Skip to content

update(deps): update OPA package to version 1.4.2 #7460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 7, 2025
Merged

update(deps): update OPA package to version 1.4.2 #7460

merged 6 commits into from
May 7, 2025

Conversation

cx-rui-araujo
Copy link
Contributor

@cx-rui-araujo cx-rui-araujo commented May 6, 2025
edited
Loading

Closes #7458

Reason for Proposed Changes

Proposed Changes

  • Update package to the latest version (1.4.2)
    • Set OPA to run queries with version 0 (ast.RegoV0): running with OPA v1.x is not currently feasible, as KICS relies on custom queries written using OPA v0 syntax. Migrating all queries to v1-compatible syntax is an ongoing process.

Vulnerability Explanation

  • The flagged vulnerability relates to the OPA (Open Policy Agent) server mode (opa run --server). However, KICS does not run OPA in server mode. KICS embeds OPA in "library" mode, using it internally to execute queries. As such, the vulnerable code paths are not exercised in our use case.

Documentation links

I submit this contribution under the Apache-2.0 license.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 6, 2025

kics-logo

KICS version: v2.1.7

Category Results
CRITICAL CRITICAL 0
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 0
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 0
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 47
Queries failed to execute placeholder 0
Execution time placeholder 0

@cx-rui-araujo cx-rui-araujo marked this pull request as ready for review May 6, 2025 23:19
@cx-rui-araujo cx-rui-araujo requested a review from a team as a code owner May 6, 2025 23:19
@github-actions github-actions bot added the query New query feature label May 6, 2025
@cx-rui-araujo cx-rui-araujo changed the title update(deps): update opa package to version 1.4.2 update(deps): update OPA package to version 1.4.2 May 6, 2025
cx-artur-ribeiro
cx-artur-ribeiro approved these changes May 7, 2025
View reviewed changes
Copy link
Contributor

@cx-artur-ribeiro cx-artur-ribeiro left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, way better solution than I did! 😅 I was just snoozing since the vulnerability was not exploitable.
Can you please add "#Closes 7458" to the PR description so you close my open PR please?

cx-miguel-silva
cx-miguel-silva approved these changes May 7, 2025
View reviewed changes
Copy link
Collaborator

@cx-miguel-silva cx-miguel-silva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great Work! 🚀

@cx-rui-araujo cx-rui-araujo merged commit ddcda8d into master May 7, 2025
38 checks passed
@cx-rui-araujo cx-rui-araujo deleted the update-opa-package branch May 7, 2025 09:30
JonasCordsen pushed a commit to JonasCordsen/kics that referenced this pull request Jun 11, 2025
@cx-rui-araujo @cx-artur-ribeiro
update(deps): update OPA package to version 1.4.2 (Checkmarx#7460)
61fa994 
* update opa package to version 1.4.2

* fix - load queries using OPA v0

* set v0 when creating a new parser

---------

Co-authored-by: Artur Ribeiro <153724638+cx-artur-ribeiro@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cx-miguel-silva cx-miguel-silva cx-miguel-silva approved these changes

@cx-artur-ribeiro cx-artur-ribeiro cx-artur-ribeiro approved these changes

Assignees

@cx-rui-araujo cx-rui-araujo

Labels
query New query feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cx-rui-araujo @cx-miguel-silva @cx-artur-ribeiro