🐛 make filter queries optional (#741)

Currently filter queries that error during the compile stage will cause the execution to fail. However, with the new providers model, certain contents are now optional, thus the local compiler (given locally available schemas) will throw errors. We simply eliminate these filters from the result list. Example use-case: Have a scanner that only scans github. When it encounters filters, it will get a long list of technologies that are unsupported (like clouds and k8s). These can now simply be eliminated and moved on. Signed-off-by: Dominik Richter <[email protected]>
mondoohq · Sep 21, 2023 · 8a07a69 · 8a07a69
1 parent c32a2de
commit 8a07a69
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/examples/example.mql.yaml b/examples/example.mql.yaml
@@ -50,7 +50,7 @@ policies:
           # Here is an example of a query that uses embedded properties. 
           # These allow you to fine-tune the policy.
           - uid: home-info
-            mql: file(props.home) { * }
+            mql: file(props.home) { path basename user group }
             title: Gather info about the user's home
             props:
               - uid: home

diff --git a/policy/executor/graph.go b/policy/executor/graph.go
@@ -6,6 +6,7 @@ package executor
 import (
 	"time"
 
+	"github.com/rs/zerolog/log"
 	"go.mondoo.com/cnquery"
 	"go.mondoo.com/cnquery/cli/progress"
 	"go.mondoo.com/cnquery/explorer"
@@ -47,14 +48,15 @@ func ExecuteResolvedPolicy(runtime llx.Runtime, collectorSvc policy.PolicyResolv
 }
 
 func ExecuteFilterQueries(runtime llx.Runtime, queries []*explorer.Mquery, timeout time.Duration) ([]*explorer.Mquery, []error) {
-	var errs []error
 	queryMap := map[string]*explorer.Mquery{}
 
 	builder := internal.NewBuilder()
 	for _, m := range queries {
 		codeBundle, err := mqlc.Compile(m.Mql, nil, mqlc.NewConfig(runtime.Schema(), cnquery.DefaultFeatures))
+		// Errors for filter queries are common when they reference resources for
+		// providers that are not found on the system.
 		if err != nil {
-			errs = append(errs, err)
+			log.Debug().Err(err).Str("mql", m.Mql).Msg("skipping filter query, not supported")
 			continue
 		}
 		builder.AddQuery(codeBundle, nil, nil)
@@ -79,10 +81,11 @@ func ExecuteFilterQueries(runtime llx.Runtime, queries []*explorer.Mquery, timeo
 	builder.AddScoreCollector(collector)
 	builder.WithQueryTimeout(timeout)
 
+	var errors []error
 	ge, err := builder.Build(runtime, "")
 	if err != nil {
-		errs = append(errs, err)
-		return nil, errs
+		errors = append(errors, err)
+		return nil, errors
 	}
 
 	if err := ge.Execute(); err != nil {
@@ -96,7 +99,7 @@ func ExecuteFilterQueries(runtime llx.Runtime, queries []*explorer.Mquery, timeo
 		}
 	}
 
-	return filteredQueries, errs
+	return filteredQueries, errors
 }
 
 func ExecuteQuery(runtime llx.Runtime, codeBundle *llx.CodeBundle, props map[string]*llx.Primitive, features cnquery.Features) (*policy.Score, map[string]*llx.RawResult, error) {