search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
7.16k stars 1.12k forks source link

Version 3.2.256 introduces some errors while scanning Terraform s3 module #6841

Open sleepwithcoffee opened 1 week ago

sleepwithcoffee commented 1 week ago

Describe the issue Explain what you expected to happen when checkov crashed.

When I use checkov to scan Terraform S3 public module v4.2.2, checkov throws some errors:

Exception Trace

checkov -d . --compact --quiet

2024-11-14 08:00:34,407 [MainThread  ] [ERROR]  Failed to run check CKV_AWS_375 on /modules/utils/terraform-aws-s3-bucket/v4.2.2/main.tf:aws_s3_bucket_acl.this[0]
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/checkov/common/checks/base_check.py", line 68, in run
    check_result["result"] = self.scan_entity_conf(entity_configuration, entity_type)
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform/checks/resource/base_resource_check.py", line 43, in scan_entity_conf
    return self.scan_resource_conf(conf)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform/checks/resource/aws/S3GlobalViewACL.py", line 22, in scan_resource_conf
    if 'permission' in grant and ('FULL_CONTROL' in grant.get('permission') or 'READ_ACP' in grant.get('permission')):
                                                    ^^^^^^^^^
AttributeError: 'str' object has no attribute 'get'
2024-11-14 08:00:34,414 [MainThread  ] [ERROR]  Failed to run check CKV_AWS_375 on /modules/utils/terraform-aws-s3-bucket/v4.2.2/main.tf:aws_s3_bucket_acl.this[0]
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/checkov/common/checks/base_check.py", line 68, in run
    check_result["result"] = self.scan_entity_conf(entity_configuration, entity_type)
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform/checks/resource/base_resource_check.py", line 43, in scan_entity_conf
    return self.scan_resource_conf(conf)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/checkov/terraform/checks/resource/aws/S3GlobalViewACL.py", line 22, in scan_resource_conf
    if 'permission' in grant and ('FULL_CONTROL' in grant.get('permission') or 'READ_ACP' in grant.get('permission')):
                                                    ^^^^^^^^^
AttributeError: 'str' object has no attribute 'get'

Desktop (please complete the following information):

Additional context Tested fine with version 3.2.255 and earlier

matansha commented 1 day ago

Hi @sleepwithcoffee, Can you share the file? it will help us to investigate.