From 3111192b2d96dae906c275c742f5ed43276a091e Mon Sep 17 00:00:00 2001 From: ChanochShayner Date: Sun, 20 Nov 2022 09:38:56 +0200 Subject: [PATCH 1/2] AbsRDSParameter check fix --- checkov/terraform/checks/resource/alicloud/AbsRDSParameter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkov/terraform/checks/resource/alicloud/AbsRDSParameter.py b/checkov/terraform/checks/resource/alicloud/AbsRDSParameter.py index 36d4778fcbf..9d4f5bf6b3b 100644 --- a/checkov/terraform/checks/resource/alicloud/AbsRDSParameter.py +++ b/checkov/terraform/checks/resource/alicloud/AbsRDSParameter.py @@ -20,6 +20,6 @@ def scan_resource_conf(self, conf): params = conf.get("parameters") if params and isinstance(params, list): for param in params: - if param['name'][0] == self.parameter and (param['value'][0]).lower() == 'on': + if isinstance(param, dict) and param['name'][0] == self.parameter and (param['value'][0]).lower() == 'on': return CheckResult.PASSED return CheckResult.FAILED From e0cf57ef7c4d424a8a7309a4aeec3a00531fc61e Mon Sep 17 00:00:00 2001 From: ChanochShayner Date: Sun, 20 Nov 2022 11:22:13 +0200 Subject: [PATCH 2/2] Add UT --- .../resource/alicloud/AbsRDSParameter.py | 4 +++- .../example_RDSInstanceLogConnections/main.tf | 21 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/checkov/terraform/checks/resource/alicloud/AbsRDSParameter.py b/checkov/terraform/checks/resource/alicloud/AbsRDSParameter.py index 9d4f5bf6b3b..7492d133bc0 100644 --- a/checkov/terraform/checks/resource/alicloud/AbsRDSParameter.py +++ b/checkov/terraform/checks/resource/alicloud/AbsRDSParameter.py @@ -20,6 +20,8 @@ def scan_resource_conf(self, conf): params = conf.get("parameters") if params and isinstance(params, list): for param in params: - if isinstance(param, dict) and param['name'][0] == self.parameter and (param['value'][0]).lower() == 'on': + if not isinstance(param, dict): + return CheckResult.UNKNOWN + if param['name'][0] == self.parameter and (param['value'][0]).lower() == 'on': return CheckResult.PASSED return CheckResult.FAILED diff --git a/tests/terraform/checks/resource/alicloud/example_RDSInstanceLogConnections/main.tf b/tests/terraform/checks/resource/alicloud/example_RDSInstanceLogConnections/main.tf index 827aefb14ee..d937e1f1d2e 100644 --- a/tests/terraform/checks/resource/alicloud/example_RDSInstanceLogConnections/main.tf +++ b/tests/terraform/checks/resource/alicloud/example_RDSInstanceLogConnections/main.tf @@ -101,4 +101,25 @@ resource "alicloud_db_instance" "pass2" { name = "log_connections" value = "on" } +} + +resource "alicloud_db_instance" "unknown" { + engine = "MySQL" + engine_version = "5.6" + instance_type = "rds.mysql.t1.small" + instance_storage = "10" + tde_status = "Disabled" + auto_upgrade_minor_version = "Manual" + # ssl_action="Closed" + security_ips = [ + "0.0.0.0", + "10.23.12.24/24" + ] + parameters = [{ + name = "innodb_large_prefix" + value = "ON" + }, { + name = "connect_timeout" + value = "50" + }] } \ No newline at end of file