search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
7.03k stars 1.1k forks source link

Ansible Playbook with empty tasks level causes python exception and abnormal exit. #6744

Open mystery-rabbit opened 3 days ago

mystery-rabbit commented 3 days ago

Describe the issue A valid playbook with an empty tasks section will cause a python exception and subsequently an abnormal exit for Checkov. An example for this is a simple playbook that calls a role. This is a valid ansible playbook, works in ansible, and is seen as valid by ansible-lint.

Examples

A Playbook of:

---
- name: Using a Role
  hosts: all
  roles:
    - role: somerolename
  tasks:

will cause a python exception: (trimmed)

...
File "./venv/lib/python3.10/site-packages/checkov/ansible/utils.py", line 144, in build_definitions_context
    for task in code_block[ResourceType.TASKS]:
TypeError: 'NoneType' object is not iterable

Exception Trace debug_checkov.txt

Attached

Desktop (please complete the following information):

Additional context none.

naveednawazkhan commented 1 day ago

Hi @mystery-rabbit thank you for reporting the issue. It's not going to be a common situation to scan palybook without tasks. We have opened a ticket with low priority.