docs/projects/regal/rules/bugs/redundant-loop-count.md
Summary: Redundant count before loop
Category: Bugs
Avoid
package policy
allow if {
# redundant count and > comparison
count(input.user.roles) > 0
some role in input.user.roles
# .. do more with role ..
}
Prefer
package policy
allow if {
some role in input.user.roles
# .. do more with role ..
}
A loop that iterates over an empty collection evaluates to nothing, and counting the collection before the loop to ensure it's not empty is therefore redundant.
Note that this check is currently only performed on some loops, and not "ref-style" loops:
package policy
allow if {
# this won't be flagged
count(input.user.roles) > 0
role := input.user.roles[_]
# .. do more with role ..
}
Another good reason to prefer some .. in for iteration!
every iterationCounting to ensure a non-empty collection is used before every loops may not be redundant, as every evaluates
to true when an empty collection is passed.
package policy
allow if {
# every would otherwise be `true` on empty input.user.roles
# so this may be valid, depending on the outcome you expect
count(input.user.roles) > 0
every role in input.user.roles {
# .. do more with each role ..
}
}
If you want to have empty collections fail on every conditions, do make sure to use count!
This linter rule provides the following configuration options:
rules:
bugs:
redundant-loop-count:
# one of "error", "warning", "ignore"
level: error