feat(queries): implementation of regal for linting rego files

[ArturRibeiro-CX]

This PR integrates the Regal linter for Rego files in KICS to support query maintanance, reusability and best practices. As KICS uses Rego extensively to build queries, adding a linter helps ensuring consistency and quality across our codebase.

Thanks to the contributors who initiated the discussions and provided input for this addition. 🥳 🙌

Closes #6774

Reason for Proposed Changes

• Improve code quality, maintainability and consistency by applying the Regal linter to Rego files;
• Implement linter rules that follow best practices while leaving flexibility to refine rules over time (through rego_config.yaml);

Proposed Changes

• Add Regal Linter (v1.0.0) for Rego files;
• Create a configuration file ( rego_config.yaml) to specify which linter rules to enforce or ignore;
• Update Rego queries to to address linting issues.

Fixed Lint Problems:

• opa-fmt:
  • All files were formatted using opa fmt, which removes unnecessary whitespace, replaces spaces with tabs, and ensures consistent formatting across the codebase. This command helps maintain a clean and readable structure.
  • To check for formatting issues or automatically fix them, you can run the command:
    opa fmt -w <path_to_rego_file>
  • However, there are still a few files that did not properly format after running the command:
  • /openapi.rego
  • /cloudFormation/aws_bom/dynamo/query.rego
  • /openAPI/2.0/non_body_parameter_with_schema/query.rego
  • /openAPI/general/example_not_compliant_with_schema_type/query.rego
  • /openAPI/general/path_parameter_not_required/query.rego
  • /terraform/aws_bom/dynamo/query.rego
  • /openAPI/2.0/body_parameter_with_wrong_property/query.rego
  • /openAPI/2.0/body_parameter_without_schema/query.rego
  • /openAPI/2.0/multi_body_parameters_same_operation/query.rego
  • /openAPI/2.0/multi_collectionformat_not_valid_in_parameter/query.rego
  • /openAPI/2.0/object_without_required_property/query.rego
  • /openAPI/2.0/operation_object_parameters_with_body_and_formatdata/query.rego
  • /openAPI/2.0/parameter_file_type_not_in_formdata/query.rego
  • /openAPI/3.0/property_allow_empty_value_ignored/query.rego
  • /openAPI/3.0/property_allow_reserved_improperly_defined/query.rego
  • /openAPI/general/parameter_objects_headers_dup_name/query.rego
  • /openAPI/general/parameters_name_in_not_unique/query.rego
  • /openAPI/general/path_parameter_with_no_corresponding_template_path/query.rego
  • /openAPI/general/property_allow_empty_value_improperly_defined/query.rego
  • /openAPI/general/template_path_parameter_with_no_corresponding_path_parameter/query.rego
  • After running the commands opa fmt --diff <path_to_rego_file> and opa fmt --check-result <path_to_rego_file>, the output remained the same, leaving me confused about the specific formatting issues in these files. All other files were successfully fixed by these commands/analysis, so it’s unclear why these particular files remain problematic.
• rule-shadows-builtin:
  • Renamed custom functions that conflicted with Rego's built-in functions. This change eliminates potential conflicts and ensures that custom logic doesn’t unintentionally override or interfere with built-in functionality.
• non-raw-regex-pattern:
  • Fixed 118 violations by changing regex patterns from "" (double quotes) to ´´ (backticks). This reduces redundant escaping within the regular expressions and significantly improves readability and maintainability of the patterns.
• use-in-operator:
  • Fixed 42 violations by replacing manual membership checks with the in operator. This change clarifies the intent of the code and reduces the chance of errors, especially in cases where we are checking if something is not part of a collection. For example, changing x != [] to x not in [] makes the check more explicit and readable.
• no-whitespace-comment:
  • Added a whitespace character to the beginning of all comments to ensure consistency with code style guidelines. Additionally, fixed several typos in comments to improve clarity and ensure that they are helpful and informative.
• prefer-some-in-iteration:
  • Made numerous fixes related to the prefer-some-in-iteration rule, which encourages using the some function in iterations for better performance and clarity. While I made substantial progress, there are still many more files that could benefit from this change. Given that reviewing 1000+ file changes is already a significant task, I decided to stop for now. The full implementation of this rule across all 2531 KICS queries (approximately 1700 files plus libraries) would be a massive effort. However, it’s worth noting that this change significantly improves code readability and maintainability, even if it’s not a critical priority for Rego linting.
  • Since we were using variables to iterate that we did not use for anything else, most of the changes done were refactors to eliminate unnecessary intermediate variables, replacing constructs like demonstrated below:

    # before
    variable := input.document[i].resources...
    # after
    some document in input.document
    variable := document.resources...

• equals-pattern-matching:
  • Fixed multiple issues with pattern matching to ensure consistency and correctness. There is still one case left to address, which requires further review to ensure that the pattern matching behaves as expected without introducing errors.
• custom-has-key-construct:
  • Resolved all issues related to custom functions used for key existence checks. These were replaced with the more efficient and standard in operator and object.keys method, ensuring better performance and adherence to Rego best practices.

Documentation Links:

• Styra Documentation
• Action setup-regal Official Github Page
• Regal Official Github Page
• Styra-Renovating Rego Blog Post

I submit this contribution under the Apache-2.0 license.

[github-actions]

KICS version: v2.1.3

Category Results CRITICAL 0 HIGH 0 MEDIUM 0 LOW 0 INFO 0 TRACE 0 TOTAL 0	Metric Values Files scanned 1 Files parsed 1 Files failed to scan 0 Total executed queries 48 Queries failed to execute 0 Execution time 0