Skip to content

Commit

Permalink
fix(misconf): do not evaluate TF when a load error occurs (aquasecuri…
Browse files Browse the repository at this point in the history
…ty#7109)

Signed-off-by: nikpivkin <[email protected]>
  • Loading branch information
nikpivkin authored and skahn007gl committed Jul 23, 2024
1 parent 1406e23 commit 977a78a
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 0 deletions.
3 changes: 3 additions & 0 deletions pkg/iac/scanners/terraform/parser/parser.go
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,10 @@ func (p *Parser) EvaluateAll(ctx context.Context) (terraform.Modules, cty.Value,
e, err := p.Load(ctx)
if errors.Is(err, ErrNoFiles) {
return nil, cty.NilVal, nil
} else if err != nil {
return nil, cty.NilVal, err
}

modules, fsMap := e.EvaluateAll(ctx)
p.debug.Log("Finished parsing module '%s'.", p.moduleName)
p.fsMap = fsMap
Expand Down
20 changes: 20 additions & 0 deletions pkg/iac/scanners/terraform/parser/parser_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"path/filepath"
"sort"
"testing"
"testing/fstest"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
Expand Down Expand Up @@ -1725,3 +1726,22 @@ func Test_LoadLocalCachedModule(t *testing.T) {
bucketName := buckets[0].GetAttribute("bucket").Value().AsString()
assert.Equal(t, "my-s3-bucket", bucketName)
}

func TestTFVarsFileDoesNotExist(t *testing.T) {
fsys := fstest.MapFS{
"main.tf": &fstest.MapFile{
Data: []byte(``),
},
}

parser := New(
fsys, "",
OptionStopOnHCLError(true),
OptionWithDownloads(false),
OptionWithTFVarsPaths("main.tfvars"),
)
require.NoError(t, parser.ParseFS(context.TODO(), "."))

_, _, err := parser.EvaluateAll(context.TODO())
assert.ErrorContains(t, err, "file does not exist")
}

0 comments on commit 977a78a

Please sign in to comment.