CKV_AZURE_44 - false positive if single file was checked

[t3mi]

Describe the issue CKV_AZURE_44 triggers a false positive if single file was checked and variable default value is located in a separate file.

Examples

# variables.tf
variable "min_tls_version" {
  default = "TLS1_2"
}

# main.tf
provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_subnet" "example" {
  name                 = "example-subnet"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.2.0/24"]
  service_endpoints    = ["Microsoft.Storage"]
}

resource "azurerm_storage_account" "example" {
  name                     = "storageaccountname"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "GRS"
  min_tls_version          = var.min_tls_version

  tags = {
    environment = "staging"
  }
}

Check only main.tf file with checkov --file /tf/main.tf and observe a false positive.

Version (please complete the following information):

• 2.1.210