search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.83k stars 1.09k forks source link

Error parsing Bicep conditionals #6234

Open karpikpl opened 3 months ago

karpikpl commented 3 months ago

Describe the issue Checkov fails to parse conditionals in bicep

Example Value

@description('sample param')
var sample = 'hi'

var test1 = [
  {
    name: 'hello'
  }
]

var test2 = empty(sample)
? test1
: union(test1, [
  {
    name: sample
  }
])

output result int = length(test2)

Error from checkov:

ile "xxx/lib/python3.10/site-packages/lark/lexer.py", line 674, in lex
    raise UnexpectedToken(token, e.allowed, state=parser_state, token_history=[last_token], terminals_by_name=self.root_lexer.terminals_by_name)
lark.exceptions.UnexpectedToken: Unexpected token Token('QMARK', '?') at line 11, column 1.
Expected one of: 
        * OUTPUT
        * $END
        * MODULE
        * _CPP_COMMENT_NL
        * RESOURCE
        * AT
        * PARAM
        * TARGETSCOPE
        * VAR
Previous tokens: [Token('_CPP_COMMENT_NL', '\n')]

it also fails when if is in new line:

@description('The location where the resources will be created.')
param location string = resourceGroup().location

resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = 
if (location == 'eastus') {
  name: 'userassignedfortest'
  location: location
}

output result string = userAssignedIdentity.id

error:

lark.exceptions.UnexpectedToken: Unexpected token Token('_CPP_COMMENT_NL', '\n') at line 4, column 95.
Expected one of: 
        * LSQB
        * LBRACE
        * IF
Previous tokens: [Token('EQUAL', '=')]