From d71e6ac6bbc462df34e31e36debe6a903f534616 Mon Sep 17 00:00:00 2001
From: nikpivkin <nikita.pivkin@smartforce.io>
Date: Fri, 9 Aug 2024 11:15:59 +0700
Subject: [PATCH] fix block access by index

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
---
 pkg/iac/scanners/terraform/ignore_test.go | 15 +++++++++++++++
 pkg/iac/terraform/block.go                |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/pkg/iac/scanners/terraform/ignore_test.go b/pkg/iac/scanners/terraform/ignore_test.go
index 1f467162303f..4a2cbce14a86 100644
--- a/pkg/iac/scanners/terraform/ignore_test.go
+++ b/pkg/iac/scanners/terraform/ignore_test.go
@@ -442,6 +442,21 @@ resource "bad" "my-rule" {
     }
   }
 }
+`,
+			assertLength: 0,
+		},
+		{
+			name: "ignore by indexed dynamic block value",
+			inputOptions: `
+// trivy:ignore:*[secure_settings.0.enabled=false]
+resource "bad" "my-rule" {
+  dynamic "secure_settings" {
+    for_each = ["false", "true"]
+    content {
+      enabled = secure_settings.value
+    }
+  }
+}
 `,
 			assertLength: 0,
 		},
diff --git a/pkg/iac/terraform/block.go b/pkg/iac/terraform/block.go
index 898db7bff69f..9db08bd58fc5 100644
--- a/pkg/iac/terraform/block.go
+++ b/pkg/iac/terraform/block.go
@@ -353,7 +353,7 @@ func (b *Block) getAttributeByPath(path string) (*Attribute, []string) {
 	for currentBlock := b; currentBlock != nil && stepIndex < len(steps); {
 		blocks := currentBlock.GetBlocks(steps[stepIndex])
 		var nextBlock *Block
-		if !hasIndex(steps, stepIndex) && len(blocks) > 0 {
+		if !hasIndex(steps, stepIndex+1) && len(blocks) > 0 {
 			// if index is not provided then return the first block for backwards compatibility
 			nextBlock = blocks[0]
 		} else if len(blocks) > 1 && stepIndex < len(steps)-2 {