fix(terraform): fix external modules ids in graph report (#3584)

* save referrer id in graph report records * fix getting breadcrumbs * add test
bridgecrewio · Sep 29, 2022 · 61d8bbd · 61d8bbd
1 parent f90f44b
commit 61d8bbd
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/checkov/terraform/runner.py b/checkov/terraform/runner.py
@@ -215,6 +215,14 @@ def get_graph_checks_report(self, root_folder: str, runner_filter: RunnerFilter)
                     connected_node_data = self.get_connected_node(entity, root_folder)
                     if platform.system() == "Windows":
                         root_folder = os.path.split(full_file_path)[0]
+                    resource_id = ".".join(entity_context['definition_path'])
+                    resource = resource_id
+                    module_dependency = entity.get("module_dependency_")
+                    module_dependency_num = entity.get("module_dependency_num_")
+                    if module_dependency and module_dependency_num:
+                        referrer_id = self._find_id_for_referrer(f'{full_file_path}[{module_dependency}#{module_dependency_num}]')
+                        if referrer_id:
+                            resource = f'{referrer_id}.{resource_id}'
                     record = Record(
                         check_id=check.id,
                         bc_check_id=check.bc_id,
@@ -224,7 +232,7 @@ def get_graph_checks_report(self, root_folder: str, runner_filter: RunnerFilter)
                         file_path=f"/{os.path.relpath(full_file_path, root_folder)}",
                         file_line_range=[entity_context.get('start_line'),
                                          entity_context.get('end_line')],
-                        resource=".".join(entity_context['definition_path']),
+                        resource=resource,
                         entity_tags=entity.get('tags', {}),
                         evaluations=entity_evaluations,
                         check_class=check.__class__.__module__,
@@ -236,7 +244,7 @@ def get_graph_checks_report(self, root_folder: str, runner_filter: RunnerFilter)
                         connected_node=connected_node_data
                     )
                     if self.breadcrumbs:
-                        breadcrumb = self.breadcrumbs.get(record.file_path, {}).get(record.resource)
+                        breadcrumb = self.breadcrumbs.get(record.file_path, {}).get(resource_id)
                         if breadcrumb:
                             record = GraphRecord(record, breadcrumb)
                     record.set_guideline(check.guideline)

diff --git a/tests/terraform/graph/runner/test_graph_builder.py b/tests/terraform/graph/runner/test_graph_builder.py
@@ -67,5 +67,6 @@ def test_module_and_variables(self):
                 bc = bc[0]
                 self.assertEqual(bc.get('type'), 'module')
                 self.assertEqual(os.path.relpath(bc.get('path'), resources_path), 'examples/complete/main.tf')
+                self.assertEqual(record.resource, 'module.s3_bucket.aws_s3_bucket.default')
 
         self.assertTrue(found_versioning_failure)