-
Notifications
You must be signed in to change notification settings - Fork 3
Regal showcase #30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Regal showcase #30
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
reviews: | ||
path_filters: ["**/*.yml","**/*.yaml","**/*.rego"] |
Original file line number | Diff line number | Diff line change | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
@@ -0,0 +1,41 @@ | ||||||||||||||||||||||
package authz | ||||||||||||||||||||||
|
||||||||||||||||||||||
default allow = false | ||||||||||||||||||||||
|
||||||||||||||||||||||
ALLOW := true | ||||||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Remove unused constant This constant is defined but never referenced in the policy. 🤖 Prompt for AI Agents
|
||||||||||||||||||||||
|
||||||||||||||||||||||
x := 1 | ||||||||||||||||||||||
x := 2 | ||||||||||||||||||||||
Comment on lines
+7
to
+8
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fix duplicate assignment to variable Variable Remove one of the assignments or use different variable names: -x := 1
-x := 2
+x1 := 1
+x2 := 2 📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents
|
||||||||||||||||||||||
|
||||||||||||||||||||||
unused1 := "test" | ||||||||||||||||||||||
unused2 := input.fake.value | ||||||||||||||||||||||
Comment on lines
+10
to
+11
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Remove unused variables. Variables 🤖 Prompt for AI Agents
|
||||||||||||||||||||||
|
||||||||||||||||||||||
deny[msg] { | ||||||||||||||||||||||
some x | ||||||||||||||||||||||
input.user == "admin" | ||||||||||||||||||||||
input.user == "admin" | ||||||||||||||||||||||
msg := "Access granted" | ||||||||||||||||||||||
} | ||||||||||||||||||||||
Comment on lines
+13
to
+18
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fix contradictory logic in The deny rule returns "Access granted" which is semantically incorrect. Also, it has redundant conditions and an unused variable declaration. Apply this fix: deny[msg] {
- some x
- input.user == "admin"
input.user == "admin"
- msg := "Access granted"
+ msg := "Access denied: admin access restricted"
} 📝 Committable suggestion
Suggested change
🧰 Tools🪛 Regal (0.35.1)[error] 15-15: Non-loop expression (performance) [error] 16-16: Non-loop expression (performance) 🤖 Prompt for AI Agents
|
||||||||||||||||||||||
|
||||||||||||||||||||||
allow { | ||||||||||||||||||||||
x == "user" | ||||||||||||||||||||||
x := "user" | ||||||||||||||||||||||
count(x) | ||||||||||||||||||||||
true | ||||||||||||||||||||||
} | ||||||||||||||||||||||
Comment on lines
+20
to
+25
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fix logical errors in The rule has several issues:
Consider this corrected logic: allow {
- x == "user"
- x := "user"
- count(x)
- true
+ input.user == "user"
} 📝 Committable suggestion
Suggested change
🧰 Tools🪛 Regal (0.35.1)[error] 24-24: Constant condition (bugs) [error] 23-23: Non-boolean return value unassigned (bugs) 🤖 Prompt for AI Agents
|
||||||||||||||||||||||
|
||||||||||||||||||||||
result := { | ||||||||||||||||||||||
"status": 200, | ||||||||||||||||||||||
"message": msg | ||||||||||||||||||||||
} | ||||||||||||||||||||||
Comment on lines
+27
to
+30
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fix undefined variable The Either define result := {
"status": 200,
- "message": msg
+ "message": "OK"
} 📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents
|
||||||||||||||||||||||
|
||||||||||||||||||||||
foo { | ||||||||||||||||||||||
bar := [1, 2, 3] | ||||||||||||||||||||||
bar = bar | ||||||||||||||||||||||
} | ||||||||||||||||||||||
Comment on lines
+32
to
+35
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Remove or fix meaningless The rule assigns a value and then checks if it equals itself, which is always true and serves no purpose. Either remove this rule or implement meaningful logic. 🤖 Prompt for AI Agents
|
||||||||||||||||||||||
|
||||||||||||||||||||||
token_check { | ||||||||||||||||||||||
x := split("abc.def.ghi", ".") | ||||||||||||||||||||||
x[1] == "def" | ||||||||||||||||||||||
} | ||||||||||||||||||||||
Comment on lines
+37
to
+40
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🛠️ Refactor suggestion Consider using input data instead of hardcoded string. The token check uses a hardcoded string which isn't practical for real token validation. Consider using input data: token_check {
- x := split("abc.def.ghi", ".")
+ x := split(input.token, ".")
x[1] == "def"
} 📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents
|
||||||||||||||||||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
format: | ||
max-line-length: 100 | ||
indentation: 2 | ||
|
||
lint: | ||
enabled: true | ||
severity: | ||
default: error # Escalated for CI to catch violations | ||
|
||
rules: | ||
- no-unused-vars | ||
- no-shadowing | ||
- test-missing-assertion | ||
- test-does-nothing | ||
- var-uppercase | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Add
import rego.v1
for modern Rego compatibility.Modern Rego policies should include the v1 import for better compatibility and to enable v1 features.
Add this after the package declaration:
📝 Committable suggestion
🧰 Tools
🪛 Regal (0.35.1)
[error] 1-1: Directory structure should mirror package
(idiomatic)
[error] 1-1: Use
import rego.v1
(imports)
🤖 Prompt for AI Agents