-
Notifications
You must be signed in to change notification settings - Fork 17
/
builtins.go
83 lines (70 loc) · 1.85 KB
/
builtins.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package opa
import (
"github.com/boostsecurityio/poutine/models"
"github.com/hashicorp/go-version"
"github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/rego"
"github.com/open-policy-agent/opa/types"
)
func registerBuiltinFunctions() {
rego.RegisterBuiltin1(
®o.Function{
Name: "purl.parse_docker_image",
Decl: types.NewFunction(types.Args(types.S), types.S),
},
func(_ rego.BuiltinContext, a *ast.Term) (*ast.Term, error) {
var uses string
if err := ast.As(a.Value, &uses); err != nil {
return nil, err
}
purl, err := models.PurlFromDockerImage(uses)
if err != nil {
return nil, err
}
return ast.StringTerm(purl.String()), nil
},
)
rego.RegisterBuiltin1(
®o.Function{
Name: "purl.parse_github_actions",
Decl: types.NewFunction(types.Args(types.S), types.S),
},
func(_ rego.BuiltinContext, a *ast.Term) (*ast.Term, error) {
var uses string
if err := ast.As(a.Value, &uses); err != nil {
return nil, err
}
purl, err := models.PurlFromGithubActions(uses)
if err != nil {
return nil, err
}
return ast.StringTerm(purl.String()), nil
},
)
rego.RegisterBuiltin2(
®o.Function{
Name: "semver.constraint_check",
Decl: types.NewFunction(types.Args(types.S, types.S), types.S),
},
func(_ rego.BuiltinContext, a *ast.Term, b *ast.Term) (*ast.Term, error) {
var constraintsStr string
if err := ast.As(a.Value, &constraintsStr); err != nil {
return nil, err
}
var versionStr string
if err := ast.As(b.Value, &versionStr); err != nil {
return nil, err
}
semver, err := version.NewVersion(versionStr)
if err != nil {
print(err)
return nil, err
}
constraints, err := version.NewConstraint(constraintsStr)
if err != nil {
return nil, err
}
return ast.BooleanTerm(constraints.Check(semver)), nil
},
)
}