search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.72k stars 1.08k forks source link

CKV2_AWS_44 is showing false negative #6333

Closed rickythain closed 4 weeks ago

rickythain commented 1 month ago

Describe the issue CKV2_AWS_44 (Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic) is showing false-negative.

The policy is passing even when one of the inline routes in aws route table is overly permissive.

Examples

resource "aws_route_table" "private_route_table" {
  vpc_id = aws_vpc.vpc.id

  route {
    cidr_block                            = "10.0.0.0/32"
    vpc_peering_connection_id = var.vpc_peering_connection_id1
  }

  route {
    cidr_block                            = "0.0.0.0/0"
    vpc_peering_connection_id = var.vpc_peering_connection_id1
  }
}

Version (please complete the following information):

Additional context thank you for the fix for a similar (false-positive) issue. I've tested the fix - it solved the false-positives.