Update regos for policy marketplace

confirmed_malicious.rego

@@ -1,27 +1,31 @@
-package policy
+# METADATA
+# title: Confirmed Malicious
+# description: |
+#   Return a violation if the pacakge or author is tied to known malicious behavior
+package policy.v1
 
 import rego.v1
 
 # Returns a violation if the author is known malicious
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Author has published malicious packages" if {
-	data.issue.tag == "CA0001"
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "CA0001"
 }
 
 # Returns a violation if the package contains verified malware
-issue contains "This package contains malware" if {
-	data.issue.tag == "CM0038"
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "CM0037"
 }
 
 # Returns a violation if the package contains a known-bad compiled binary
-issue contains "Contains known-bad compiled binary" if {
-	data.issue.tag == "CM0037"
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "CM0038"
 }
 
 # Returns a violation if the package depends on a known malicious package
-issue contains "This package depends on malware" if {
-	data.issue.tag == "CM0039"
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "CM0039"
 }

data_exfiltration.rego

@@ -1,16 +1,19 @@
-package policy
+# METADATA
+# title: Data Exfiltration
+# description: |
+#    Returns a violation if the package contains common data exfiltration techniques
+package policy.v1
 
 import rego.v1
 
-# Returns a violation if the package contains common data exfiltration techniques
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Package contains environment variable enumeration" if {
-	data.issue.tag == "HM0025"
+# Package contains environment variable enumeration
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "HM0025"
 }
 
-issue contains "Package contains webhook exfiltration" if {
-	data.issue.tag == "HM0036"
+# Package contains webhook exfiltration
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "HM0036"
 }

dependency_confusion.rego

@@ -1,12 +1,13 @@
-package policy
+# METADATA
+# title: Dependency Confusion
+# description: |
+#    Returns a violation if the package appears to be a dependency confusion
+package policy.v1
 
 import rego.v1
 
-# Returns a violation if the package appears to be a dependency confusion
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Package appears to be a dependency confusion" if {
-	data.issue.tag == "HM0018"
+# Package contains environment variable enumeration
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "HM0018"
 }

install_code.rego

@@ -1,12 +1,13 @@
-package policy
+# METADATA
+# title: Install Code Execution
+# description: |
+#    Returns a violation if there is code execution on package install
+package policy.v1
 
 import rego.v1
 
-# Returns a violation if there is code execution on package install
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Package contains code execution on install" if {
-	data.issue.tag in {"IM0042", "IM0043", "IM0044"}
+# Package contains code execution on install
+deny contains issue if {
+	some issue in data.issues
+	issue.tag in {"IM0042", "IM0043", "IM0044"}
 }

install_code_suspicious.rego

@@ -1,16 +1,19 @@
-package policy
+# METADATA
+# title: Install Code Execution (Suspicious)
+# description: |
+#    Returns a violation if there is suspicious code execution on pacakge install
+package policy.v1
 
 import rego.v1
 
-# Returns a violation if there is suspicious code execution on package install
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Package contains suspicious code execution on install" if {
-	data.issue.tag == "CM0007"
+# Package contains suspicious code execution on install
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "CM0007"
 }
 
-issue contains "Package contains suspicious code execution on install" if {
-	endswith(data.issue.tag, "M0031")
+# Package contains suspicious code execution on install
+deny contains issue if {
+	some issue in data.issues
+	endswith(issue.tag, "M0031")
 }

license_mismatch.rego

@@ -1,12 +1,13 @@
-package policy
+# METADATA
+# title: License Mismatch
+# description: |
+#    Returns a violation if there is a license mismatch between metadata and files
+package policy.v1
 
 import rego.v1
 
-# Returns a violation if there is a license mismatch between metadata and files
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "License mismatch" if {
-	data.issue.tag == "IL0022"
+# License mismatch
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "IL0022"
 }

minimal_code.rego

@@ -1,12 +1,13 @@
-package policy
+# METADATA
+# title: Minimal Code
+# description: |
+#    Returns a violation if the package contains minimal code and is unlikley worth the security risk
+package policy.v1
 
 import rego.v1
 
-# Returns a violation if the package contains minimal code and is unlikley worth the security risk
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Package contains minimal code" if {
-	data.issue.tag == "IE0027"
+# Package contains minimal code
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "IE0027"
 }

obfuscated_code.rego

@@ -1,12 +1,13 @@
-package policy
+# METADATA
+# title: Obfuscated Code
+# description: |
+#    Returns a violation if the package contains obfuscated code
+package policy.v1
 
 import rego.v1
 
-# Returns a violation if the package contains obfuscated code
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Package contains obfuscated code" if {
-	data.issue.tag in {"HM0029", "HM0099", "HM0023", "IM0040", "IM0041"}
+# Package contains obfuscated code
+deny contains issue if {
+	some issue in data.issues
+	issue.tag in {"HM0029", "HM0099", "HM0023", "IM0040", "IM0041"}
 }

runs_remote_code.rego

@@ -0,0 +1,13 @@
+# METADATA
+# title: Runs Remote Code
+# description: |
+#    Returns a violation if the package runs remote code
+package policy.v1
+
+import rego.v1
+
+# Runs remote code
+deny contains issue if {
+	some issue in data.issues
+	issue.tag in {"CM0024", "MM0024", "HM0032"}
+}

secret_non_test.rego

@@ -1,12 +1,13 @@
-package policy
+# METADATA
+# title: Minimal Code
+# description: |
+#    Returns a violation if the package contains secrets/tokens excluding test/example files
+package policy.v1
 
 import rego.v1
 
-# Returns a violation if the package contains secrets/tokens excluding test/example files
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Secrets in non-test file" if {
-	data.issue.tag == "ME0016"
+# Secrets in non-test file
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "ME0016"
 }

show_all.rego

@@ -1,5 +1,12 @@
-package policy
+# METADATA
+# title: Show All
+# description: |
+#    Returns a violation for all identified issues
+package policy.v1
 
 import rego.v1
 
-issue contains "Policy Violation"
+# Policy Violation
+deny contains issue if {
+	some issue in data.issues
+}

suspicious_url.rego

@@ -0,0 +1,13 @@
+# METADATA
+# title: Suspicious URL References
+# description: |
+#    Returns a violation if the package references sites uncommon to legitimate software
+package policy.v1
+
+import rego.v1
+
+# Suspicious URL reference
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "MM0028"
+}

typosquat.rego

@@ -1,26 +1,18 @@
-package policy
+# METADATA
+# title: Typosquat
+# description: |
+#    Returns a violation if the package contains a potential typosquat with malicious characteristics
+package policy.v1
 
 import data.phylum.domain
-
 import rego.v1
 
-# Returns `true` if the given dependency has a typosquat issue
-has_typosquat if {
-	some issue in data.dependency.issues
-	issue.tag == "HM0008"
-}
+# Potential typosquat with malicious characteristics
+deny contains typosquat_issue if {
+	some dependency in data.dependencies
 
-# Returns `true` if the dependency has more than one malware issue
-has_more_than_one_malware_issue if {
-	some issue in data.dependency.issues
-	count([dom | issue.domain == domain.MALICIOUS; dom := issue.domain]) > 1
-}
+	some typosquat_issue in dependency.issues
+	typosquat_issue.tag == "HM0008"
 
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Potential typosquat with malicious characteristics" if {
-	has_typosquat
-	has_more_than_one_malware_issue
+	count([d | dependency.issues[i].domain == domain.MALICIOUS; d := dependency.issues[i].domain]) > 1
 }

vuln_crit.rego

@@ -1,15 +1,16 @@
-package policy
+# METADATA
+# title: Critical Software Vulnerability
+# description: |
+#    Returns a violation if the package has a Critical software vulnerability
+package policy.v1
 
 import data.phylum.domain
 import data.phylum.level
 import rego.v1
 
-# Returns a violation if the package has a Critical software vulnerability
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Critical software vulnerability" if {
-	data.issue.domain == domain.VULNERABILITY
-	data.issue.severity > level.HIGH
+# Critical software vulnerability
+deny contains issue if {
+	some issue in data.issues
+	issue.domain == domain.VULNERABILITY
+	issue.severity == level.CRITICAL
 }

vuln_crit_high.rego

@@ -1,15 +1,16 @@
-package policy
+# METADATA
+# title: Critical/High Software Vulnerability
+# description: |
+#    Returns a violation if the package has a Critical or High software vulnerability
+package policy.v1
 
 import data.phylum.domain
 import data.phylum.level
 import rego.v1
 
-# Returns a violation if the package has a Critical or High software vulnerability
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Critical or High software vulnerability" if {
-	data.issue.domain == domain.VULNERABILITY
-	data.issue.severity > level.MEDIUM
+# Critical or High software vulnerability
+deny contains issue if {
+	some issue in data.issues
+	issue.domain == domain.VULNERABILITY
+	issue.severity > level.MEDIUM
 }