feat(misconf): Register rego rules on init

pkg/fanal/secret/builtin-rules.go

@@ -3,10 +3,10 @@ package secret
 import (
 	"fmt"
 
+	"github.com/aquasecurity/trivy/pkg/iac/rego"
 	"github.com/samber/lo"
 
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
-	iacRules "github.com/aquasecurity/trivy/pkg/iac/rules"
 )
 
 var (
@@ -89,9 +89,9 @@ func GetBuiltinRules() []Rule {
 }
 
 // This function is exported for trivy-plugin-aqua purposes only
-func GetSecretRulesMetadata() []iacRules.Check {
-	return lo.Map(builtinRules, func(rule Rule, i int) iacRules.Check {
-		return iacRules.Check{
+func GetSecretRulesMetadata() []rego.Check {
+	return lo.Map(builtinRules, func(rule Rule, i int) rego.Check {
+		return rego.Check{
 			Name:        rule.ID,
 			Description: rule.Title,
 		}

pkg/iac/rego/embed.go

@@ -11,7 +11,6 @@ import (
 	"github.com/open-policy-agent/opa/ast"
 
 	checks "github.com/aquasecurity/trivy-checks"
-	"github.com/aquasecurity/trivy/pkg/iac/rules"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/set"
 )
@@ -70,7 +69,7 @@ func RegisterRegoRules(modules map[string]*ast.Module) {
 			regoCheckIDs.Append(metadata.AVDID)
 		}
 
-		rules.Register(metadata.ToRule())
+		Register(metadata.ToRule())
 	}
 }
 

pkg/iac/rego/embed_test.go

@@ -8,14 +8,13 @@ import (
 	"github.com/stretchr/testify/require"
 
 	checks "github.com/aquasecurity/trivy-checks"
-	"github.com/aquasecurity/trivy/pkg/iac/rules"
 	"github.com/aquasecurity/trivy/pkg/iac/scan"
 )
 
 func Test_EmbeddedLoading(t *testing.T) {
 	LoadAndRegister()
 
-	frameworkRules := rules.GetRegistered()
+	frameworkRules := GetRegistered()
 	var found bool
 	for _, rule := range frameworkRules {
 		if rule.GetRule().RegoPackage != "" {
@@ -197,7 +196,7 @@ deny[res]{
 				RegisterRegoRules(policies)
 			})
 
-			for _, rule := range rules.GetRegistered() {
+			for _, rule := range GetRegistered() {
 				if rule.AVDID == tc.id {
 					assert.Equal(t, tc.expected.Deprecated, rule.GetRule().Deprecated, tc.name)
 				}

pkg/iac/rules/providers.go → pkg/iac/rego/providers.go

@@ -1,7 +1,8 @@
-package rules
+package rego
 
 import (
 	"encoding/json"
+	"sort"
 	"strings"
 )
 
@@ -92,35 +93,34 @@ func GetProviders() (providers []Provider) {
 		})
 	}
 
+	sort.Slice(providers, func(i, j int) bool {
+		return providers[i].Name < providers[j].Name
+	})
 	return providers
 }
 
 func GetProvidersAsJson() ([]byte, error) {
-
 	providers := GetProviders()
-
 	return json.MarshalIndent(providers, "", "  ")
 }
 
 func GetProviderNames() []string {
-
 	registeredRules := GetRegistered()
 
 	providers := make(map[string]bool)
 
 	for _, rule := range registeredRules {
-
 		if _, ok := providers[rule.GetRule().Provider.DisplayName()]; !ok {
 			providers[rule.GetRule().Provider.DisplayName()] = true
 		}
-
 	}
 
 	var uniqueProviders []string
 	for p := range providers {
 		uniqueProviders = append(uniqueProviders, p)
 	}
 
+	sort.Strings(uniqueProviders)
 	return uniqueProviders
 
 }
@@ -147,6 +147,7 @@ func GetProviderServiceNames(providerName string) []string {
 		uniqueServices = append(uniqueServices, p)
 	}
 
+	sort.Strings(uniqueServices)
 	return uniqueServices
 }
 

pkg/iac/rego/providers_test.go

@@ -0,0 +1,50 @@
+package rego
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetProviderNames(t *testing.T) {
+	assert.Equal(t, []string{"AWS", "Azure", "Cloudstack", "Digital Ocean", "Dockerfile", "GitHub", "Google", "Kubernetes", "Nifcloud", "OpenStack", "Oracle"}, GetProviderNames())
+}
+
+func TestGetProviderServiceNames(t *testing.T) {
+	testCases := []struct {
+		provider         string
+		expectedServices []string
+	}{
+		{
+			provider:         "aws",
+			expectedServices: []string{"apigateway", "athena", "cloudfront", "cloudtrail", "cloudwatch", "codebuild", "config", "documentdb", "dynamodb", "ec2", "ecr", "ecs", "efs", "eks", "elasticache", "elasticsearch", "elb", "emr", "iam", "kinesis", "kms", "lambda", "mq", "msk", "neptune", "rds", "redshift", "s3", "sam", "sns", "sqs", "ssm", "workspaces"},
+		},
+		{
+			provider:         "azure",
+			expectedServices: []string{"appservice", "authorization", "compute", "container", "database", "datafactory", "datalake", "keyvault", "monitor", "network", "security-center", "storage", "synapse"},
+		},
+		{
+			provider:         "digital ocean",
+			expectedServices: []string{"compute", "spaces"},
+		},
+		{
+			provider:         "dockerfile",
+			expectedServices: []string{"general"},
+		},
+		{
+			provider:         "google",
+			expectedServices: []string{"bigquery", "compute", "dns", "gke", "iam", "kms", "sql", "storage"},
+		},
+		{
+			provider:         "kubernetes",
+			expectedServices: []string{"general", "network"},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.provider, func(t *testing.T) {
+			assert.Equal(t, tc.expectedServices, GetProviderServiceNames(tc.provider))
+		})
+	}
+
+}

pkg/iac/rules/register.go → pkg/iac/rego/register.go

@@ -1,4 +1,4 @@
-package rules
+package rego
 
 import (
 	"sync"

pkg/iac/rules/register_test.go → pkg/iac/rego/register_test.go

@@ -1,4 +1,4 @@
-package rules
+package rego
 
 import (
 	"fmt"

pkg/iac/rego/rules.go

@@ -0,0 +1,12 @@
+package rego
+
+import (
+	trules "github.com/aquasecurity/trivy-checks/pkg/rules"
+)
+
+func init() {
+	LoadAndRegister()
+	for _, r := range trules.GetRules() {
+		Register(r)
+	}
+}

pkg/iac/scanners/terraform/performance_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"github.com/aquasecurity/trivy/internal/testutil"
-	"github.com/aquasecurity/trivy/pkg/iac/rules"
+	"github.com/aquasecurity/trivy/pkg/iac/rego"
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/executor"
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser"
 )
@@ -43,7 +43,7 @@ module "something" {
 }
 `
 
-	for _, rule := range rules.GetRegistered() {
+	for _, rule := range rego.GetRegistered() {
 		if rule.GetRule().Terraform == nil {
 			continue
 		}