Checkov is not handling ternary operators parsing correctly.

[Jhanvi12]

Checkov version - 2.0.606 In the below code of Terraform

locals {
      var = “a" == “b” ? "true” : "false”
}

resource “aws_vpc_endpoint” “acm_pca” {
      policy = var
}

What we would expect in this case – is that policy is populated with string “false”, but what actually happens is that policy is populated with “false’] – omitting the closing quote and adding a single quote and a bracket

Now it becomes even more broken if you nest conditional expressions:

locals {
      var = “a” == “b” ? “true” : "false”
      tmp = local.var == “true” ? “a==b” : “a!=b”
}

resource “aws_vpc_endpoint” “acm_pca” {
      policy = tmp
}

In this case we would expect policy to be “a!=b” string, but what it ends up being is: true:: “true” ? “a::b” : “a!=b”}’]

Can you please help us to fix this ?

[gruebel]

hey @Jhanvi12 thanks for reaching out. i can validate that we now support the first case correctly, but not the second 😅

[stale[bot]]

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io Thanks!

[stale[bot]]

Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: https://slack.bridgecrew.io Thanks!