fix code smells

tenable · Dec 23, 2020 · 451e72c · 451e72c
1 parent e0c2e07
commit 451e72c
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 45 deletions.
diff --git a/pkg/policy/opa/engine.go b/pkg/policy/opa/engine.go
@@ -403,37 +403,47 @@ func (e *Engine) Evaluate(engineInput policy.EngineInput) (policy.EngineOutput,
 }
 
 func filterRules(e *Engine, policyPath string, scanRules, skipRules []string) {
-	// before compilation, apply scan rules and skip rules
+	// apply scan rules
 	if len(scanRules) > 0 {
-		// temporary map to store data from original rego data map
-		tempMap := make(map[string]*RegoData)
-		for _, ruleID := range scanRules {
-			regoData, ok := e.regoDataMap[ruleID]
-			if ok {
-				zap.S().Infof("scan rule added. rule id: %+v found in policy path: %s", ruleID, policyPath)
-				tempMap[ruleID] = regoData
-			} else {
-				zap.S().Warnf("scan rule id: %+v not found in policy path: %s", ruleID, policyPath)
-			}
-		}
-		if len(tempMap) == 0 {
-			zap.S().Warnf("scan rule id's: %+v not found in policy path: %s", scanRules, policyPath)
-		}
-
-		// the regoDataMap should only contain regoData for supplied scan rules
-		e.regoDataMap = tempMap
+		filterScanRules(e, policyPath, scanRules)
 	}
 
+	// apply skip rules
 	if len(skipRules) > 0 {
-		// remove rules to be skipped from the rego data map
-		for _, ruleID := range skipRules {
-			_, ok := e.regoDataMap[ruleID]
-			if ok {
-				zap.S().Infof("skip rule added. rule id: %+v found in policy path: %s", ruleID, policyPath)
-				delete(e.regoDataMap, ruleID)
-			} else {
-				zap.S().Warnf("skip rule id: %+v not found in policy path: %s", ruleID, policyPath)
-			}
+		filterSkipRules(e, policyPath, skipRules)
+	}
+}
+
+func filterScanRules(e *Engine, policyPath string, scanRules []string) {
+
+	// temporary map to store data from original rego data map
+	tempMap := make(map[string]*RegoData)
+	for _, ruleID := range scanRules {
+		regoData, ok := e.regoDataMap[ruleID]
+		if ok {
+			zap.S().Infof("scan rule added. rule id: %+v found in policy path: %s", ruleID, policyPath)
+			tempMap[ruleID] = regoData
+		} else {
+			zap.S().Warnf("scan rule id: %+v not found in policy path: %s", ruleID, policyPath)
+		}
+	}
+	if len(tempMap) == 0 {
+		zap.S().Warnf("scan rule id's: %+v not found in policy path: %s", scanRules, policyPath)
+	}
+
+	// the regoDataMap should only contain regoData for supplied scan rules
+	e.regoDataMap = tempMap
+}
+
+func filterSkipRules(e *Engine, policyPath string, skipRules []string) {
+	// remove rules to be skipped from the rego data map
+	for _, ruleID := range skipRules {
+		_, ok := e.regoDataMap[ruleID]
+		if ok {
+			zap.S().Infof("skip rule added. rule id: %+v found in policy path: %s", ruleID, policyPath)
+			delete(e.regoDataMap, ruleID)
+		} else {
+			zap.S().Warnf("skip rule id: %+v not found in policy path: %s", ruleID, policyPath)
 		}
 	}
 }
diff --git a/pkg/runtime/executor.go b/pkg/runtime/executor.go
@@ -178,36 +178,42 @@ func (e *Executor) initScanAndSkipRules() error {
 			return err
 		}
 
-		if configData.Has("rules") {
+		if configData.Has(rulesKey) {
+
+			data := (configData.Get(rulesKey)).(*toml.Tree)
+
 			// read scan rules in the toml tree
-			data := (configData.Get("rules")).(*toml.Tree)
-			scanRules, err := getRulesInTomlTree(data, e.configFile, "scan-rules")
-			if err != nil {
-				zap.S().Error("error reading config file", zap.Error(err))
+			if err := initRules(e, data, scanRulesKey); err != nil {
 				return err
 			}
-			if len(scanRules) > 0 {
-				e.scanRules = append(e.scanRules, scanRules...)
-			} else {
-				zap.S().Debugf("key 'scan-rules' not found in the config file: %s", e.configFile)
-			}
 
 			// read skip rules in the toml tree
-			skipRules, err := getRulesInTomlTree(data, e.configFile, "skip-rules")
-			if err != nil {
-				zap.S().Error("error reading config file", zap.Error(err))
+			if err := initRules(e, data, skipRulesKey); err != nil {
 				return err
 			}
-			if len(skipRules) > 0 {
-				e.skipRules = append(e.skipRules, skipRules...)
-			} else {
-				zap.S().Debugf("key 'skip-rules' not found in the config file: %s", e.configFile)
-			}
 		}
 	}
 	return nil
 }
 
+func initRules(e *Executor, tree *toml.Tree, key string) error {
+	rules, err := getRulesInTomlTree(tree, e.configFile, key)
+	if err != nil {
+		zap.S().Error("error reading config file", zap.Error(err))
+		return err
+	}
+	if len(rules) > 0 {
+		if key == scanRulesKey {
+			e.scanRules = append(e.scanRules, rules...)
+		} else {
+			e.skipRules = append(e.skipRules, rules...)
+		}
+	} else {
+		zap.S().Debugf("key '%s' not found in the config file: %s", key, e.configFile)
+	}
+	return nil
+}
+
 func getRulesInTomlTree(tree *toml.Tree, configFile, key string) ([]string, error) {
 	ruleSlice := make([]string, 0)
 	if tree.Has(key) {