fix some..in lint issue

assets/queries/terraform/aws/service_control_policies_disabled/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	org := input.document[i].resource.aws_organizations_organization[name]
+	some doc in input.document
+	org := doc.resource.aws_organizations_organization[name]
 
 	org.feature_set == "CONSOLIDATED_BILLING"
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_organizations_organization",
 		"resourceName": tf_lib.get_resource_name(org, name),
 		"searchKey": sprintf("aws_organizations_organization[%s].feature_set", [name]),

assets/queries/terraform/aws/ses_policy_with_allowed_iam_actions/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_ses_identity_policy[name]
+	some doc in input.document
+	resource := doc.resource.aws_ses_identity_policy[name]
 
 	tf_lib.allows_action_from_all_principals(resource.policy, "*")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_ses_identity_policy",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_ses_identity_policy[%s].policy", [name]),

assets/queries/terraform/aws/shield_advanced_not_in_use/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 resources := {
 	"aws_cloudfront_distribution",
@@ -12,12 +13,13 @@ resources := {
 }
 
 CxPolicy[result] {
-	target := input.document[i].resource[resources[idx]][name]
+	some doc in input.document
+	target := doc.resource[resources[idx]][name]
 
 	not has_shield_advanced(name)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": resources[idx],
 		"resourceName": tf_lib.get_resource_name(target, name),
 		"searchKey": sprintf("%s[%s]", [resources[idx], name]),

assets/queries/terraform/aws/sns_topic_encrypted_with_aws_managed_key/query.rego

@@ -1,14 +1,16 @@
 package Cx
 
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_sns_topic[name]
+	some doc in input.document
+	resource := doc.resource.aws_sns_topic[name]
 
 	tf_lib.uses_aws_managed_key(resource.kms_master_key_id, "alias/aws/sns")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_sns_topic",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_sns_topic[%s].kms_master_key_id", [name]),

assets/queries/terraform/aws/sns_topic_is_publicly_accessible/query.rego

@@ -2,19 +2,21 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_sns_topic[name]
+	some doc in input.document
+	resource := doc.resource.aws_sns_topic[name]
 
 	policy := common_lib.json_unmarshal(resource.policy)
 	st := common_lib.get_statement(policy)
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	tf_lib.anyPrincipal(statement)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_sns_topic",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_sns_topic[%s].policy", [name]),

assets/queries/terraform/aws/sns_topic_not_encrypted/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_sns_topic[name]
+	some doc in input.document
+	resource := doc.resource.aws_sns_topic[name]
 
 	not common_lib.valid_key(resource, "kms_master_key_id")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_sns_topic",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_sns_topic[%s]", [name]),
@@ -20,12 +22,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_sns_topic[name]
+	some doc in input.document
+	resource := doc.resource.aws_sns_topic[name]
 
 	resource.kms_master_key_id == ""
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_sns_topic",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_sns_topic[%s].kms_master_key_id", [name]),

assets/queries/terraform/aws/sns_topic_publicity_has_allow_and_not_action_simultaneously/query.rego

@@ -2,24 +2,25 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	document := input.document[i]
+	some doc in input.document
 	resources := {"aws_sns_topic", "aws_sns_topic_policy"}
-	resource := document.resource[resources[r]][name]
+	resource := doc.resource[resources[r]][name]
 	policy := resource.policy
 
 	validate_json(policy)
 
 	pol := common_lib.json_unmarshal(policy)
 	st := common_lib.get_statement(pol)
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	statement.NotAction
 
 	result := {
-		"documentId": document.id,
+		"documentId": doc.id,
 		"resourceType": resources[r],
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("%s[%s].policy", [resources[r], name]),
@@ -31,7 +32,8 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	module := input.document[i].module[name]
+	some doc in input.document
+	module := doc.module[name]
 	keyToCheck := common_lib.get_module_equivalent_key("aws", module.source, "aws_sns_topic_policy", "policy")
 
 	policy := module[keyToCheck]
@@ -40,13 +42,13 @@ CxPolicy[result] {
 
 	pol := common_lib.json_unmarshal(policy)
 	st := common_lib.get_statement(pol)
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	statement.NotAction
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "n/a",
 		"resourceName": "n/a",
 		"searchKey": sprintf("module[%s].policy", [name]),

assets/queries/terraform/aws/sql_analysis_services_port_2383_is_publicly_accessible/query.rego

@@ -1,14 +1,16 @@
 package Cx
 
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_security_group[name]
+	some doc in input.document
+	resource := doc.resource.aws_security_group[name]
 
 	tf_lib.portOpenToInternet(resource.ingress, 2383)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_security_group",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_security_group[%s].ingress", [name]),

assets/queries/terraform/aws/sqs_policy_allows_all_actions/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_sqs_queue_policy[name]
+	some doc in input.document
+	resource := doc.resource.aws_sqs_queue_policy[name]
 
 	tf_lib.allows_action_from_all_principals(resource.policy, "*")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_sqs_queue_policy",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_sqs_queue_policy[%s].policy", [name]),
@@ -21,13 +23,14 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	module := input.document[i].module[name]
+	some doc in input.document
+	module := doc.module[name]
 	keyToCheck := common_lib.get_module_equivalent_key("aws", module.source, "aws_sqs_queue_policy", "policy")
 
 	tf_lib.allows_action_from_all_principals(module[keyToCheck], "*")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "n/a",
 		"resourceName": "n/a",
 		"searchKey": sprintf("module[%s].%s", [name, keyToCheck]),

assets/queries/terraform/aws/sqs_policy_with_public_access/query.rego

@@ -2,20 +2,22 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_sqs_queue_policy[name]
+	some doc in input.document
+	resource := doc.resource.aws_sqs_queue_policy[name]
 
 	policy := common_lib.json_unmarshal(resource.policy)
 	st := common_lib.get_statement(policy)
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	check_principal(statement.Principal, "*")
 	tf_lib.anyPrincipal(statement)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_sqs_queue_policy",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_sqs_queue_policy[%s].policy", [name]),

assets/queries/terraform/aws/sqs_queue_exposed/query.rego

@@ -2,14 +2,16 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_sqs_queue[name]
+	some doc in input.document
+	resource := doc.resource.aws_sqs_queue[name]
 
 	exposed(resource.policy)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_sqs_queue",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_sqs_queue[%s].policy", [name]),
@@ -21,13 +23,14 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	module := input.document[i].module[name]
+	some doc in input.document
+	module := doc.module[name]
 	keyToCheck := common_lib.get_module_equivalent_key("aws", module.source, "aws_sqs_queue", "policy")
 
 	exposed(module[keyToCheck])
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "n/a",
 		"resourceName": "n/a",
 		"searchKey": sprintf("module[%s]", [name]),
@@ -41,7 +44,7 @@ CxPolicy[result] {
 exposed(policyValue) {
 	policy := common_lib.json_unmarshal(policyValue)
 	st := common_lib.get_statement(policy)
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 	tf_lib.anyPrincipal(statement)

assets/queries/terraform/aws/sqs_vpc_endpoint_without_dns_resolution/query.rego

@@ -2,9 +2,11 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	resource := input.document[i].resource.aws_vpc_endpoint[name]
+	some doc in input.document
+	resource := doc.resource.aws_vpc_endpoint[name]
 
 	serviceNameSplit := split(resource.service_name, ".")
 	serviceNameSplit[count(serviceNameSplit) - 1] == "sqs"
@@ -14,7 +16,7 @@ CxPolicy[result] {
 	vpc.enable_dns_support == false
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "aws_vpc_endpoint",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_vpc_endpoint[%s].vpc_id", [name]),
@@ -26,13 +28,14 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	module := input.document[i].module[name]
+	some doc in input.document
+	module := doc.module[name]
 	keyToCheck := common_lib.get_module_equivalent_key("aws", module.source, "aws_vpc", "enable_dns_support")
 
 	module[keyToCheck] == false
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "n/a",
 		"resourceName": "n/a",
 		"searchKey": sprintf("module[%s].enable_dns_support", [name]),