Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(terraform): Trivy does not support for-each Meta-Argument in data sources #5554

Closed
nikpivkin opened this issue Nov 10, 2023 · 0 comments · Fixed by aquasecurity/trivy-iac#47
Closed

bug(terraform): Trivy does not support for-each Meta-Argument in data sources #5554

nikpivkin opened this issue Nov 10, 2023 · 0 comments · Fixed by aquasecurity/trivy-iac#47
Assignees
@nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.48.0

Comments

@nikpivkin
Copy link
Contributor

Scanning the example below does not generate any warnings about the use of wildcards in the resource (AVD-AWS-0057):

locals {
  sqs = {
    sqs1 = "arn:aws:sqs:::*"
  }
}

data "aws_iam_policy_document" "this" {
  for_each = local.sqs

  statement {
    sid = each.key
    actions = [
      "sqs:CancelMessageMoveTask"
    ]
    resources = [each.value]
  }
}


resource "aws_iam_policy" "this" {
  for_each = local.sqs
  name        = "test-${each.key}"
  policy      = data.aws_iam_policy_document.this[each.key].json
}

Output:

trivy conf -d main.tf
2023-11-10T21:09:40.762+0700    DEBUG   Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-11-10T21:09:40.774+0700    DEBUG   cache dir:  /Users/nikita/Library/Caches/trivy
2023-11-10T21:09:40.775+0700    DEBUG   Module dir: /Users/nikita/.trivy/modules
2023-11-10T21:09:40.775+0700    INFO    Misconfiguration scanning is enabled
2023-11-10T21:09:40.775+0700    DEBUG   Policies successfully loaded from disk
2023-11-10T21:09:40.797+0700    DEBUG   The nuget packages directory couldn't be found. License search disabled
2023-11-10T21:09:40.800+0700    DEBUG   Walk the file tree rooted at 'main.tf' in parallel
2023-11-10T21:09:40.800+0700    DEBUG   Scanning Terraform files for misconfigurations...
2023-11-10T21:09:41.152+0700    DEBUG   OS is not detected.
2023-11-10T21:09:41.152+0700    INFO    Detected config files: 1
2023-11-10T21:09:41.152+0700    DEBUG   Scanned config file: .
@nikpivkin nikpivkin added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Nov 10, 2023
@nikpivkin nikpivkin self-assigned this Nov 10, 2023
@nikpivkin nikpivkin mentioned this issue Nov 10, 2023
Merged
@nikpivkin nikpivkin changed the title bug(terraform): Trivy does not supports for-each Meta-Argument in data sources bug(terraform): Trivy does not support for-each Meta-Argument in data sources Nov 10, 2023
@simar7 simar7 added this to the v0.48.0 milestone Nov 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Archived in project
Milestone
v0.48.0
Development

Successfully merging a pull request may close this issue.

feat(terraform): support for-each meta-argument for data sources nikpivkin/trivy-iac
2 participants
@simar7 @nikpivkin