fix some..in lint issues

assets/libraries/ansible.rego

@@ -7,7 +7,7 @@ tasks := TasksPerDocument
 
 # Builds an object that stores all tasks for each document id
 TasksPerDocument[id] = result {
-	document := input.document[i]
+	some document in input.document
 	id := document.id
 	result := getTasks(document)
 }

assets/libraries/terraform.rego

@@ -522,7 +522,8 @@ matches(target, name) {
 }
 
 has_target_resource(bucketName, resourceName) {
-	resource := input.document[i].resource[resourceName][_]
+	some document in input.document
+	some resource in document.resource[resourceName]
 
 	split(resource.bucket, ".")[1] == bucketName
 }

assets/queries/ansible/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 modules := {"community.aws.iam_role", "iam_role"}
 
@@ -12,7 +13,7 @@ CxPolicy[result] {
 
 	policy := iamRole.assume_role_policy_document
 	st := common_lib.get_statement(common_lib.get_policy(policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 

assets/queries/ansible/aws/ecr_repository_is_publicly_accessible/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 modules := {"community.aws.ecs_ecr", "ecs_ecr"}
 
@@ -11,7 +12,7 @@ CxPolicy[result] {
 	ans_lib.checkState(cloudwatchlogs)
 
 	st := common_lib.get_statement(common_lib.get_policy(cloudwatchlogs.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 

assets/queries/ansible/aws/iam_policies_with_full_privileges/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ans_lib.tasks[id][t]
@@ -10,7 +11,7 @@ CxPolicy[result] {
 	ans_lib.checkState(awsApiGateway)
 
 	st := common_lib.get_statement(common_lib.get_policy(awsApiGateway.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	common_lib.equalsOrInArray(statement.Resource, "*")

assets/queries/ansible/aws/iam_policy_grants_assumerole_permission_across_all_services/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 modules := {"community.aws.iam_managed_policy", "iam_managed_policy"}
 
@@ -11,7 +12,7 @@ CxPolicy[result] {
 	ans_lib.checkState(awsApiGateway)
 
 	st := common_lib.get_statement(common_lib.get_policy(awsApiGateway.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 

assets/queries/ansible/aws/iam_policy_grants_full_permissions/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 modules := {"community.aws.iam_managed_policy", "iam_managed_policy"}
 
@@ -11,7 +12,7 @@ CxPolicy[result] {
 	ans_lib.checkState(awsApiGateway)
 
 	st := common_lib.get_statement(common_lib.get_policy(awsApiGateway.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	common_lib.equalsOrInArray(statement.Resource, "*")

assets/queries/ansible/aws/iam_role_allows_all_principals_to_assume/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 modules := {"community.aws.iam_managed_policy", "iam_managed_policy"}
 
@@ -12,7 +13,7 @@ CxPolicy[result] {
 
 	policy := common_lib.get_policy(common_lib.get_policy(awsApiGateway.policy))
 	st := common_lib.get_statement(policy)
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	aws := statement.Principal.AWS

assets/queries/ansible/aws/kms_key_with_full_permissions/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ans_lib.tasks[id][t]
@@ -10,7 +11,7 @@ CxPolicy[result] {
 	ans_lib.checkState(aws_kms)
 
 	st := common_lib.get_statement(common_lib.get_policy(aws_kms.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	not common_lib.valid_key(statement, "Condition")

assets/queries/ansible/aws/s3_bucket_access_to_any_principal/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ans_lib.tasks[id][t]
@@ -10,7 +11,7 @@ CxPolicy[result] {
 	ans_lib.checkState(s3_bucket)
 
 	st := common_lib.get_statement(common_lib.get_policy(s3_bucket.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	statement.Principal == "*"

assets/queries/ansible/aws/s3_bucket_allows_delete_action_from_all_principals/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ans_lib.tasks[id][t]
@@ -10,7 +11,7 @@ CxPolicy[result] {
 	ans_lib.checkState(bucket)
 
 	st := common_lib.get_statement(common_lib.get_policy(bucket.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 

assets/queries/ansible/aws/s3_bucket_allows_get_action_from_all_principals/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ans_lib.tasks[id][t]
@@ -10,7 +11,7 @@ CxPolicy[result] {
 	ans_lib.checkState(bucket)
 
 	st := common_lib.get_statement(common_lib.get_policy(bucket.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 

assets/queries/ansible/aws/s3_bucket_allows_list_action_from_all_principals/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ans_lib.tasks[id][t]
@@ -10,7 +11,7 @@ CxPolicy[result] {
 	ans_lib.checkState(bucket)
 
 	st := common_lib.get_statement(common_lib.get_policy(bucket.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 

assets/queries/ansible/aws/s3_bucket_allows_put_action_from_all_principals/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ans_lib.tasks[id][t]
@@ -10,7 +11,7 @@ CxPolicy[result] {
 	ans_lib.checkState(bucket)
 
 	st := common_lib.get_statement(common_lib.get_policy(bucket.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 

assets/queries/ansible/aws/s3_bucket_with_all_permissions/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 modules := {"amazon.aws.s3_bucket", "s3_bucket"}
 
@@ -11,7 +12,7 @@ CxPolicy[result] {
 	ans_lib.checkState(s3_bucket)
 
 	st := common_lib.get_statement(common_lib.get_policy(s3_bucket.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 

assets/queries/ansible/aws/ses_policy_with_allowed_iam_actions/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 modules := {"community.aws.aws_ses_identity_policy", "aws.aws_ses_identity_policy"}
 
@@ -11,7 +12,7 @@ CxPolicy[result] {
 	ans_lib.checkState(sesPolicy)
 
 	st := common_lib.get_statement(common_lib.get_policy(sesPolicy.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	common_lib.containsOrInArrayContains(statement.Action, "*")

assets/queries/ansible/aws/sns_topic_is_publicly_accessible/query.rego

@@ -2,14 +2,15 @@ package Cx
 
 import data.generic.ansible as ansLib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ansLib.tasks[id][t]
 	modules := {"community.aws.sns_topic", "sns_topic"}
 	snsTopicCommunity := task[modules[m]]
 	ansLib.checkState(snsTopicCommunity)
 	st := common_lib.get_statement(common_lib.get_policy(snsTopicCommunity.policy))
-	statement := st[_]
+	some statement in st
 
 	statement.Effect == "Allow"
 	common_lib.any_principal(statement)

assets/queries/ansible/aws/sqs_policy_allows_all_actions/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ans_lib.tasks[id][t]
@@ -10,7 +11,7 @@ CxPolicy[result] {
 	ans_lib.checkState(sqsPolicy)
 
 	st := common_lib.get_statement(common_lib.get_policy(sqsPolicy.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	common_lib.equalsOrInArray(statement.Action, "*")

assets/queries/ansible/aws/sqs_policy_with_public_access/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 modules := {"community.aws.sqs_queue", "sqs_queue"}
 
@@ -11,7 +12,7 @@ CxPolicy[result] {
 	ans_lib.checkState(sqsPolicy)
 
 	st := common_lib.get_statement(common_lib.get_policy(sqsPolicy.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	all_principals(statement)

assets/queries/ansible/aws/sqs_queue_exposed/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.ansible as ans_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
 	task := ans_lib.tasks[id][t]
@@ -10,7 +11,7 @@ CxPolicy[result] {
 	ans_lib.checkState(sqs_queue)
 
 	st := common_lib.get_statement(common_lib.get_policy(sqs_queue.policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)