Example somewhat exaggerated, but hopefully well suited for demonstration.
Avoid
allow if {
resp := http.send({"method": "get", "url": "http://example.org"})
"developer" in input.user.roles # if this fails, `resp` assignment was for nothing
resp.status.code == 200
}
Prefer
allow if {
"developer" in input.user.roles
resp := http.send({"method": "get", "url": "http://example.org"})
resp.status.code == 200
}
The basic idea would be to recommend moving assignments next to where they're used, as having checks in between where the value of assignment isn't used may render the (potentially costly) assignment redundant.
Example somewhat exaggerated, but hopefully well suited for demonstration.
Avoid
Prefer
The basic idea would be to recommend moving assignments next to where they're used, as having checks in between where the value of assignment isn't used may render the (potentially costly) assignment redundant.