From f4f7bcb1b0cee45a0492ab4b53e3e81c0361edba Mon Sep 17 00:00:00 2001
From: tronxd <tron47@gmail.com>
Date: Tue, 20 Sep 2022 17:15:34 +0300
Subject: [PATCH] handle a case where the authorization field is missing in
 APIGatewayAuthorization check

---
 .../checks/resource/aws/APIGatewayAuthorization.py        | 2 +-
 .../checks/resource/aws/test_APIGatewayAuthorization.py   | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/checkov/terraform/checks/resource/aws/APIGatewayAuthorization.py b/checkov/terraform/checks/resource/aws/APIGatewayAuthorization.py
index d75d685a95c..8b834760eeb 100644
--- a/checkov/terraform/checks/resource/aws/APIGatewayAuthorization.py
+++ b/checkov/terraform/checks/resource/aws/APIGatewayAuthorization.py
@@ -13,7 +13,7 @@ def __init__(self):
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 
     def scan_resource_conf(self, conf):
-        if 'http_method' in conf and conf['http_method'][0] != "OPTIONS" and conf['authorization'][0] == "NONE" \
+        if 'http_method' in conf and conf['http_method'][0] != "OPTIONS" and ('authorization' not in conf or conf['authorization'][0] == "NONE") \
                 and ('api_key_required' not in conf or conf['api_key_required'][0] is False):
             return CheckResult.FAILED
         return CheckResult.PASSED
diff --git a/tests/terraform/checks/resource/aws/test_APIGatewayAuthorization.py b/tests/terraform/checks/resource/aws/test_APIGatewayAuthorization.py
index 947b32d24eb..bb850bfddd8 100644
--- a/tests/terraform/checks/resource/aws/test_APIGatewayAuthorization.py
+++ b/tests/terraform/checks/resource/aws/test_APIGatewayAuthorization.py
@@ -14,7 +14,6 @@ def test_failure(self):
         scan_result = check.scan_resource_conf(conf=resource_conf)
         self.assertEqual(CheckResult.FAILED, scan_result)
 
-
     def test_success(self):
         resource_conf = {"rest_api_id": ["${var.rest_api_id}"],
                          "resource_id": ["${var.resource_id}"],
@@ -32,6 +31,13 @@ def test_success_apikey(self):
         scan_result = check.scan_resource_conf(conf=resource_conf)
         self.assertEqual(CheckResult.PASSED, scan_result)
 
+    def test_authorization_missing(self):
+        resource_conf = {"rest_api_id": ["${var.rest_api_id}"],
+                         "resource_id": ["${var.resource_id}"],
+                         "http_method": ["${var.method}"]}
+        scan_result = check.scan_resource_conf(conf=resource_conf)
+        self.assertEqual(CheckResult.FAILED, scan_result)
+
 
 if __name__ == '__main__':
     unittest.main()