fix(terraform): APIGatewayAuthorization check missing authorization (#…

…3545)

handle a case where the authorization field is missing in APIGatewayAuthorization check

checkov/terraform/checks/resource/aws/APIGatewayAuthorization.py

@@ -13,7 +13,7 @@ def __init__(self):
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 
     def scan_resource_conf(self, conf):
-        if 'http_method' in conf and conf['http_method'][0] != "OPTIONS" and conf['authorization'][0] == "NONE" \
+        if 'http_method' in conf and conf['http_method'][0] != "OPTIONS" and ('authorization' not in conf or conf['authorization'][0] == "NONE") \
                 and ('api_key_required' not in conf or conf['api_key_required'][0] is False):
             return CheckResult.FAILED
         return CheckResult.PASSED

tests/terraform/checks/resource/aws/test_APIGatewayAuthorization.py

@@ -14,7 +14,6 @@ def test_failure(self):
         scan_result = check.scan_resource_conf(conf=resource_conf)
         self.assertEqual(CheckResult.FAILED, scan_result)
 
-
     def test_success(self):
         resource_conf = {"rest_api_id": ["${var.rest_api_id}"],
                          "resource_id": ["${var.resource_id}"],
@@ -32,6 +31,13 @@ def test_success_apikey(self):
         scan_result = check.scan_resource_conf(conf=resource_conf)
         self.assertEqual(CheckResult.PASSED, scan_result)
 
+    def test_authorization_missing(self):
+        resource_conf = {"rest_api_id": ["${var.rest_api_id}"],
+                         "resource_id": ["${var.resource_id}"],
+                         "http_method": ["${var.method}"]}
+        scan_result = check.scan_resource_conf(conf=resource_conf)
+        self.assertEqual(CheckResult.FAILED, scan_result)
+
 
 if __name__ == '__main__':
     unittest.main()