search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
7.1k stars 1.12k forks source link

terraform_json not working #5498

Closed lohrm-stabl closed 1 year ago

lohrm-stabl commented 1 year ago

Steps to reproduce:

  1. Install checkov: pip3 install checkov
  2. Download example from tests: https://github.com/bridgecrewio/checkov/blob/main/tests/terraform_json/examples/cdk.tf.json
  3. Run checkov: checkov -f cdk.tf.json --framework terraform_json -o json

Gives the following output:

2023-08-29 12:40:54,038 [MainThread  ] [ERROR]  There are no runners to run. This can happen if you specify a file type and a framework that are not compatible (e.g., `--file xyz.yaml --framework terraform`), or if you specify a framework with missing dependencies (e.g., helm or kustomize, which require those tools to be on your system). Running with LOG_LEVEL=DEBUG may provide more information.
{
    "passed": 0,
    "failed": 0,
    "skipped": 0,
    "parsing_errors": 0,
    "resource_count": 0,
    "checkov_version": "2.4.14"
}

What I would expect? A runner runs with some tests.

Debug Output LOG_LEVEL=DEBUG checkov -f cdk.tf.json --framework terraform_json 2023-08-29 12:39:24,168 [MainThread ] [DEBUG] Leveraging the bundled IAM Definition. 2023-08-29 12:39:24,168 [MainThread ] [DEBUG] Leveraging the IAM definition at /usr/local/lib/python3.9/dist-packages/policy_sentry/shared/data/iam-definition.json 2023-08-29 12:39:24,463 [MainThread ] [DEBUG] Adding the IntegrationFeatureRegistry with order 1 2023-08-29 12:39:24,463 [MainThread ] [DEBUG] self.features after the sort: 2023-08-29 12:39:24,463 [MainThread ] [DEBUG] [] 2023-08-29 12:39:24,464 [MainThread ] [DEBUG] Adding the IntegrationFeatureRegistry with order 11 2023-08-29 12:39:24,465 [MainThread ] [DEBUG] self.features after the sort: 2023-08-29 12:39:24,465 [MainThread ] [DEBUG] [, ] 2023-08-29 12:39:24,465 [MainThread ] [DEBUG] Adding the IntegrationFeatureRegistry with order 0 2023-08-29 12:39:24,465 [MainThread ] [DEBUG] self.features after the sort: 2023-08-29 12:39:24,465 [MainThread ] [DEBUG] [, , ] 2023-08-29 12:39:24,465 [MainThread ] [DEBUG] Adding the IntegrationFeatureRegistry with order 10 2023-08-29 12:39:24,465 [MainThread ] [DEBUG] self.features after the sort: 2023-08-29 12:39:24,465 [MainThread ] [DEBUG] [, , , ] 2023-08-29 12:39:24,466 [MainThread ] [DEBUG] Adding the IntegrationFeatureRegistry with order 0 2023-08-29 12:39:24,466 [MainThread ] [DEBUG] self.features after the sort: 2023-08-29 12:39:24,466 [MainThread ] [DEBUG] [, , , , ] 2023-08-29 12:39:24,466 [MainThread ] [DEBUG] Adding the IntegrationFeatureRegistry with order 2 2023-08-29 12:39:24,466 [MainThread ] [DEBUG] self.features after the sort: 2023-08-29 12:39:24,466 [MainThread ] [DEBUG] [, , , , , ] 2023-08-29 12:39:24,467 [MainThread ] [DEBUG] Adding the IntegrationFeatureRegistry with order 6 2023-08-29 12:39:24,467 [MainThread ] [DEBUG] self.features after the sort: 2023-08-29 12:39:24,467 [MainThread ] [DEBUG] [, , , , , , ] 2023-08-29 12:39:24,484 [MainThread ] [DEBUG] Loading external checks from /home/node/.local/lib/python3.9/site-packages/checkov/bicep/checks/graph_checks 2023-08-29 12:39:24,484 [MainThread ] [DEBUG] Searching through ['__pycache__'] and ['SQLServerAuditingEnabled.json', '__init__.py'] 2023-08-29 12:39:24,485 [MainThread ] [DEBUG] Searching through [] and ['__init__.cpython-39.pyc'] 2023-08-29 12:39:24,574 [MainThread ] [DEBUG] Popen(['git', 'version'], cwd=/workspaces/SBC-Infrastructure, universal_newlines=False, shell=None, istream=None) 2023-08-29 12:39:24,579 [MainThread ] [DEBUG] Popen(['git', 'version'], cwd=/workspaces/SBC-Infrastructure, universal_newlines=False, shell=None, istream=None) 2023-08-29 12:39:24,773 [MainThread ] [DEBUG] No API key present; setting include_all_checkov_policies to True 2023-08-29 12:39:24,777 [MainThread ] [DEBUG] Run metadata: { "checkov_version": "2.4.14", "python_executable": "/usr/bin/python3", "python_version": "3.9.2 (default, Feb 28 2021, 17:03:44) \n[GCC 10.2.1 20210110]", "checkov_executable": "/usr/local/bin/checkov", "args": [ "Command Line Args: -f cdk.tf.json --framework terraform_json", "Defaults:", " --branch: master", " --download-external-modules:False", " --external-modules-download-path:.external_modules", " --evaluate-variables:True", " --secrets-scan-file-type:[]", " --block-list-secret-scan:[]", " --summary-position:top", " --mask: []", " --secrets-history-timeout:12h", "" ], "OS_system_info": "Linux-5.15.90.1-microsoft-standard-WSL2-x86_64-with-glibc2.31", "CPU_architecture": "", "Python_implementation": "CPython" } 2023-08-29 12:39:24,777 [MainThread ] [DEBUG] Using cert_reqs None 2023-08-29 12:39:24,777 [MainThread ] [DEBUG] Successfully set up HTTP manager 2023-08-29 12:39:24,777 [MainThread ] [DEBUG] Resultant set of frameworks (removing skipped frameworks): terraform_json 2023-08-29 12:39:24,778 [MainThread ] [DEBUG] BC_SOURCE = cli, version = 2.4.14 2023-08-29 12:39:24,778 [MainThread ] [DEBUG] terraform_json_runner declares no system dependency checks required. 2023-08-29 12:39:24,778 [MainThread ] [DEBUG] No API key found. Scanning locally only. 2023-08-29 12:39:24,851 [MainThread ] [DEBUG] Got checkov mappings and guidelines from Bridgecrew platform 2023-08-29 12:39:24,852 [MainThread ] [DEBUG] Loading external checks from /home/node/.local/lib/python3.9/site-packages/checkov/terraform_json/checks/graph_checks 2023-08-29 12:39:24,856 [MainThread ] [DEBUG] Running without API key, so only open source runners will be enabled 2023-08-29 12:39:24,856 [MainThread ] [DEBUG] Filtered list of policies: [] 2023-08-29 12:39:24,856 [MainThread ] [DEBUG] Received the following policy-level suppressions, that will be skipped from running: [] 2023-08-29 12:39:24,856 [MainThread ] [DEBUG] Filtered runners based on file type(s). Result: [] 2023-08-29 12:39:24,856 [MainThread ] [ERROR] There are no runners to run. This can happen if you specify a file type and a framework that are not compatible (e.g., `--file xyz.yaml --framework terraform`), or if you specify a framework with missing dependencies (e.g., helm or kustomize, which require those tools to be on your system). Running with LOG_LEVEL=DEBUG may provide more information. 2023-08-29 12:39:24,856 [MainThread ] [DEBUG] Should run contributor metrics report: None _ _ ___| |__ ___ ___| | _______ __ / __| '_ \ / _ \/ __| |/ / _ \ \ / / | (__| | | | __/ (__| < (_) \ V / \___|_| |_|\___|\___|_|\_\___/ \_/ By bridgecrew.io | version: 2.4.14
gruebel commented 1 year ago

hey @lohrm-stabl thanks for reaching out.

I can verify this is reproducible. Interestingly it works, when you scan the folder 😄 

checkov -d . --framework terraform_json -o json
bkharber-bcubed commented 4 months ago

After cdktf synth, I get

docker run -it -v ./cdktf.out:/tf --workdir /tf bridgecrew/checkov --directory /tf --framework terraform_json -o json
2024-06-10 14:06:10,466 [MainThread  ] [ERROR]  Exception traceback:
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/checkov/main.py", line 519, in run
    self.scan_reports = runner_registry.run(
                        ^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/common/runners/runner_registry.py", line 126, in run
    self.runners[0].run(root_folder, external_checks_dir=external_checks_dir, files=files,
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform_json/runner.py", line 87, in run
    self.definitions, self.definitions_raw, parsing_errors = create_definitions(file_paths)
                                                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform_json/utils.py", line 59, in create_definitions
    template, file_lines = parse(file_path)
                           ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform_json/parser.py", line 32, in parse
    template, template_lines = loads(file_path=file_path)
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform_json/parser.py", line 77, in loads
    template = prepare_definition(template)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform_json/parser.py", line 105, in prepare_definition
    definition_new[block_type].append({block_name: hclify(obj=config)})
                                                   ^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform_json/parser.py", line 118, in hclify
    raise Exception("this method receives only dicts")
Exception: this method receives only dicts