fix(parser): Fixed Bug with invalid terraform returning panic #3304 #…

…3305 Signed-off-by: João Reigota <[email protected]>
Checkmarx · May 13, 2021 · 481398b · 481398b
1 parent 7bbdd0b
commit 481398b
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 11 deletions.
diff --git a/pkg/kics/resolver_sink.go b/pkg/kics/resolver_sink.go
@@ -7,7 +7,6 @@ import (
 	"github.com/Checkmarx/kics/pkg/model"
 	"github.com/getsentry/sentry-go"
 	"github.com/google/uuid"
-	"github.com/pkg/errors"
 	"github.com/rs/zerolog/log"
 )
 
@@ -18,7 +17,8 @@ func (s *Service) resolverSink(ctx context.Context, filename, scanID string) ([]
 	}
 	resFiles, err := s.Resolver.Resolve(filename, kind)
 	if err != nil {
-		return []string{}, errors.Wrap(err, "failed to render file content")
+		log.Err(err).Msgf("failed to render file content")
+		return []string{}, nil
 	}
 
 	excluded := make([]string, len(resFiles.File))
@@ -31,7 +31,8 @@ func (s *Service) resolverSink(ctx context.Context, filename, scanID string) ([]
 			if retParse == "break" {
 				return []string{}, nil
 			}
-			return []string{}, errors.Wrap(err, "failed to parse file content")
+			log.Err(err).Msgf("failed to parse file content")
+			return []string{}, nil
 		}
 		for _, document := range documents {
 			_, err = json.Marshal(document)

diff --git a/pkg/kics/sink.go b/pkg/kics/sink.go
@@ -26,7 +26,8 @@ func (s *Service) sink(ctx context.Context, filename, scanID string, rc io.Reade
 
 	documents, kind, err := s.Parser.Parse(filename, *content)
 	if err != nil {
-		return errors.Wrap(err, "failed to parse file content")
+		log.Err(err).Msgf("failed to parse file content: %s", filename)
+		return nil
 	}
 	for _, document := range documents {
 		_, err = json.Marshal(document)

diff --git a/pkg/parser/terraform/terraform.go b/pkg/parser/terraform/terraform.go
@@ -57,27 +57,36 @@ func processElements(elements model.Document, path string) {
 	}
 }
 
-func processResources(doc model.Document, path string) {
+func processResources(doc model.Document, path string) error {
 	var resourcesElements model.Document
 	var elements model.Document
 
 	for _, resources := range doc { // iterate over resources
 		resourcesElements = resources.(model.Document)
 		for _, v2 := range resourcesElements { // resource name
-			elements = v2.(model.Document)
-			processElements(elements, path)
+			switch t := v2.(type) {
+			case []interface{}:
+				return errors.New("failed to process resources")
+			case interface{}:
+				elements = t.(model.Document)
+				processElements(elements, path)
+			}
 		}
 	}
+	return nil
 }
 
-func addExtraInfo(json []model.Document, path string) []model.Document {
+func addExtraInfo(json []model.Document, path string) ([]model.Document, error) {
 	for _, documents := range json { // iterate over documents
 		if documents["resource"] != nil {
-			processResources(documents["resource"].(model.Document), path)
+			err := processResources(documents["resource"].(model.Document), path)
+			if err != nil {
+				return []model.Document{}, err
+			}
 		}
 	}
 
-	return json
+	return json, nil
 }
 
 // Parse execute parser for the content in a file
@@ -90,8 +99,12 @@ func (p *Parser) Parse(path string, content []byte) ([]model.Document, error) {
 	}
 
 	fc, parseErr := p.convertFunc(file, inputVariableMap)
+	json, err := addExtraInfo([]model.Document{fc}, path)
+	if err != nil {
+		return json, errors.Wrap(err, "failed terraform parse")
+	}
 
-	return addExtraInfo([]model.Document{fc}, path), errors.Wrap(parseErr, "failed terraform parse")
+	return json, errors.Wrap(parseErr, "failed terraform parse")
 }
 
 // SupportedExtensions returns Terraform extensions