failed to compile filters for query

[atomic111]

We have the PR https://github.com/mondoohq/cnspec-policies/pull/421

cnspec lint fails with:

RULE ID               LEVEL  FILE                        LINE  MESSAGE
  bundle-compile-error  error  mondoo-edr-policy.mql.yaml  1     could not compile policy bundle:failed to compile filters for query
                                                                 //local.cnspec.io/run/local-execution/queries/mondoo-edr-policy-ensure-sophos-endpoint-defense-is-running-windows

FTL invalid policy bundle

the filters for the query looks like:

asset.family.contains('windows')
['Sophos Endpoint Defense', 'Sophos Endpoint Agent'].all(package(_).installed) 

if I adjust the query filter to:

['Sophos Endpoint Defense', 'Sophos Endpoint Agent'].all(package(_).installed) 

then cnspec policy lints shows 'valid policy bundle'

[chris-rock]

This is caused by the leading [] on the second row. This is difficult to understand by the MQL compiler. Alternatives are:

Semicolon

Semicolon explicitly separate to mql statements.

asset.family.contains('windows');
['Sophos Endpoint Defense', 'Sophos Endpoint Agent'].all(package(_).installed)

Ampersand

To make sure multiple queries are and-connected, we can use &&. This is especially useful for asset filters since it is easy to understand.

asset.family.contains('windows') &&
['Sophos Endpoint Defense', 'Sophos Endpoint Agent'].all(package(_).installed)