fix more some lint issues and unit tests

assets/queries/ansible/azure/azure_instance_using_basic_authentication/query.rego

@@ -1,14 +1,16 @@
 package Cx
 
 import future.keywords.if
+import future.keywords.in
 
 CxPolicy[result] {
-	vm := input.document[i].playbooks[k].azure_rm_virtualmachine
+	some doc in input.document
+	vm := doc.playbooks[k].azure_rm_virtualmachine
 	is_linux_vm(vm)
 	not vm.ssh_password_enabled == false
 	not vm.linux_config.disable_password_authentication == false
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "azure_rm_virtualmachine",
 		"resourceName": vm.name,
 		"searchKey": sprintf("azure_rm_virtualmachine[%s].ssh_public_keys", [vm.name]),

assets/queries/ansible/config/allow_unsafe_lookups_enabled/query.rego

@@ -1,14 +1,16 @@
 package Cx
 
 import data.generic.ansible as ansLib
+import future.keywords.in
 
 CxPolicy[result] {
-	defaultsGroup := input.document[i].groups.defaults
+	some doc in input.document
+	defaultsGroup := doc.groups.defaults
 
 	defaultsGroup.allow_unsafe_lookups == true
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceName": "defaults",
 		"resourceType": "n/a",
 		"searchKey": "defaults.allow_unsafe_lookups",

assets/queries/ansible/config/communication_over_http/query.rego

@@ -2,15 +2,17 @@ package Cx
 
 import data.generic.ansible as ansLib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	galaxyGroup := input.document[i].groups.galaxy
+	some doc in input.document
+	galaxyGroup := doc.groups.galaxy
 
 	url := galaxyGroup.server
 	startswith(url, "http://")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": "n/a",
 		"resourceName": "n/a",
 		"searchKey": "[galaxy].server",

assets/queries/ansible/config/logging_of_sensitive_data/query.rego

@@ -1,14 +1,16 @@
 package Cx
 
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	defaultsGroup := input.document[i].groups.defaults
+	some doc in input.document
+	defaultsGroup := doc.groups.defaults
 
 	not common_lib.valid_key(defaultsGroup, "no_log")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"searchKey": "defaults",
 		"issueType": "IncorrectValue",
 		"resourceType": "n/a",
@@ -19,12 +21,13 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	defaultsGroup := input.document[i].groups.defaults
+	some doc in input.document
+	defaultsGroup := doc.groups.defaults
 
 	defaultsGroup.no_log == false
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"searchKey": "defaults.no_log",
 		"issueType": "IncorrectValue",
 		"resourceType": "n/a",

assets/queries/azureResourceManager/log_profile_incorrect_category/query.rego

@@ -2,9 +2,10 @@ package Cx
 
 import data.generic.azureresourcemanager as arm_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	doc := input.document[i]
+	some doc in input.document
 	[path, value] = walk(doc)
 
 	value.type == "microsoft.insights/logprofiles"
@@ -13,7 +14,7 @@ CxPolicy[result] {
 	all([category != "Write", category != "Delete", category != "Action"])
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": value.type,
 		"resourceName": value.name,
 		"searchKey": sprintf("%s.name={{%s}}.properties.categories", [common_lib.concat_path(path), value.name]),

assets/queries/azureResourceManager/trusted_microsoft_services_not_enabled/query.rego

@@ -2,9 +2,10 @@ package Cx
 
 import data.generic.azureresourcemanager as arm_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	doc := input.document[i]
+	some doc in input.document
 	[path, value] = walk(doc)
 
 	value.type == "Microsoft.Storage/storageAccounts"
@@ -16,7 +17,7 @@ CxPolicy[result] {
 	not contains_azure_service(bp_val)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": value.type,
 		"resourceName": value.name,
 		"searchKey": sprintf("%s.name=%s.properties.networkAcls", [common_lib.concat_path(path), value.name]),

assets/queries/cloudFormation/aws/cloudtrail_not_integrated_with_cloudwatch/query.rego

@@ -2,12 +2,15 @@ package Cx
 
 import data.generic.cloudformation as cf_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
+	some name in document.Resources
 	resource := document.Resources[name]
 	resource.Type == "AWS::CloudTrail::Trail"
 	attributes := {"CloudWatchLogsLogGroupArn", "CloudWatchLogsRoleArn"}
+	some a in attributes
 	attr := attributes[a]
 
 	not common_lib.valid_key(resource.Properties, attr)

assets/queries/cloudFormation/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/query.rego

@@ -2,16 +2,17 @@ package Cx
 
 import data.generic.cloudformation as cf_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	docs := input.document[i]
+	some docs in input.document
 	[path, Resources] := walk(docs)
 	resource := Resources[name]
 	resource.Type == "AWS::IAM::Role"
 
 	policy := resource.Properties.AssumeRolePolicyDocument
 	st := common_lib.get_statement(common_lib.get_policy(policy))
-	statement := st[_]
+	some statement in st
 
 	common_lib.is_allow_effect(statement)
 
@@ -22,7 +23,7 @@ CxPolicy[result] {
 	not common_lib.has_mfa(statement)
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": docs.id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("%s%s.Properties.AssumeRolePolicyDocument", [cf_lib.getPath(path), name]),

assets/queries/cloudFormation/aws/dynamodb_table_not_encrypted/query.rego

@@ -6,8 +6,6 @@ import future.keywords.in
 
 CxPolicy[result] {
 	some document in input.document
-	some key in document.Resources
-
 	resource := document.Resources[key]
 	resource.Type == "AWS::DynamoDB::Table"
 	properties := resource.Properties
@@ -26,8 +24,6 @@ CxPolicy[result] {
 
 CxPolicy[result] {
 	some document in input.document
-	some key in document.Resources
-
 	resource := document.Resources[key]
 	resource.Type == "AWS::DynamoDB::Table"
 	properties := resource.Properties

assets/queries/cloudFormation/aws/ebs_volume_without_kms_key_id/query.rego

@@ -2,9 +2,11 @@ package Cx
 
 import data.generic.cloudformation as cf_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
+	some key in document.Resources
 	resource := document.Resources[key]
 	resource.Type == "AWS::EC2::Volume"
 
@@ -13,7 +15,7 @@ CxPolicy[result] {
 	not common_lib.valid_key(properties, "KmsKeyId")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, key),
 		"searchKey": sprintf("Resources.%s.Properties", [key]),

assets/queries/cloudFormation/aws/efs_not_encrypted/query.rego

@@ -3,14 +3,16 @@ package Cx
 import data.generic.cloudformation as cf_lib
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
+	some key in document.Resources
+
 	resource = document.Resources[key]
 	resource.Type == "AWS::EFS::FileSystem"
 	properties := resource.Properties
 	properties.Encrypted == false
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, key),
 		"searchKey": sprintf("Resources.%s.Properties.Encrypted", [key]),

assets/queries/cloudFormation/aws/elasticache_using_default_port/query.rego

@@ -6,8 +6,6 @@ import future.keywords.in
 
 CxPolicy[result] {
 	some document in input.document
-	some name in document.Resources
-
 	resource := document.Resources[name]
 	resource.Type = "AWS::ElastiCache::ReplicationGroup"
 	properties := resource.Properties

assets/queries/cloudFormation/aws/rds_with_backup_disabled/query.rego

@@ -1,16 +1,19 @@
 package Cx
 
 import data.generic.cloudformation as cf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	docs := input.document[i]
+	some docs in input.document
 	[path, Resources] := walk(docs)
+	some name in Resources
+
 	resource := Resources[name]
 	resource.Type == "AWS::RDS::DBInstance"
 	to_number(resource.Properties.BackupRetentionPeriod) == 0
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": docs.id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("%s%s.Properties.BackupRetentionPeriod", [cf_lib.getPath(path), name]),

assets/queries/cloudFormation/aws/routertable_with_default_routing/query.rego

@@ -2,18 +2,21 @@ package Cx
 
 import data.generic.cloudformation as cf_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	docs := input.document[i]
+	some doc in input.document
 	[path, Resources] := walk(docs)
+	some key in Resources
+
 	resource := Resources[key]
 	resource.Type == "AWS::EC2::Route"
 
 	properties := resource.Properties
 	properties.DestinationCidrBlock == "0.0.0.0/0"
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, key),
 		"searchKey": sprintf("%s%s.Properties.DestinationCidrBlock", [cf_lib.getPath(path), key]),
@@ -24,16 +27,18 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	docs := input.document[i]
+	some doc in input.document
 	[path, Resources] := walk(docs)
+	some key in Resources
+
 	resource := Resources[key]
 	resource.Type == "AWS::EC2::Route"
 
 	properties := resource.Properties
 	properties.DestinationIpv6CidrBlock == "::/0"
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, key),
 		"searchKey": sprintf("%s%s.Properties.DestinationIpv6CidrBlock", [cf_lib.getPath(path), key]),
@@ -44,16 +49,18 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	docs := input.document[i]
+	some doc in input.document
 	[path, Resources] := walk(docs)
+	some key in Resources
+
 	resource := Resources[key]
 	resource.Type == "AWS::EC2::Route"
 
 	properties := resource.Properties
 	not common_lib.valid_key(properties, "NatGatewayId")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, key),
 		"searchKey": sprintf("%s%s.Properties", [cf_lib.getPath(path), key]),

assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_or_write_to_all_users/query.rego

@@ -1,17 +1,20 @@
 package Cx
 
 import data.generic.cloudformation as cf_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	docs := input.document[i]
+	some doc in input.document
 	[path, Resources] := walk(docs)
+	some name in Resources
+
 	resource := Resources[name]
 	properties := resource.Properties
 	resource.Type == "AWS::S3::Bucket"
 	properties.AccessControl == "PublicReadWrite"
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("%s%s.AccessControl", [cf_lib.getPath(path), name]),

assets/queries/cloudFormation/aws/s3_bucket_allows_delete_actions_from_all_principals/query.rego

@@ -2,22 +2,25 @@ package Cx
 
 import data.generic.cloudformation as cf_lib
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	docs := input.document[i]
+	some doc in input.document
 	[path, Resources] := walk(docs)
+	some name in Resources
+
 	resource := Resources[name]
 	resource.Type == "AWS::S3::BucketPolicy"
 
 	policy := resource.Properties.PolicyDocument
 	st := common_lib.get_statement(common_lib.get_policy(policy))
-	statement := st[_]
+	some statement in st
 	common_lib.is_allow_effect(statement)
 	common_lib.equalsOrInArray(statement.Principal, "*")
 	cf_lib.checkAction(statement.Action, "delete")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": doc.id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("%s%s.Properties.PolicyDocument", [cf_lib.getPath(path), name]),

assets/queries/cloudFormation/aws/s3_bucket_logging_disabled/query.rego

@@ -7,7 +7,6 @@ import future.keywords.in
 CxPolicy[result] {
 	some doc in input.document
 	[path, Resources] := walk(docs)
-	some name in Resources
 	resource := Resources[name]
 	resource.Type == "AWS::S3::Bucket"
 	prop := resource.Properties