fix(terraform): Fixing some broke flow in dynamic blocks rendering (b…

…ridgecrewio#3879)

* Fixing some broke flow in dynamic blocks rendering

* number to string

* UT fix

checkov/terraform/checks/resource/aws/WAFACLCVE202144228.py

@@ -21,6 +21,8 @@ def scan_resource_conf(self, conf: Dict[str, Any]) -> CheckResult:
             statement = rule.get("statement")
             if statement:
                 self.evaluated_keys = [f"rule/[{idx_rule}]/statement/[0]/managed_rule_group_statement"]
+                if not isinstance(statement, list):
+                    return CheckResult.UNKNOWN
                 managed_group = statement[0].get("managed_rule_group_statement")
                 if managed_group:
                     self.evaluated_keys = [f"rule/[{idx_rule}]/statement/[0]/managed_rule_group_statement/[0]/name"]

checkov/terraform/graph_builder/variable_rendering/renderer.py

@@ -365,7 +365,10 @@ def _process_dynamic_blocks(dynamic_blocks: list[dict[str, Any]] | dict[str, Any
                                 dpath.set(block_conf, dynamic_argument,
                                           dynamic_value[block_name][0][dynamic_value_in_map], separator='.')
                         else:
-                            dpath.set(block_conf, dynamic_argument, dynamic_value, separator='.')
+                            if isinstance(dynamic_value, dict) and dynamic_argument in dynamic_value:
+                                dpath.set(block_conf, dynamic_argument, dynamic_value[dynamic_argument], separator='.')
+                            else:
+                                dpath.set(block_conf, dynamic_argument, dynamic_value, separator='.')
 
                     block_confs.append(block_conf)
                 rendered_blocks[block_name] = block_confs if len(block_confs) > 1 else block_confs[0]

tests/terraform/graph/variable_rendering/test_renderer.py

@@ -254,9 +254,9 @@ def test_dynamic_blocks_with_map(self):
             resources_vertex = list(filter(lambda v: v.block_type == BlockType.RESOURCE, local_graph.vertices))
             assert len(resources_vertex[0].attributes.get('ingress')) == 2
             assert resources_vertex[0].attributes.get('ingress') == \
-                   [{'action': 'allow', 'cidr_block': ['10.0.0.1/32'], 'from_port': 22, 'protocol': 'tcp', 'rule_no': 1,
+                   [{'action': 'allow', 'cidr_block': '10.0.0.1/32', 'from_port': 22, 'protocol': 'tcp', 'rule_no': 1,
                      'to_port': 22},
-                    {'action': 'allow', 'cidr_block': ['10.0.0.2/32'], 'from_port': 22, 'protocol': 'tcp', 'rule_no': 2,
+                    {'action': 'allow', 'cidr_block': '10.0.0.2/32', 'from_port': 22, 'protocol': 'tcp', 'rule_no': 2,
                      'to_port': 22}]
 
     def test_dynamic_blocks_with_nesting_attributes(self):

tests/terraform/graph/variable_rendering/test_resources/dynamic_blocks_map/variables.tf

@@ -1,17 +1,17 @@
 variable "http_headers" {
   type = list(object({
     num    = number
-    values = list
+    values = string
   }))
   default = [{
     "num": 1,
     "protoc": "tcp",
-    "values": ["10.0.0.1/32"]
+    "values": "10.0.0.1/32"
   },
   {
     "num": 2,
     "protoc": "tcp",
-    "values": ["10.0.0.2/32"]
+    "values": "10.0.0.2/32"
   }]
 }
 

tests/terraform/graph/variable_rendering/test_resources/dynamic_blocks_map_brackets/variables.tf

@@ -1,17 +1,17 @@
 variable "http_headers" {
   type = list(object({
     num    = number
-    values = list
+    values = string
   }))
   default = [{
     "num": 1,
     "protoc": "tcp",
-    "values": ["10.0.0.1/32"]
+    "values": "10.0.0.1/32"
   },
   {
     "num": 2,
     "protoc": "tcp",
-    "values": ["10.0.0.2/32"]
+    "values": "10.0.0.2/32"
   }]
 }