🐛 Let resolved policy tell you if something is a check (#1541)

The output was using an off-handed way of trying to determine if
something is a check. The reporting job type has this exact information.

Fixes #1540

cli/reporter/cli_reporter.go

@@ -14,6 +14,7 @@ import (
 	"go.mondoo.com/cnquery/v11"
 	"go.mondoo.com/cnquery/v11/cli/printer"
 	"go.mondoo.com/cnquery/v11/cli/theme/colors"
+	"go.mondoo.com/cnquery/v11/logger"
 	"go.mondoo.com/cnquery/v11/mqlc"
 	"go.mondoo.com/cnquery/v11/providers"
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/resources"
@@ -108,6 +109,8 @@ func (r *Reporter) WithOutput(out io.Writer) *Reporter {
 }
 
 func (r *Reporter) WriteReport(ctx context.Context, data *policy.ReportCollection) error {
+	// write data to file for debugging
+	logger.DebugDumpJSON("report-collection", data)
 	features := cnquery.GetFeatures(ctx)
 	switch r.Conf.format {
 	case FormatCompact, FormatSummary, FormatFull:

cli/reporter/json.go

@@ -105,6 +105,11 @@ func ConvertToJSON(data *policy.ReportCollection, out iox.OutputHelper) error {
 			return errors.New("cannot find resolved pack for " + id + " in report")
 		}
 
+		reportingJobByQrId := map[string]*policy.ReportingJob{}
+		for _, job := range resolved.CollectorJob.ReportingJobs {
+			reportingJobByQrId[job.QrId] = job
+		}
+
 		results := report.RawResults()
 		pre2 := ""
 		for qid, query := range resolved.ExecutionJob.Queries {
@@ -114,8 +119,10 @@ func ConvertToJSON(data *policy.ReportCollection, out iox.OutputHelper) error {
 				continue
 			}
 			// checks
-			if _, ok := report.Scores[qid]; ok {
-				continue
+			if rj, ok := reportingJobByQrId[mrn]; ok {
+				if !(rj.Type == policy.ReportingJob_DATA_QUERY || rj.Type == policy.ReportingJob_CHECK_AND_DATA_QUERY) {
+					continue
+				}
 			}
 
 			out.WriteString(pre2 + llx.PrettyPrintString(mrn) + ":")

cli/reporter/json_test.go

@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"fmt"
 	"os"
 	"testing"
 
@@ -19,7 +20,23 @@ import (
 )
 
 func TestJsonOutput(t *testing.T) {
-	reportCollectionRaw, err := os.ReadFile("./testdata/report-ubuntu.json")
+	// You can reproduce the report by running
+	// DEBUG=1 cnspec scan local -f bundle.mql.yaml
+	// where
+	// bundle.mql.yaml contains
+	// policies:
+	// - uid: custom-test-policy-1
+	//   name: Custom Test Policy 1
+	//   groups:
+	//   - filters: |
+	// 	  return true
+	// 	checks:
+	// 	- uid: custom-query-passing-1
+	// 	  title: Failing Query
+	// 	  mql: |
+	// 		true == true
+
+	reportCollectionRaw, err := os.ReadFile("./testdata/simple-report.json")
 	require.NoError(t, err)
 
 	yr := &policy.ReportCollection{}
@@ -41,9 +58,10 @@ func TestJsonOutput(t *testing.T) {
 	err = r.WriteReport(context.Background(), yr)
 	require.NoError(t, err)
 	valid := json.Valid(buf.Bytes())
+	fmt.Println(buf.String())
 	require.True(t, valid)
 
-	assert.Contains(t, buf.String(), "//policy.api.mondoo.app/queries/mondoo-linux-security-permissions-on-etcgshadow-are-configured\":{\"score\":100,\"status\":\"pass\"}")
+	assert.Contains(t, buf.String(), "//local.cnspec.io/run/local-execution/queries/custom-query-passing-1\":{\"score\":100,\"status\":\"pass\"}")
 	assert.Contains(t, buf.String(), "\"errors\":{}")
 }
 

cli/reporter/proto.go

@@ -69,6 +69,11 @@ func ConvertToProto(data *policy.ReportCollection) (*Report, error) {
 			return nil, errors.New("cannot find resolved pack for " + id + " in report")
 		}
 
+		reportingJobByQrId := map[string]*policy.ReportingJob{}
+		for _, job := range resolved.CollectorJob.ReportingJobs {
+			reportingJobByQrId[job.QrId] = job
+		}
+
 		results := report.RawResults()
 		if resolved.ExecutionJob == nil {
 			continue
@@ -81,8 +86,10 @@ func ConvertToProto(data *policy.ReportCollection) (*Report, error) {
 				continue
 			}
 			// checks
-			if _, ok := report.Scores[qid]; ok {
-				continue
+			if rj, ok := reportingJobByQrId[mrn]; ok {
+				if !(rj.Type == policy.ReportingJob_DATA_QUERY || rj.Type == policy.ReportingJob_CHECK_AND_DATA_QUERY) {
+					continue
+				}
 			}
 
 			buf := &bytes.Buffer{}