check if queries are shared by codeid

Signed-off-by: Ivan Milchev <[email protected]>
mondoohq · Jul 22, 2024 · 4cdf274 · 4cdf274
1 parent 28610de
commit 4cdf274
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 28 deletions.
diff --git a/internal/bundle/lint.go b/internal/bundle/lint.go
@@ -417,25 +417,25 @@ func lintFile(file string) (*Results, error) {
 				uid := check.Uid
 				updateAssignedQueries(check, assignedQueries, globalQueriesByUid)
 
+				checks[check.CodeId] = struct{}{}
+				if _, ok := dataQueries[check.CodeId]; ok {
+					res.Entries = append(res.Entries, Entry{
+						RuleID:  queryUsedAsDifferentTypes,
+						Message: fmt.Sprintf("query %s is used as a check and data query", uid),
+						Level:   levelError,
+						Location: []Location{{
+							File:   file,
+							Line:   group.FileContext.Line,
+							Column: group.FileContext.Column,
+						}},
+					})
+				}
+
 				// check if the query is embedded
 				if isEmbeddedQuery(check) {
 					// NOTE: embedded queries do not need a uid
 					lintQuery(check, file, globalQueriesUids, assignedQueries, variantMapping, false)
 				} else {
-					checks[uid] = struct{}{}
-					if _, ok := dataQueries[uid]; ok {
-						res.Entries = append(res.Entries, Entry{
-							RuleID:  queryUsedAsDifferentTypes,
-							Message: fmt.Sprintf("query %s is used as a check and data query", uid),
-							Level:   levelError,
-							Location: []Location{{
-								File:   file,
-								Line:   group.FileContext.Line,
-								Column: group.FileContext.Column,
-							}},
-						})
-					}
-
 					// if the query is not embedded, then it needs to be available globally
 					_, ok := globalQueriesUids[uid]
 					if !ok {
@@ -459,25 +459,25 @@ func lintFile(file string) (*Results, error) {
 				uid := query.Uid
 				updateAssignedQueries(query, assignedQueries, globalQueriesByUid)
 
+				dataQueries[query.CodeId] = struct{}{}
+				if _, ok := checks[query.CodeId]; ok {
+					res.Entries = append(res.Entries, Entry{
+						RuleID:  queryUsedAsDifferentTypes,
+						Message: fmt.Sprintf("query %s is used as a check and data query", uid),
+						Level:   levelError,
+						Location: []Location{{
+							File:   file,
+							Line:   group.FileContext.Line,
+							Column: group.FileContext.Column,
+						}},
+					})
+				}
+
 				// check if the query is embedded
 				if isEmbeddedQuery(query) {
 					// NOTE: embedded queries do not need a uid
 					lintQuery(query, file, globalQueriesUids, assignedQueries, variantMapping, false)
 				} else {
-					dataQueries[uid] = struct{}{}
-					if _, ok := checks[uid]; ok {
-						res.Entries = append(res.Entries, Entry{
-							RuleID:  queryUsedAsDifferentTypes,
-							Message: fmt.Sprintf("query %s is used as a check and data query", uid),
-							Level:   levelError,
-							Location: []Location{{
-								File:   file,
-								Line:   group.FileContext.Line,
-								Column: group.FileContext.Column,
-							}},
-						})
-					}
-
 					// if the query is not embedded, then it needs to be available globally
 					_, ok := globalQueriesUids[uid]
 					if !ok {

diff --git a/internal/bundle/lint_test.go b/internal/bundle/lint_test.go
@@ -99,3 +99,17 @@ func TestLintFail_MixQueries(t *testing.T) {
 	assert.Equal(t, "query-used-as-different-types", entry.RuleID)
 	assert.Equal(t, "query sshd-sshd-01 is used as a check and data query", entry.Message)
 }
+
+func TestLintFail_MixQueries_CodeId(t *testing.T) {
+	file := "./testdata/mixing-queries-codeid.mql.yaml"
+	results, err := bundle.Lint(schema, file)
+	require.NoError(t, err)
+
+	assert.Equal(t, 1, len(results.BundleLocations))
+	assert.Equal(t, 1, len(results.Entries))
+	assert.True(t, results.HasError())
+
+	entry := results.Entries[0]
+	assert.Equal(t, "query-used-as-different-types", entry.RuleID)
+	assert.Equal(t, "query sshd-sshd-02 is used as a check and data query", entry.Message)
+}
diff --git a/internal/bundle/testdata/mixing-queries-codeid.mql.yaml b/internal/bundle/testdata/mixing-queries-codeid.mql.yaml
@@ -0,0 +1,21 @@
+policies:
+  - uid: data-queries-mix
+    name: Test data SSH Policy
+    version: "1.0.0"
+    owner_mrn: ""
+    is_public: true
+    authors:
+      - name: Mondoo, Inc.
+        email: [email protected]
+    groups:
+      - title: group 01
+        checks:
+          - uid: sshd-sshd-01
+            title: Asset name is "test"
+            query: asset.name == "test"
+        queries:
+          - uid: sshd-sshd-02
+            title: Asset name is "test"
+            query: asset.name == "test"
+        filters: |
+          asset.family.contains(_ == 'unix')