chore: remove Go checks (#7907)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

pkg/fanal/artifact/local/fs_test.go

@@ -918,7 +918,6 @@ func TestTerraformPlanSnapshotMisconfScan(t *testing.T) {
 					types.SystemFileFilteringPostHandler,
 				},
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					DisableEmbeddedPolicies:  true,
 					DisableEmbeddedLibraries: false,
 					Namespaces:               []string{"user"},
@@ -956,7 +955,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/single-failure/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1017,7 +1015,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/multiple-failures/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1100,7 +1097,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/no-results/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1131,7 +1127,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/params/code/rego"},
 					CloudFormationParamVars:  []string{"./testdata/misconfig/cloudformation/params/cfparams.json"},
@@ -1188,7 +1183,6 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/cloudformation/passed/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1275,7 +1269,6 @@ func TestDockerfileMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/dockerfile/single-failure/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1332,7 +1325,6 @@ func TestDockerfileMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/dockerfile/multiple-failures/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1389,7 +1381,6 @@ func TestDockerfileMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/dockerfile/no-results/rego"},
 				},
@@ -1419,7 +1410,6 @@ func TestDockerfileMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/dockerfile/passed/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1508,7 +1498,6 @@ func TestKubernetesMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/kubernetes/single-failure/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1570,7 +1559,6 @@ func TestKubernetesMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/kubernetes/multiple-failures/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1655,7 +1643,6 @@ func TestKubernetesMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/kubernetes/no-results/rego"},
 				},
@@ -1685,7 +1672,6 @@ func TestKubernetesMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/kubernetes/passed/rego"},
 					DisableEmbeddedLibraries: true,
@@ -1774,7 +1760,6 @@ func TestAzureARMMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/azurearm/single-failure/rego"},
 				},
@@ -1834,7 +1819,6 @@ func TestAzureARMMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/azurearm/multiple-failures/rego"},
 				},
@@ -1916,7 +1900,6 @@ func TestAzureARMMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/azurearm/no-results/rego"},
 				},
@@ -1946,7 +1929,6 @@ func TestAzureARMMisconfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/azurearm/passed/rego"},
 				},
@@ -2032,7 +2014,6 @@ func TestMixedConfigurationScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:                 true,
 					Namespaces:               []string{"user"},
 					PolicyPaths:              []string{"./testdata/misconfig/mixed/rego"},
 					DisableEmbeddedLibraries: true,
@@ -2153,7 +2134,6 @@ func TestJSONConfigScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/json/passed/checks"},
 				},
@@ -2226,7 +2206,6 @@ func TestJSONConfigScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/json/with-schema/checks"},
 				},
@@ -2316,7 +2295,6 @@ func TestYAMLConfigScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/yaml/passed/checks"},
 				},
@@ -2389,7 +2367,6 @@ func TestYAMLConfigScan(t *testing.T) {
 			},
 			artifactOpt: artifact.Option{
 				MisconfScannerOption: misconf.ScannerOption{
-					RegoOnly:    true,
 					Namespaces:  []string{"user"},
 					PolicyPaths: []string{"./testdata/misconfig/yaml/with-schema/checks"},
 				},

pkg/iac/rego/embed.go

@@ -71,15 +71,6 @@ func RegisterRegoRules(modules map[string]*ast.Module) {
 
 		rules.Register(metadata.ToRule())
 	}
-
-	for _, check := range rules.GetRegistered() {
-		if !check.Deprecated && check.CanCheck() {
-			if _, exists := regoCheckIDs[check.AVDID]; exists {
-				log.Warn("Ignore duplicate Go check", log.String("avdid", check.AVDID))
-				rules.Deregister(check)
-			}
-		}
-	}
 }
 
 func LoadEmbeddedPolicies() (map[string]*ast.Module, error) {

pkg/iac/rego/embed_test.go

@@ -2,7 +2,6 @@ package rego
 
 import (
 	"testing"
-	"testing/fstest"
 
 	"github.com/open-policy-agent/opa/ast"
 	"github.com/stretchr/testify/assert"
@@ -11,7 +10,6 @@ import (
 	checks "github.com/aquasecurity/trivy-checks"
 	"github.com/aquasecurity/trivy/pkg/iac/rules"
 	"github.com/aquasecurity/trivy/pkg/iac/scan"
-	"github.com/aquasecurity/trivy/pkg/iac/state"
 )
 
 func Test_EmbeddedLoading(t *testing.T) {
@@ -207,49 +205,3 @@ deny[res]{
 		})
 	}
 }
-
-func Test_IgnoreDuplicateChecks(t *testing.T) {
-	rules.Reset()
-
-	r := scan.Rule{
-		AVDID: "TEST001",
-		Check: func(s *state.State) (results scan.Results) {
-			for _, bucket := range s.AWS.S3.Buckets {
-				if bucket.Name.Value() == "evil" {
-					results.Add("Bucket name should not be evil", bucket.Name)
-				}
-			}
-			return
-		},
-	}
-	reg := rules.Register(r)
-	defer rules.Deregister(reg)
-
-	fsys := fstest.MapFS{
-		"test.rego": &fstest.MapFile{
-			Data: []byte(`
-# METADATA
-# title: "Test rego"
-# scope: package
-# schemas:
-# - input: schema["cloud"]
-# custom:
-#   avd_id: TEST001
-#   severity: LOW
-package user.test001
-
-deny[res] {
-	res := result.new("test", {})
-}
-`),
-		},
-	}
-
-	modules, err := LoadPoliciesFromDirs(fsys, ".")
-	require.NoError(t, err)
-
-	RegisterRegoRules(modules)
-	registered := rules.GetRegistered()
-	assert.Len(t, registered, 1)
-	assert.Equal(t, "TEST001", registered[0].AVDID)
-}

pkg/iac/rego/options.go

@@ -4,6 +4,7 @@ import (
 	"io"
 	"io/fs"
 
+	"github.com/aquasecurity/trivy/pkg/iac/framework"
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/options"
 )
 
@@ -117,3 +118,19 @@ func WithDisabledCheckIDs(ids ...string) options.ScannerOption {
 		}
 	}
 }
+
+func WithIncludeDeprecatedChecks(enabled bool) options.ScannerOption {
+	return func(s options.ConfigurableScanner) {
+		if ss, ok := s.(*Scanner); ok {
+			ss.includeDeprecatedChecks = true
+		}
+	}
+}
+
+func WithFrameworks(frameworks ...framework.Framework) options.ScannerOption {
+	return func(s options.ConfigurableScanner) {
+		if ss, ok := s.(*Scanner); ok {
+			ss.frameworks = frameworks
+		}
+	}
+}

pkg/iac/rego/scanner.go

@@ -73,16 +73,6 @@ type Scanner struct {
 	disabledCheckIDs map[string]struct{}
 }
 
-func (s *Scanner) SetIncludeDeprecatedChecks(b bool) {
-	s.includeDeprecatedChecks = b
-}
-
-func (s *Scanner) SetRegoOnly(bool) {}
-
-func (s *Scanner) SetFrameworks(frameworks []framework.Framework) {
-	s.frameworks = frameworks
-}
-
 func (s *Scanner) trace(heading string, input any) {
 	if s.traceWriter == nil {
 		return