diff --git a/pkg/jp/functions/at.go b/pkg/jp/functions/at.go index bff7e252..c0117dae 100644 --- a/pkg/jp/functions/at.go +++ b/pkg/jp/functions/at.go @@ -7,9 +7,9 @@ import ( func jpfAt(arguments []any) (any, error) { if slice, ok := arguments[0].([]any); !ok { return nil, errors.New("invalid type, first argument must be an array") - } else if index, ok := arguments[1].(int); !ok { + } else if index, ok := arguments[1].(float64); !ok { return nil, errors.New("invalid type, second argument must be an int") } else { - return slice[index], nil + return slice[int(index)], nil } } diff --git a/pkg/jp/functions/functions.go b/pkg/jp/functions/functions.go index c92f3ec4..917f3e84 100644 --- a/pkg/jp/functions/functions.go +++ b/pkg/jp/functions/functions.go @@ -9,29 +9,32 @@ func GetFunctions() []functions.FunctionEntry { Name: "at", Arguments: []functions.ArgSpec{ {Types: []functions.JpType{functions.JpArray}}, - // TODO: we should introduce a JpInteger type - {Types: []functions.JpType{functions.JpAny}}, + {Types: []functions.JpType{functions.JpNumber}}, }, - Handler: jpfAt, + Handler: jpfAt, + Description: "Returns the element in an array at the given index.", }, { Name: "concat", Arguments: []functions.ArgSpec{ {Types: []functions.JpType{functions.JpString}}, {Types: []functions.JpType{functions.JpString}}, }, - Handler: jpfConcat, + Handler: jpfConcat, + Description: "Concatenates two strings together and returns the result.", }, { Name: "json_parse", Arguments: []functions.ArgSpec{ {Types: []functions.JpType{functions.JpString}}, }, - Handler: jpfJsonParse, + Handler: jpfJsonParse, + Description: "Parses a given JSON string into an object.", }, { Name: "wildcard", Arguments: []functions.ArgSpec{ {Types: []functions.JpType{functions.JpString}}, {Types: []functions.JpType{functions.JpString}}, }, - Handler: jpfWildcard, + Handler: jpfWildcard, + Description: "Compares a wildcard pattern with a given string and returns if they match or not.", }} } diff --git a/test/commands/scan/pod-no-latest/out.txt b/test/commands/scan/pod-no-latest/out.txt index b09a5c00..41309b8a 100644 --- a/test/commands/scan/pod-no-latest/out.txt +++ b/test/commands/scan/pod-no-latest/out.txt @@ -4,9 +4,9 @@ Pre processing ... Running ( evaluating 1 resource against 1 policy ) ... - FAILED (POLICY=test, RULE=pod-no-latest, ID=webserver) -> (CHECK=spec.rules[0].assert.all[0]) - -> Invalid value: true: Expected value: false (PATH=spec.~foo.containers->foos[0].(at($foos, $foo).image)->foo.(ends_with($foo, $tag))) - -> Invalid value: true: Expected value: false (PATH=spec.~foo.containers->foos[1].(at($foos, $foo).image)->foo.(ends_with($foo, $tag))) - -> Invalid value: true: Expected value: false (PATH=spec.~foo.containers->foos[2].(at($foos, $foo).image)->foo.(ends_with($foo, $tag))) + -> Invalid value: true: Expected value: false (PATH=spec.~foo.containers->foos[0].(at($foos, to_number($foo)).image)->foo.(ends_with($foo, $tag))) + -> Invalid value: true: Expected value: false (PATH=spec.~foo.containers->foos[1].(at($foos, to_number($foo)).image)->foo.(ends_with($foo, $tag))) + -> Invalid value: true: Expected value: false (PATH=spec.~foo.containers->foos[2].(at($foos, to_number($foo)).image)->foo.(ends_with($foo, $tag))) -> (CHECK=spec.rules[0].assert.all[1]) -> Invalid value: true: Expected value: false (PATH=spec.~.containers->foo[0].image.(ends_with(@, ':latest'))) -> Invalid value: true: Expected value: false (PATH=spec.~.containers->foo[1].image.(ends_with(@, ':latest'))) diff --git a/test/commands/scan/pod-no-latest/policy.yaml b/test/commands/scan/pod-no-latest/policy.yaml index 61bfd033..26b52114 100644 --- a/test/commands/scan/pod-no-latest/policy.yaml +++ b/test/commands/scan/pod-no-latest/policy.yaml @@ -18,7 +18,7 @@ spec: - check: spec: ~foo.containers->foos: - (at($foos, $foo).image)->foo: + (at($foos, to_number($foo)).image)->foo: # an image tag is required (contains($foo, ':')): true # using a mutable image tag e.g. 'latest' is not allowed