Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Describe the issue
A valid playbook with an empty tasks section will cause a python exception and subsequently an abnormal exit for Checkov. An example for this is a simple playbook that calls a role. This is a valid ansible playbook, works in ansible, and is seen as valid by ansible-lint.
Examples
A Playbook of:
---
- name: Using a Role
hosts: all
roles:
- role: somerolename
tasks:
will cause a python exception: (trimmed)
...
File "./venv/lib/python3.10/site-packages/checkov/ansible/utils.py", line 144, in build_definitions_context
for task in code_block[ResourceType.TASKS]:
TypeError: 'NoneType' object is not iterable
Hi @mystery-rabbit thank you for reporting the issue. It's not going to be a common situation to scan palybook without tasks. We have opened a ticket with low priority.
Describe the issue A valid playbook with an empty tasks section will cause a python exception and subsequently an abnormal exit for Checkov. An example for this is a simple playbook that calls a role. This is a valid ansible playbook, works in ansible, and is seen as valid by ansible-lint.
Examples
A Playbook of:
will cause a python exception: (trimmed)
Exception Trace debug_checkov.txt
Attached
Desktop (please complete the following information):
Additional context none.