Merge pull request #21 from mxlint/002_0008-improvements

Author: xiwenc

rules/002_domain_model/002_0008_avoid_read_write_default_access_rule.rego

@@ -4,14 +4,18 @@
 # description: This can lead to wrong set access rights
 # authors:
 # - Jurre Tanja <jurre.tanja@mendix.com>
+# - Bart Zantingh <bart.zantingh@nl.abnamro.com>
+# related_resources:
+# - https://docs.mendix.com/refguide/access-rules/
+# - https://docs.mendix.com/refguide/dev-best-practices/#security
 # custom:
 #  category: Maintainability
 #  rulename: AvoidDefaultReadWriteAccess
 #  severity: MEDIUM
 #  rulenumber: 002_0008
 #  remediation: Set default access rights to Read only or None.
 #  input: .*/DomainModels\$DomainModel\.yaml
-package app.mendix.domain_model.avoind_default_readwrite_access
+package app.mendix.domain_model.avoid_default_readwrite_access
 
 import rego.v1
 
@@ -22,22 +26,23 @@ default allow := false
 allow if count(errors) == 0
 
 errors contains error if {
-	entity := input.Entities[_]
+	some entity in input.Entities
 	entity_name := entity.Name
 
 	# Bind the specific access rule we are evaluating
-	access_rule := entity.AccessRules[_]
+	some access_rule in entity.AccessRules
 
 	# Only consider access rules with ReadWrite default rights
 	access_rule.DefaultMemberAccessRights == "ReadWrite"
 
 	# Now collect roles only from THIS access_rule
 	roles := access_rule.AllowedModuleRoles
+
 	role_names := [name |
-		role := roles[_]
-		parts := split(role, ".")
-		name := parts[count(parts) - 1]
+		some role in roles
+		name := split(role, ".")[1]
 	]
+
 	roles_list := concat(", ", role_names)
 
 	error := sprintf(