fix: copilot issues

gusfcarvalho · gusfcarvalho · commit d0f05582bd68 · 2026-05-05T18:25:01.000-03:00
Signed-off-by: Gustavo Carvalho &lt;gustavo.carvalho@container-solutions.com&gt;
diff --git a/policies/gh_org_default_repo_permission.rego b/policies/gh_org_default_repo_permission.rego
@@ -42,10 +42,14 @@ risk_templates := [
   }
 ]
 
-_permissive_permissions := {"write", "admin"}
+_settings := object.get(input, "settings", {})
+
+_default_repository_permission := object.get(_settings, "default_repository_permission", "")
+
+_allowed_permissions := {"read", "none"}
 
 violation[{"id": "default_permission_too_permissive"}] if {
-    _permissive_permissions[input.settings.default_repository_permission]
+    not _allowed_permissions[_default_repository_permission]
 }
 
 title := "Default repository permission is set to 'read' or 'none'"
diff --git a/policies/gh_org_default_repo_permission_test.rego b/policies/gh_org_default_repo_permission_test.rego
@@ -31,3 +31,7 @@ test_default_permission_admin if {
         }
     }
 }
+
+test_default_permission_missing if {
+    count(violation) > 0 with input as {}
+}
diff --git a/policies/gh_org_members_can_create_repos.rego b/policies/gh_org_members_can_create_repos.rego
@@ -36,8 +36,12 @@ risk_templates := [
   }
 ]
 
+_settings := object.get(input, "settings", {})
+
+_members_can_create_repositories := object.get(_settings, "members_can_create_repositories", true)
+
 violation[{"id": "members_can_create_repos"}] if {
-    input.settings.members_can_create_repositories == true
+    _members_can_create_repositories
 }
 
 title := "Organization members cannot create repositories"
diff --git a/policies/gh_org_members_can_create_repos_test.rego b/policies/gh_org_members_can_create_repos_test.rego
@@ -15,3 +15,7 @@ test_members_can_create_repos if {
         }
     }
 }
+
+test_members_create_repos_missing if {
+    count(violation) > 0 with input as {}
+}
diff --git a/policies/gh_org_web_commit_signoff.rego b/policies/gh_org_web_commit_signoff.rego
@@ -35,8 +35,12 @@ risk_templates := [
   }
 ]
 
+_settings := object.get(input, "settings", {})
+
+_web_commit_signoff_required := object.get(_settings, "web_commit_signoff_required", false)
+
 violation[{"id": "web_commit_signoff_not_required"}] if {
-    input.settings.web_commit_signoff_required == false
+    not _web_commit_signoff_required
 }
 
 title := "Web commit sign-off is required for the organization"
diff --git a/policies/gh_org_web_commit_signoff_test.rego b/policies/gh_org_web_commit_signoff_test.rego
@@ -15,3 +15,7 @@ test_web_commit_signoff_not_required if {
         }
     }
 }
+
+test_web_commit_signoff_missing if {
+    count(violation) > 0 with input as {}
+}

Original file line number	Diff line number	Diff line change
`@@ -42,10 +42,14 @@ risk_templates := [`
`42`	`42`	`}`
`43`	`43`	`]`
`44`	`44`
`45`		`-_permissive_permissions := {"write", "admin"}`
	`45`	`+_settings := object.get(input, "settings", {})`
	`46`	`+`
	`47`	`+_default_repository_permission := object.get(_settings, "default_repository_permission", "")`
	`48`	`+`
	`49`	`+_allowed_permissions := {"read", "none"}`
`46`	`50`
`47`	`51`	`violation[{"id": "default_permission_too_permissive"}] if {`
`48`		`- _permissive_permissions[input.settings.default_repository_permission]`
	`52`	`+ not _allowed_permissions[_default_repository_permission]`
`49`	`53`	`}`
`50`	`54`
`51`	`55`	`title := "Default repository permission is set to 'read' or 'none'"`
Original file line number	Diff line number	Diff line change
`@@ -31,3 +31,7 @@ test_default_permission_admin if {`
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`	`}`
	`34`	`+`
	`35`	`+test_default_permission_missing if {`
	`36`	`+ count(violation) > 0 with input as {}`
	`37`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -36,8 +36,12 @@ risk_templates := [`
`36`	`36`	`}`
`37`	`37`	`]`
`38`	`38`
	`39`	`+_settings := object.get(input, "settings", {})`
	`40`	`+`
	`41`	`+_members_can_create_repositories := object.get(_settings, "members_can_create_repositories", true)`
	`42`	`+`
`39`	`43`	`violation[{"id": "members_can_create_repos"}] if {`
`40`		`- input.settings.members_can_create_repositories == true`
	`44`	`+ _members_can_create_repositories`
`41`	`45`	`}`
`42`	`46`
`43`	`47`	`title := "Organization members cannot create repositories"`
Original file line number	Diff line number	Diff line change
`@@ -15,3 +15,7 @@ test_members_can_create_repos if {`
`15`	`15`	`}`
`16`	`16`	`}`
`17`	`17`	`}`
	`18`	`+`
	`19`	`+test_members_create_repos_missing if {`
	`20`	`+ count(violation) > 0 with input as {}`
	`21`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -35,8 +35,12 @@ risk_templates := [`
`35`	`35`	`}`
`36`	`36`	`]`
`37`	`37`
	`38`	`+_settings := object.get(input, "settings", {})`
	`39`	`+`
	`40`	`+_web_commit_signoff_required := object.get(_settings, "web_commit_signoff_required", false)`
	`41`	`+`
`38`	`42`	`violation[{"id": "web_commit_signoff_not_required"}] if {`
`39`		`- input.settings.web_commit_signoff_required == false`
	`43`	`+ not _web_commit_signoff_required`
`40`	`44`	`}`
`41`	`45`
`42`	`46`	`title := "Web commit sign-off is required for the organization"`
Original file line number	Diff line number	Diff line change
`@@ -15,3 +15,7 @@ test_web_commit_signoff_not_required if {`
`15`	`15`	`}`
`16`	`16`	`}`
`17`	`17`	`}`
	`18`	`+`
	`19`	`+test_web_commit_signoff_missing if {`
	`20`	`+ count(violation) > 0 with input as {}`
	`21`	`+}`