use included_envs from data

Signed-off-by: Nikita Pivkin <[email protected]>

checks/docker/leaked_secrets.rego

@@ -18,6 +18,7 @@ package builtin.dockerfile.DS031
 
 import rego.v1
 
+import data.ds031
 import data.lib.docker
 import data.lib.path
 
@@ -99,7 +100,10 @@ default_envs := {
 
 excluded_envs := set()
 
-included_envs := set()
+included_envs := included if {
+ is_array(ds031.included_envs)
+ included := {e | some e in ds031.included_envs}
+} else := set()
 
 envs := (default_envs - excluded_envs) | included_envs
 

checks/docker/leaked_secrets_test.rego

@@ -32,7 +32,7 @@ test_allow_secret_github_env_but_this_env_excluded if {
 
 test_deny_custom_secret_env if {
  inp := build_simple_input("env", ["MY_SECRET"])
- res := check.deny with input as inp with check.included_envs as {"MY_SECRET"}
+ res := check.deny with input as inp with data.ds031.included_envs as {"MY_SECRET"}
  count(res) = 1
 }