Have redundant-existence-check flag subset terms (#1514)

Fixes #1512

Signed-off-by: Anders Eknert <anders@styra.com>

Author: anderseknert

bundle/regal/ast/ast.rego

@@ -227,7 +227,8 @@ _exclude_arg("assign", 0, _)
 
 # METADATA
 # description: |
-#   true if both ref values (or "paths") are equal in type and value for each path component, ignoring locations
+#   true if both ref values (or "paths") are equal in type
+#   and value for each path component, ignoring locations
 ref_value_equal(v1, v2) if {
 	count(v1) == count(v2)
 
@@ -237,6 +238,19 @@ ref_value_equal(v1, v2) if {
 	}
 }
 
+# METADATA
+# description: |
+#   true if all terms in `terms1` are also present in `terms2`
+#   regardless of length, and ignoring locations
+is_terms_subset(terms1, terms2) if {
+	count(terms1) <= count(terms2)
+
+	every i, term in terms1 {
+		term.type == terms2[i].type
+		term.value == terms2[i].value
+	}
+}
+
 # METADATA
 # description: returns the "path" string of any given ref value
 ref_to_string(ref) := ref[0].value if {

bundle/regal/rules/bugs/redundant-existence-check/redundant_existence_check.rego

@@ -19,7 +19,7 @@ report contains violation if {
 
 	some term in rule.body[expr_index + 1].terms
 
-	ast.ref_value_equal(expr.terms.value, term.value)
+	ast.is_terms_subset(expr.terms.value, term.value)
 
 	violation := result.fail(rego.metadata.chain(), result.ranged_from_ref(expr.terms.value))
 }
@@ -55,7 +55,7 @@ report contains violation if {
 	some expr in _exprs[rule_index]
 
 	expr.terms.type == "ref"
-	ast.ref_value_equal(expr.terms.value, rule.head.value.value)
+	ast.is_terms_subset(expr.terms.value, rule.head.value.value)
 
 	violation := result.fail(rego.metadata.chain(), result.ranged_from_ref(expr.terms.value))
 }

bundle/regal/rules/bugs/redundant-existence-check/redundant_existence_check_test.rego

@@ -12,6 +12,28 @@ test_fail_redundant_existence_check if {
 		startswith(input.foo, "bar")
 	}`)
 	r := rule.report with input as module
+
+	r == {{
+		"category": "bugs",
+		"description": "Redundant existence check",
+		"level": "error",
+		"location": {"col": 3, "file": "policy.rego", "row": 7, "text": "\t\tinput.foo", "end": {"col": 12, "row": 7}},
+		"related_resources": [{
+			"description": "documentation",
+			"ref": config.docs.resolve_url("$baseUrl/$category/redundant-existence-check", "bugs"),
+		}],
+		"title": "redundant-existence-check",
+	}}
+}
+
+test_fail_redundant_existence_check_subset if {
+	module := ast.with_rego_v1(`
+	redundant if {
+		input.foo
+		startswith(input.foo.bar, "bar")
+	}`)
+	r := rule.report with input as module
+
 	r == {{
 		"category": "bugs",
 		"description": "Redundant existence check",
@@ -43,6 +65,7 @@ test_success_not_redundant_existence_check_with_cancels if {
 		rule.foo == 1
 	}`)
 	r := rule.report with input as module
+
 	r == set()
 }
 
@@ -52,6 +75,7 @@ test_fail_redundant_existence_check_head_assignment_of_ref if {
 		input.foo
 	}`)
 	r := rule.report with input as module
+
 	r == {{
 		"category": "bugs",
 		"description": "Redundant existence check",
@@ -71,6 +95,7 @@ test_fail_redundant_existence_check_function_arg if {
 		foo
 	}`)
 	r := rule.report with input as module
+
 	r == {{
 		"category": "bugs",
 		"description": "Redundant existence check",