Skip to content

Commit

Permalink
return the first block if no index is passed
Browse files Browse the repository at this point in the history
Signed-off-by: nikpivkin <[email protected]>
  • Loading branch information
nikpivkin committed Aug 7, 2024
1 parent 582b0b4 commit 86e8b29
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 5 deletions.
2 changes: 1 addition & 1 deletion pkg/iac/scanners/terraform/ignore_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,7 @@ resource "bad" "my-rule" {
{
name: "ignore by dynamic block value",
inputOptions: `
// trivy:ignore:*[secure_settings.0.enabled=false]
// trivy:ignore:*[secure_settings.enabled=false]
resource "bad" "my-rule" {
dynamic "secure_settings" {
for_each = ["false", "true"]
Expand Down
15 changes: 11 additions & 4 deletions pkg/iac/terraform/block.go
Original file line number Diff line number Diff line change
Expand Up @@ -350,12 +350,11 @@ func (b *Block) getAttributeByPath(path string) (*Attribute, []string) {
stepIndex int
)

currentBlock := b
for currentBlock != nil && stepIndex <= len(steps)-1 {
for currentBlock := b; currentBlock != nil && stepIndex < len(steps); {
blocks := currentBlock.GetBlocks(steps[stepIndex])

var nextBlock *Block
if len(blocks) == 1 {
if !hasIndex(steps, stepIndex) && len(blocks) > 0 {
// if index is not provided then return the first block for backwards compatibility
nextBlock = blocks[0]
} else if len(blocks) > 1 && stepIndex < len(steps)-2 {
// handling the case when there are multiple blocks with the same name,
Expand All @@ -378,6 +377,14 @@ func (b *Block) getAttributeByPath(path string) (*Attribute, []string) {
return attribute, steps[stepIndex:]
}

func hasIndex(steps []string, idx int) bool {
if idx < 0 || idx >= len(steps) {
return false
}
_, err := strconv.Atoi(steps[idx])
return err == nil
}

func getValueByPath(val cty.Value, path []string) (cty.Value, error) {
var err error
for _, step := range path {
Expand Down

0 comments on commit 86e8b29

Please sign in to comment.