Turns out we were deleting the hash args in the validation loop without dup'ing (#3044)

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

lib/resources/aws/aws_iam_policy.rb

@@ -93,8 +93,9 @@ class AwsIamPolicy < Inspec.resource(1)
     end
   end
 
-  def has_statement?(raw_criteria = {})
+  def has_statement?(provided_criteria = {})
     return nil unless exists?
+    raw_criteria = provided_criteria.dup # provided_criteria is used for output formatting - can't delete from it.
     criteria = has_statement__normalize_criteria(has_statement__validate_criteria(raw_criteria))
     @normalized_statements ||= has_statement__normalize_statements
     statements = has_statement__focus_on_sid(@normalized_statements, criteria)

lib/resources/aws/aws_security_group.rb

@@ -19,22 +19,22 @@ class AwsSecurityGroup < Inspec.resource(1)
   end
 
   def allow_in?(criteria = {})
-    allow(inbound_rules, criteria)
+    allow(inbound_rules, criteria.dup)
   end
   RSpec::Matchers.alias_matcher :allow_in, :be_allow_in
 
   def allow_out?(criteria = {})
-    allow(outbound_rules, criteria)
+    allow(outbound_rules, criteria.dup)
   end
   RSpec::Matchers.alias_matcher :allow_out, :be_allow_out
 
   def allow_in_only?(criteria = {})
-    allow_only(inbound_rules, criteria)
+    allow_only(inbound_rules, criteria.dup)
   end
   RSpec::Matchers.alias_matcher :allow_in_only, :be_allow_in_only
 
   def allow_out_only?(criteria = {})
-    allow_only(outbound_rules, criteria)
+    allow_only(outbound_rules, criteria.dup)
   end
   RSpec::Matchers.alias_matcher :allow_out_only, :be_allow_out_only