From 6d5012197485cc806b906b01a4131ed5f6c38789 Mon Sep 17 00:00:00 2001
From: Nikita Pivkin <nikita.pivkin@smartforce.io>
Date: Wed, 9 Oct 2024 11:30:14 +0600
Subject: [PATCH] use included_envs from data

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
---
 checks/docker/leaked_secrets.rego      | 6 +++++-
 checks/docker/leaked_secrets_test.rego | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/checks/docker/leaked_secrets.rego b/checks/docker/leaked_secrets.rego
index 039e9641..21e9b2b6 100644
--- a/checks/docker/leaked_secrets.rego
+++ b/checks/docker/leaked_secrets.rego
@@ -18,6 +18,7 @@ package builtin.dockerfile.DS031
 
 import rego.v1
 
+import data.ds031
 import data.lib.docker
 import data.lib.path
 
@@ -99,7 +100,10 @@ default_envs := {
 
 excluded_envs := set()
 
-included_envs := set()
+included_envs := included if {
+	is_array(ds031.included_envs)
+	included := {e | some e in ds031.included_envs}
+} else := set()
 
 envs := (default_envs - excluded_envs) | included_envs
 
diff --git a/checks/docker/leaked_secrets_test.rego b/checks/docker/leaked_secrets_test.rego
index 9ef6489b..e6762483 100644
--- a/checks/docker/leaked_secrets_test.rego
+++ b/checks/docker/leaked_secrets_test.rego
@@ -32,7 +32,7 @@ test_allow_secret_github_env_but_this_env_excluded if {
 
 test_deny_custom_secret_env if {
 	inp := build_simple_input("env", ["MY_SECRET"])
-	res := check.deny with input as inp with check.included_envs as {"MY_SECRET"}
+	res := check.deny with input as inp with data.ds031.included_envs as {"MY_SECRET"}
 	count(res) = 1
 }