From 1ef5b9145aff81f9a23ebe001ca1354009fc9c8a Mon Sep 17 00:00:00 2001 From: James Woolfenden Date: Wed, 4 Oct 2023 14:40:11 +0100 Subject: [PATCH] fix(terraform): stop CKV_GCP_43 crashing when not a string (#5561) --- .../checks/resource/gcp/GoogleKMSRotationPeriod.py | 2 +- .../resource/gcp/example_GoogleKMSRotationPeriod/main.tf | 6 ++++++ .../checks/resource/gcp/test_GoogleKMSKeyRotationPeriod.py | 7 ++++--- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/checkov/terraform/checks/resource/gcp/GoogleKMSRotationPeriod.py b/checkov/terraform/checks/resource/gcp/GoogleKMSRotationPeriod.py index d2483a249d0..2b6dc5c9378 100644 --- a/checkov/terraform/checks/resource/gcp/GoogleKMSRotationPeriod.py +++ b/checkov/terraform/checks/resource/gcp/GoogleKMSRotationPeriod.py @@ -28,7 +28,7 @@ def scan_resource_conf(self, conf: Dict[str, List[Any]]) -> CheckResult: self.evaluated_keys = ["rotation_period"] rotation = conf.get("rotation_period") - if rotation and rotation[0]: + if rotation and rotation[0] and isinstance(rotation[0], str): time = force_int(rotation[0][:-1]) if time and ONE_DAY <= time <= NINETY_DAYS: return CheckResult.PASSED diff --git a/tests/terraform/checks/resource/gcp/example_GoogleKMSRotationPeriod/main.tf b/tests/terraform/checks/resource/gcp/example_GoogleKMSRotationPeriod/main.tf index e66a35c6ae8..792b889a71e 100644 --- a/tests/terraform/checks/resource/gcp/example_GoogleKMSRotationPeriod/main.tf +++ b/tests/terraform/checks/resource/gcp/example_GoogleKMSRotationPeriod/main.tf @@ -32,3 +32,9 @@ resource "google_kms_crypto_key" "asymmetric" { key_ring = "google_kms_key_ring.keyring.id" purpose = "ASYMMETRIC_SIGN" } + +resource "google_kms_crypto_key" "fail" { + name = "crypto-key-example" + key_ring = "google_kms_key_ring.keyring.id" + rotation_period = 90 +} \ No newline at end of file diff --git a/tests/terraform/checks/resource/gcp/test_GoogleKMSKeyRotationPeriod.py b/tests/terraform/checks/resource/gcp/test_GoogleKMSKeyRotationPeriod.py index 6947865e107..8f0995df699 100644 --- a/tests/terraform/checks/resource/gcp/test_GoogleKMSKeyRotationPeriod.py +++ b/tests/terraform/checks/resource/gcp/test_GoogleKMSKeyRotationPeriod.py @@ -25,16 +25,17 @@ def test(self): failing_resources = { "google_kms_crypto_key.default", "google_kms_crypto_key.half_year", + "google_kms_crypto_key.fail", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} - self.assertEqual(summary["passed"], 2) - self.assertEqual(summary["failed"], 2) + self.assertEqual(summary["passed"], len(passing_resources)) + self.assertEqual(summary["failed"], len(failing_resources)) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) - self.assertEqual(summary["resource_count"], 5) # 1 unknown + self.assertEqual(summary["resource_count"], 6) # 1 unknown self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)