Fix false positive in external-reference and vars in composite values

Fixes #1283

Signed-off-by: Anders Eknert <anders@styra.com>

bundle/regal/rules/style/external-reference/external_reference.rego

@@ -13,15 +13,15 @@ report contains violation if {
 
 	some fn in ast.functions
 
-	named_args := {arg.value | some arg in fn.head.args; arg.type == "var"}
+	args_vars := _args_vars(fn)
 
 	head_vars := {v.value | some v in ast.find_vars(fn.head.value)}
 	body_vars := {v.value | some v in ast.find_vars(fn.body)}
 	else_vars := {v.value | some v in ast.find_vars(fn["else"])}
 	own_vars := (body_vars | head_vars) | else_vars
 
 	# note: parens added by opa fmt 🤦
-	allowed_refs := (named_args | own_vars) | fn_namespaces
+	allowed_refs := (args_vars | own_vars) | fn_namespaces
 
 	walk(fn, [path, value])
 
@@ -33,6 +33,15 @@ report contains violation if {
 	violation := result.fail(rego.metadata.chain(), result.location(value))
 }
 
+_args_vars(fn) := {name |
+	some arg in fn.head.args
+	some name in _named_vars(arg)
+}
+
+_named_vars(arg) := {arg.value} if arg.type == "var"
+
+_named_vars(arg) := {var.value | some var in ast.find_term_vars(arg)} if arg.type in {"array", "object", "set"}
+
 # METADATA
 # scope: document
 # description: |

bundle/regal/rules/style/external-reference/external_reference_test.rego

@@ -160,6 +160,13 @@ test_success_function_references_external_function_in_expr if {
 	r == set()
 }
 
+# verify fix for https://github.com/StyraInc/regal/issues/1283
+test_success_variable_from_nested_arg_term if {
+	r := rule.report with input as ast.policy(`f([x]) := to_number(x)`)
+		with data.internal.combined_config as {"capabilities": capabilities.provided}
+	r == set()
+}
+
 expected := {
 	"category": "style",
 	"description": "External reference in function",