✨ lint error when query is used both as check and data query

internal/bundle/lint.go

@@ -34,6 +34,7 @@ const (
 	queryTitle                 = "query-name"
 	queryUidUnique             = "query-uid-unique"
 	queryUnassigned            = "query-unassigned"
+	queryUsedAsDifferentTypes  = "query-used-as-different-types"
 )
 
 type Rule struct {
@@ -118,6 +119,11 @@ var LinterRules = []Rule{
 		Name:        "Unassigned query",
 		Description: "The query is not assigned to any policy",
 	},
+	{
+		ID:          queryUsedAsDifferentTypes,
+		Name:        "Query used as a check and data query",
+		Description: "The query is used both as a check and a data query",
+	},
 }
 
 type Results struct {
@@ -229,6 +235,8 @@ func lintFile(file string) (*Results, error) {
 	// index global queries that are not embedded
 	globalQueriesUids := map[string]int{}
 	globalQueriesByUid := map[string]*Mquery{}
+	checks := map[string]struct{}{}
+	dataQueries := map[string]struct{}{}
 	// child to parent mapping
 	variantMapping := map[string]string{}
 	for i := range policyBundle.Queries {
@@ -414,6 +422,20 @@ func lintFile(file string) (*Results, error) {
 				uid := check.Uid
 				updateAssignedQueries(check, assignedQueries, globalQueriesByUid)
 
+				checks[check.Uid] = struct{}{}
+				if _, ok := dataQueries[check.Uid]; ok {
+					res.Entries = append(res.Entries, Entry{
+						RuleID:  queryUsedAsDifferentTypes,
+						Message: fmt.Sprintf("query %s is used as a check and data query", uid),
+						Level:   levelError,
+						Location: []Location{{
+							File:   file,
+							Line:   group.FileContext.Line,
+							Column: group.FileContext.Column,
+						}},
+					})
+				}
+
 				// check if the query is embedded
 				if isEmbeddedQuery(check) {
 					// NOTE: embedded queries do not need a uid
@@ -442,6 +464,20 @@ func lintFile(file string) (*Results, error) {
 				uid := query.Uid
 				updateAssignedQueries(query, assignedQueries, globalQueriesByUid)
 
+				dataQueries[query.Uid] = struct{}{}
+				if _, ok := checks[query.Uid]; ok {
+					res.Entries = append(res.Entries, Entry{
+						RuleID:  queryUsedAsDifferentTypes,
+						Message: fmt.Sprintf("query %s is used as a check and data query", uid),
+						Level:   levelError,
+						Location: []Location{{
+							File:   file,
+							Line:   group.FileContext.Line,
+							Column: group.FileContext.Column,
+						}},
+					})
+				}
+
 				// check if the query is embedded
 				if isEmbeddedQuery(query) {
 					// NOTE: embedded queries do not need a uid

internal/bundle/lint_test.go

@@ -85,3 +85,17 @@ func TestLintFail(t *testing.T) {
 	require.NoError(t, err)
 	assert.True(t, len(data) > 0)
 }
+
+func TestLintFail_MixQueries(t *testing.T) {
+	file := "./testdata/mixing-queries.mql.yaml"
+	results, err := bundle.Lint(schema, file)
+	require.NoError(t, err)
+
+	assert.Equal(t, 1, len(results.BundleLocations))
+	assert.Equal(t, 1, len(results.Entries))
+	assert.True(t, results.HasError())
+
+	entry := results.Entries[0]
+	assert.Equal(t, "query-used-as-different-types", entry.RuleID)
+	assert.Equal(t, "query sshd-sshd-01 is used as a check and data query", entry.Message)
+}

internal/bundle/testdata/mixing-queries.mql.yaml

@@ -0,0 +1,22 @@
+policies:
+  - uid: data-queries-mix
+    name: Test data SSH Policy
+    version: "1.0.0"
+    owner_mrn: ""
+    is_public: true
+    authors:
+      - name: Mondoo, Inc.
+        email: [email protected]
+    groups:
+      - title: group 01
+        checks:
+          - uid: sshd-sshd-01
+        queries:
+          - uid: sshd-sshd-01
+        filters: |
+          asset.family.contains(_ == 'unix')
+
+queries:
+  - uid: sshd-sshd-01
+    title: Asset name is "test"
+    query: asset.name == "test"