Merge pull request #1 from vktrbrlv/commit-actions-loop

commit in loop action
mxlint · Sep 23, 2024 · c2e604f · c2e604f
2 parents ec3a45e + b55cd1b
commit c2e604f
Show file tree

Hide file tree

Showing 3 changed files with 167 additions and 1 deletion.
diff --git a/rules/005_microflows/005_0002_commit_actions_with_a_loop.rego b/rules/005_microflows/005_0002_commit_actions_with_a_loop.rego
@@ -0,0 +1,62 @@
+# METADATA
+# scope: package
+# title: Commit actions with a loop
+# description: Commiting objects within a loop will fire a SQL Update query for each iteration.
+# authors:
+# - Viktor Berlov <[email protected]>
+# custom:
+#  category: Microflows
+#  rulename: AvoidCommitInLoop
+#  severity: MEDIUM
+#  rulenumber: 005_0002
+#  remediation: Consider committing objects outside the loop. Within the loop, add them to a list.
+#  input: "*/**/*$Microflow.yaml"
+package app.mendix.microflows.commit_actions_with_a_loop
+
+import rego.v1
+
+annotation := rego.metadata.chain()[1].annotations
+
+default allow := false
+
+allow if count(errors) == 0
+
+errors contains error if {
+	name := input.Name
+	main_function := input.MainFunction
+
+	some attr in main_function
+	attr.Attributes["$Type"] == "Microflows$LoopedActivity"
+	some commit_action in attr.Attributes.ObjectCollection.Objects
+	commit_action.Action["$Type"] == "Microflows$CommitAction"
+
+	error := sprintf(
+		"[%v, %v, %v] Commit actions inside %v loop",
+		[
+			annotation.custom.severity,
+			annotation.custom.category,
+			annotation.custom.rulenumber,
+			name,
+		],
+	)
+}
+
+errors contains error if {
+	name := input.Name
+	main_function := input.MainFunction
+	some attr in main_function
+	attr.Attributes["$Type"] == "Microflows$LoopedActivity"
+	some change_action in attr.Attributes.ObjectCollection.Objects
+	change_action.Action["$Type"] == "Microflows$ChangeAction"
+	change_action.Action.Commit == "Yes"
+
+	error := sprintf(
+		"[%v, %v, %v] Commit set to Yes for Change actions inside %v loop",
+		[
+			annotation.custom.severity,
+			annotation.custom.category,
+			annotation.custom.rulenumber,
+			name,
+		],
+	)
+}
diff --git a/rules/005_microflows/005_0002_commit_actions_with_a_loop_test.rego b/rules/005_microflows/005_0002_commit_actions_with_a_loop_test.rego
@@ -0,0 +1,104 @@
+package app.mendix.microflows.commit_actions_with_a_loop_test
+
+import data.app.mendix.microflows.commit_actions_with_a_loop
+import rego.v1
+
+# Test data
+loop_commit_good_empty_objects := {
+	"$Type": "Microflow$Microflow",
+	"Name": "MicroflowForLoop",
+	"MainFunction": [{"Attributes": {
+		"$Type": "Microflows$LoopedActivity",
+		"ObjectCollection": {
+			"$Type": "Microflows$MicroflowObjectCollection",
+			"Objects": null,
+		},
+	}}],
+}
+
+loop_commit_good_objects := {
+	"$Type": "Microflow$Microflow",
+	"Name": "MicroflowForLoop",
+	"MainFunction": [{"Attributes": {
+		"$Type": "Microflows$LoopedActivity",
+		"ObjectCollection": {
+			"$Type": "Microflows$MicroflowObjectCollection",
+			"Objects": [{
+				"$Type": "Microflows$ActionActivity",
+				"Action": {
+					"$Type": "Microflows$ChangeAction",
+					"Commit": "No",
+				},
+			}],
+		},
+	}}],
+}
+
+loop_commit_bad_commit_action := {
+	"$Type": "Microflow$Microflow",
+	"Name": "MicroflowForLoop",
+	"MainFunction": [{"Attributes": {
+		"$Type": "Microflows$LoopedActivity",
+		"ObjectCollection": {
+			"$Type": "Microflows$MicroflowObjectCollection",
+			"Objects": [{
+				"$Type": "Microflows$ActionActivity",
+				"Action": {"$Type": "Microflows$CommitAction"},
+			}],
+		},
+	}}],
+}
+
+loop_commit_bad_change_action := {
+	"$Type": "Microflow$Microflow",
+	"Name": "MicroflowForLoop",
+	"MainFunction": [{"Attributes": {
+		"$Type": "Microflows$LoopedActivity",
+		"ObjectCollection": {
+			"$Type": "Microflows$MicroflowObjectCollection",
+			"Objects": [{
+				"$Type": "Microflows$ActionActivity",
+				"Action": {
+					"$Type": "Microflows$ChangeAction",
+					"Commit": "Yes",
+				},
+			}],
+		},
+	}}],
+}
+
+loop_commit_bad_all := {
+	"$Type": "Microflow$Microflow",
+	"Name": "MicroflowForLoop",
+	"MainFunction": [{"Attributes": {
+		"$Type": "Microflows$LoopedActivity",
+		"ObjectCollection": {
+			"$Type": "Microflows$MicroflowObjectCollection",
+			"Objects": [
+				{
+					"$Type": "Microflows$ActionActivity",
+					"Action": {"$Type": "Microflows$CommitAction"},
+				},
+				{
+					"$Type": "Microflows$ActionActivity",
+					"Action": {
+						"$Type": "Microflows$ChangeAction",
+						"Commit": "Yes",
+					},
+				},
+			],
+		},
+	}}],
+}
+
+# Test cases
+test_loop_commit_good if {
+	commit_actions_with_a_loop.allow with input as loop_commit_good_empty_objects
+	commit_actions_with_a_loop.allow with input as loop_commit_good_objects
+}
+
+test_loop_commit_bad if {
+	not commit_actions_with_a_loop.allow with input as loop_commit_bad_commit_action
+	not commit_actions_with_a_loop.allow with input as loop_commit_bad_change_action
+	not commit_actions_with_a_loop.allow with input as loop_commit_bad_all
+}
diff --git a/scripts/run-policy-tests.sh b/scripts/run-policy-tests.sh
@@ -23,4 +23,4 @@ if [ ! -f "$OPA" ]; then
     chmod +x "$OPA"
 fi
 
-$OPA test -v policies
+$OPA test -v rules