Can't parse Terraform variable field: `nullable`

[leadenmoth]

• terrascan version: v1.18.0
• Operating System: macOS 13.2.1, alpine/edge, Terrascan Sandbox

Description

After adding nullable = false to a variable definition, terrascan can no longer parse the file.

See https://www.terraform.io/language/values/variables#disallowing-null-input-values for documentation of the field.

Here is a minimal example:

terraform {
}

variable "in" {
  type     = string
  nullable = false
}

resource "null_resource" "test_resource" {
  triggers = {
    input_value = var.in
  }
}

What I Did

terraform validate, terraform plan, terraform apply all succeed (terraform v1.3.6)

Terrascan throws variations of the following, depending on environment:

Terrascan Sandbox

failed to scan uploaded file. error: 'failed to load iac file '/tmp/terrascan-67659632.tf'. error:
/tmp/terrascan-67659632.tf:6,3-11: Unsupported argument; An argument named "nullable" is not expected here.
'

Alpine/edge (gitlab runner)

2023-03-10T08:21:51.247Z    [31merror[0m    cli/run.go:141  scan run failed{error 26 0 failed to load iac file '/path/redacted/variables.tf'. error: /path/redacted/variables.tf:24,3-11: Unsupported argument; An argument named "nullable" is not expected here.

Additional notes

This bug was first reported in version 1.13.2 here: https://github.com/tenable/terrascan/issues/1176 It was incorrectly marked as fixed by https://github.com/tenable/terrascan/pull/1211 It is still present in 1.18.0 and similar issues are found in multiple versions e.g. here: https://github.com/tenable/terrascan/issues/1262

[maxmanus96]

+1, I am using TERRAFORM_VERSION: '1.3.5'

[arkeros]

Any update?

[mjnowen]

+1 this issue is a blocker

[sodds-eq]

Still an issue in v1.18.11

[oferchen]

Still an issue v1.19.1