feat: Support null terraform values for misconf scanning

[simar7]

Discussed in #4736

^{Originally posted by gberenice June 29, 2023}

Description

Hey!
We use terraform module cloudposseterraform-aws-s3-bucket v3.1.2 in our configuration, but Trivy scan (that is run as a Trunk check) fails with the error we don't expect to see:

 0:0  high  S3 Buckets should be encrypted to protect the data that is stored within them if access   trivy/AVD-AWS-0088
            is compromised.                                                                                             
...                                                                                      
 0:0  high   ↵ Versioning in Amazon S3 is a means of keeping multiple variants of an object in the    trivy/AVD-AWS-0090
            same bucket.  ↵ You can use the S3 Versioning feature to preserve, retrieve, an...                          
            .trunk/out/erP.txt   

Both encryption and versioning are enabled and configured.

S3 bucket encryption is managed via the resource aws_s3_bucket_server_side_encryption_configuration.
This is our state:

resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
    bucket = "test-logs"
    id     = "test-logs"

    rule {
        bucket_key_enabled = false

        apply_server_side_encryption_by_default {
            kms_master_key_id = "arn:aws:kms:us-east-1:111111111111:key/11111111-1111-1111-1111-111111111111"
            sse_algorithm     = "aws:kms"
        }
    }
}

Similar for versioning, in the state our resource aws_s3_bucket_versioning looks like:

resource "aws_s3_bucket_versioning" "default" {
    bucket = "test-logs"
    id     = "test-logs"

    versioning_configuration {
        status = "Enabled"
    }
}

Desired Behavior

Scan trivy config main.tf is successfully passed.

Actual Behavior

Scan fails.

Reproduction Steps

1. Add a child module with the following arguments:

module "logs_bucket" {
  source  = "cloudposse/s3-bucket/aws"
  version = "3.1.2"

  acl                = "private"
  sse_algorithm      = "aws:kms"
  kms_master_key_arn = module.kms_key.key_arn

  # Feature enablement
  user_enabled       = false
  versioning_enabled = true

2. Enable Trivy via Trunk in `trunk.yaml`:
```yaml
version: 0.1
cli:
  version: 1.11.1
plugins:
  sources:
    - id: trunk
      ref: v0.0.19
      uri: https://github.com/trunk-io/plugins
lint:
  enabled:
    - [email protected]

3. Run the check.

### Target

None

### Scanner

None

### Output Format

JSON


### Operating System

macOS Ventura

### Version

```bash
Version: 0.42.1

Checklist

• Run trivy --reset
• Read the troubleshooting

[simar7]

PR here aquasecurity/defsec#1370

[simar7]

Fixed via aquasecurity/defsec#1370