redundant-loop-count

Summary: Redundant count before loop

Category: Bugs

Avoid

package policy

allow if {
    # redundant count and > comparison
    count(input.user.roles) > 0
    some role in input.user.roles
    # .. do more with role ..
}

Prefer

package policy

allow if {
    some role in input.user.roles
    # .. do more with role ..
}

Rationale

A loop that iterates over an empty collection evaluates to nothing, and counting the collection before the loop to ensure it's not empty is therefore redundant.

Exceptions

Note that this check is currently only performed on some loops, and not "ref-style" loops:

package policy

allow if {
    # this won't be flagged
    count(input.user.roles) > 0
    role := input.user.roles[_]
    # .. do more with role ..
}

Another good reason to prefer some .. in for iteration!

`every` iteration

Counting to ensure a non-empty collection is used before every loops may not be redundant, as every evaluates to true when an empty collection is passed.

package policy

allow if {
    # every would otherwise be `true` on empty input.user.roles
    # so this may be valid, depending on the outcome you expect
    count(input.user.roles) > 0
    every role in input.user.roles {
        # .. do more with each role ..
    }
}

If you want to have empty collections fail on every conditions, do make sure to use count!

Configuration Options

This linter rule provides the following configuration options:

rules:
  bugs:
    redundant-loop-count:
      # one of "error", "warning", "ignore"
      level: error

Rationale​

Exceptions​

every iteration​

Configuration Options​

Rationale

Exceptions

`every` iteration

Configuration Options