Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform aws_security_group false negative #5183

Closed
konstruktoid opened this issue Apr 13, 2022 · 2 comments · Fixed by #5208
Closed

Terraform aws_security_group false negative #5183

konstruktoid opened this issue Apr 13, 2022 · 2 comments · Fixed by #5208
Assignees
@cxAndreFelicidade
Labels
bug Something isn't working community Community contribution

Comments

@konstruktoid
Copy link
Contributor

konstruktoid commented Apr 13, 2022
edited
Loading

Sorry for not submitting a PR, Rego learning in progress.

Expected Behavior

File: terraform/main.tf
Line 56
Expected: 'aws_security_group[cowrie]' is used
Found: 'aws_security_group[cowrie]' is used

Actual Behavior

File: terraform/main.tf
Line 56
Expected: 'aws_security_group[cowrie]' is used
Found: 'aws_security_group[cowrie]' is not used
Security Group Not Used, Severity: INFO, Results: 1
Description: Security group must be used or not declared
Platform: Terraform

	[1]: terraform/main.tf:56

		055:
		056: resource "aws_security_group" "cowrie" {
		057:   name        = "CowrieSSH"

$ terraform show -json | jq '.values.root_module.resources[0].values.security_groups'
[
  "CowrieSSH",
  "default"
]

https://github.com/konstruktoid/ansible-cowrie-rootless/blob/main/aws/main.tf#L56 is used at https://github.com/konstruktoid/ansible-cowrie-rootless/blob/main/aws/main.tf#L86 as a variable (https://github.com/konstruktoid/ansible-cowrie-rootless/blob/main/aws/main.tf#L32).

Specifications

Tested with 1.5.1 (Checkmarx/homebrew-tap#1) and 1.5.5 (Docker).
@konstruktoid konstruktoid added the bug Something isn't working label Apr 13, 2022
@cxAndreFelicidade cxAndreFelicidade self-assigned this Apr 18, 2022
@cxAndreFelicidade
Copy link
Contributor

Hello Thomas, this is indeed a false positive, thank you for being so attentive! I hope this PR fixes your issue. Also, do you mind if we use the sample you provided as a negative sample?

@cxAndreFelicidade cxAndreFelicidade mentioned this issue Apr 19, 2022
Merged
@konstruktoid
Copy link
Contributor Author

Thanks @cxAndreFelicidade and you're of course welcome to use the sample.

@kaplanlior kaplanlior added the community Community contribution label May 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cxAndreFelicidade cxAndreFelicidade

Labels
bug Something isn't working community Community contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix(Query): Added possibility of security group being declared as a variable Checkmarx/kics
3 participants
@kaplanlior @konstruktoid @cxAndreFelicidade