From 13bc41ef313bf91b0f67a2d62e9fac2d4760a0f6 Mon Sep 17 00:00:00 2001
From: hirokuni-kitahara <hirokuni.kitahara1@ibm.com>
Date: Mon, 16 Oct 2023 11:30:44 +0900
Subject: [PATCH] fix P-rules to avoid reporting registered vars as undefined

Signed-off-by: hirokuni-kitahara <hirokuni.kitahara1@ibm.com>
---
 .../P003_module_argument_value_validation.py   | 18 +++++++++++++++++-
 .../rules/P004_variable_validation.py          | 12 ++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/ansible_risk_insight/rules/P003_module_argument_value_validation.py b/ansible_risk_insight/rules/P003_module_argument_value_validation.py
index 7c5d39e1..da936a3c 100644
--- a/ansible_risk_insight/rules/P003_module_argument_value_validation.py
+++ b/ansible_risk_insight/rules/P003_module_argument_value_validation.py
@@ -66,6 +66,13 @@ def process(self, ctx: AnsibleRunContext):
             wrong_values = []
             undefined_values = []
             unknown_type_values = []
+
+            registered_vars = []
+            for v_name in task.variable_set:
+                v = task.variable_set[v_name]
+                if v and v[-1].type == VariableType.RegisteredVars:
+                    registered_vars.append(v_name)
+
             if task.args.type == ArgumentsType.DICT:
                 for key in task.args.raw:
                     raw_value = task.args.raw[key]
@@ -133,7 +140,16 @@ def process(self, ctx: AnsibleRunContext):
 
                     sub_args = task.args.get(key)
                     if sub_args:
-                        undefined_vars = [v.name for v in sub_args.vars if v and v.type == VariableType.Unknown]
+                        undefined_vars = []
+                        for v in sub_args.vars:
+                            first_v_name = v.name.split(".")[0]
+                            # skip registered vars
+                            if first_v_name in registered_vars:
+                                continue
+
+                            if v and v.type == VariableType.Unknown:
+                                undefined_vars.append(v.name)
+
                         if undefined_vars:
                             undefined_values.append({"key": key, "value": raw_value, "undefined_variables": undefined_vars})
 
diff --git a/ansible_risk_insight/rules/P004_variable_validation.py b/ansible_risk_insight/rules/P004_variable_validation.py
index 1080f2e4..4d8b1081 100644
--- a/ansible_risk_insight/rules/P004_variable_validation.py
+++ b/ansible_risk_insight/rules/P004_variable_validation.py
@@ -66,7 +66,19 @@ def process(self, ctx: AnsibleRunContext):
         task_arg_keys = []
         if task.args.type == ArgumentsType.DICT:
             task_arg_keys = list(task.args.raw.keys())
+
+        registered_vars = []
+        for v_name in task.variable_set:
+            v = task.variable_set[v_name]
+            if v and v[-1].type == VariableType.RegisteredVars:
+                registered_vars.append(v_name)
+
         for v_name in task.variable_use:
+            first_v_name = v_name.split(".")[0]
+            # skip registered vars
+            if first_v_name in registered_vars:
+                continue
+
             v = task.variable_use[v_name]
             if v and v[-1].type == VariableType.Unknown:
                 if v_name not in undefined_variables: