From 7fc2985f3a8a71d151152927162eb7a0f2d3f694 Mon Sep 17 00:00:00 2001
From: Nikita Pivkin <nikita.pivkin@smartforce.io>
Date: Wed, 9 Oct 2024 17:05:23 +0600
Subject: [PATCH] remove exluded_envs

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
---
 checks/docker/leaked_secrets.rego      | 4 +---
 checks/docker/leaked_secrets_test.rego | 8 +-------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/checks/docker/leaked_secrets.rego b/checks/docker/leaked_secrets.rego
index 21e9b2b6..ae7a8a5c 100644
--- a/checks/docker/leaked_secrets.rego
+++ b/checks/docker/leaked_secrets.rego
@@ -98,14 +98,12 @@ default_envs := {
 	"HF_TOKEN", # https://huggingface.co/docs/huggingface_hub/en/package_reference/environment_variables#hftoken
 }
 
-excluded_envs := set()
-
 included_envs := included if {
 	is_array(ds031.included_envs)
 	included := {e | some e in ds031.included_envs}
 } else := set()
 
-envs := (default_envs - excluded_envs) | included_envs
+envs := default_envs | included_envs
 
 is_secret_env(str) if str in envs
 
diff --git a/checks/docker/leaked_secrets_test.rego b/checks/docker/leaked_secrets_test.rego
index e6762483..99f3d8a3 100644
--- a/checks/docker/leaked_secrets_test.rego
+++ b/checks/docker/leaked_secrets_test.rego
@@ -24,15 +24,9 @@ test_deny_secret_arg if {
 	count(res) = 1
 }
 
-test_allow_secret_github_env_but_this_env_excluded if {
-	inp := build_simple_input("env", ["GITHUB_TOKEN"])
-	res := check.deny with input as inp with check.excluded_envs as {"GITHUB_TOKEN"}
-	count(res) = 0
-}
-
 test_deny_custom_secret_env if {
 	inp := build_simple_input("env", ["MY_SECRET"])
-	res := check.deny with input as inp with data.ds031.included_envs as {"MY_SECRET"}
+	res := check.deny with input as inp with data.ds031.included_envs as ["MY_SECRET"]
 	count(res) = 1
 }