styra.com>
diff --git a/bundle/regal/rules/bugs/redundant_existence_check.rego b/bundle/regal/rules/bugs/redundant_existence_check.rego
@@ -7,6 +7,8 @@ import rego.v1
 import data.regal.ast
 import data.regal.result
 
+# METADATA
+# description: check rule bodies for redundant existence checks
 report contains violation if {
 	some rule_index, rule in input.rules
 	some expr_index, expr in ast.exprs[rule_index]
@@ -18,12 +20,28 @@ report contains violation if {
 	ast.static_ref(expr.terms)
 
 	ref_str := ast.ref_to_string(expr.terms.value)
-
 	next_expr := rule.body[expr_index + 1]
 
 	some term in next_expr.terms
 
 	ast.ref_to_string(term.value) == ref_str
 
-	violation := result.fail(rego.metadata.chain(), result.location(expr))
+	violation := result.fail(rego.metadata.chain(), result.ranged_location_from_text(expr))
+}
+
+# METADATA
+# description: check for redundant existence checks in rule head assignment
+report contains violation if {
+	some rule_index, rule in input.rules
+
+	rule.head.value.type == "ref"
+
+	ref_str := ast.ref_to_string(rule.head.value.value)
+
+	some expr in ast.exprs[rule_index]
+
+	expr.terms.type == "ref"
+	ast.ref_to_string(expr.terms.value) == ref_str
+
+	violation := result.fail(rego.metadata.chain(), result.ranged_location_from_text(expr.terms))
 }
diff --git a/bundle/regal/rules/bugs/redundant_existence_check_test.rego b/bundle/regal/rules/bugs/redundant_existence_check_test.rego
@@ -18,7 +18,7 @@ test_fail_redundant_existence_check if {
 		"category": "bugs",
 		"description": "Redundant existence check",
 		"level": "error",
-		"location": {"col": 3, "file": "policy.rego", "row": 7, "text": "\t\tinput.foo"},
+		"location": {"col": 3, "file": "policy.rego", "row": 7, "text": "\t\tinput.foo", "end": {"col": 12, "row": 7}},
 		"related_resources": [{
 			"description": "documentation",
 			"ref": config.docs.resolve_url("$baseUrl/$category/redundant-existence-check", "bugs"),
@@ -47,3 +47,22 @@ test_success_not_redundant_existence_check_with_cancels if {
 	r := rule.report with input as module
 	r == set()
 }
+
+test_fail_redundant_existence_check_head_assignment_of_ref if {
+	module := ast.with_rego_v1(`
+	redundant := input.foo if {
+		input.foo
+	}`)
+	r := rule.report with input as module
+	r == {{
+		"category": "bugs",
+		"description": "Redundant existence check",
+		"level": "error",
+		"location": {"col": 3, "file": "policy.rego", "row": 7, "text": "\t\tinput.foo", "end": {"col": 12, "row": 7}},
+		"related_resources": [{
+			"description": "documentation",
+			"ref": config.docs.resolve_url("$baseUrl/$category/redundant-existence-check", "bugs"),
+		}],
+		"title": "redundant-existence-check",
+	}}
+}
