diff --git a/checkov/ansible/graph_builder/local_graph.py b/checkov/ansible/graph_builder/local_graph.py index 733109cd598..a5ddc0c8c2a 100644 --- a/checkov/ansible/graph_builder/local_graph.py +++ b/checkov/ansible/graph_builder/local_graph.py @@ -31,8 +31,12 @@ def _create_vertices(self) -> None: for code_block in definition: if ResourceType.TASKS in code_block: - for task in code_block[ResourceType.TASKS]: - self._process_blocks(file_path=file_path, task=task) + tasks = code_block[ResourceType.TASKS] + if tasks: # Check if tasks is not None and not empty + for task in tasks: + self._process_blocks(file_path=file_path, task=task) + else: + self._process_blocks(file_path=file_path, task=code_block) else: self._process_blocks(file_path=file_path, task=code_block) diff --git a/checkov/ansible/utils.py b/checkov/ansible/utils.py index a7da279a3c0..f575086b055 100644 --- a/checkov/ansible/utils.py +++ b/checkov/ansible/utils.py @@ -141,8 +141,12 @@ def build_definitions_context( for code_block in definition: if ResourceType.TASKS in code_block: - for task in code_block[ResourceType.TASKS]: - _process_blocks(definition_raw=definition_raw, file_path_context=file_path_context, task=task) + tasks = code_block[ResourceType.TASKS] + if tasks: # Check if tasks is not empty + for task in tasks: + _process_blocks(definition_raw=definition_raw, file_path_context=file_path_context, task=task) + else: + _process_blocks(definition_raw=definition_raw, file_path_context=file_path_context, task=code_block) else: _process_blocks(definition_raw=definition_raw, file_path_context=file_path_context, task=code_block) diff --git a/tests/ansible/examples/empty_tasks.yml b/tests/ansible/examples/empty_tasks.yml new file mode 100644 index 00000000000..efb31222fe6 --- /dev/null +++ b/tests/ansible/examples/empty_tasks.yml @@ -0,0 +1,6 @@ +--- +- name: Using a Role + hosts: all + roles: + - role: somerolename + tasks: