checkov icon indicating copy to clipboard operation
checkov copied to clipboard

Published 20 hours ago verified publisher icon bridgecrewio

False positive for CKV_AZURE_120

Open rafaelhsg opened this issue 2 years ago • 2 comments

Describe the issue

The check CKV_AZURE_120 returns an error when using the:

  dynamic "policy_settings" {
    for_each = var.policy_settings != null ? { config = var.policy_settings } : {}
    content {
      enabled            = policy_settings.value.enabled
    }
  }

inside the resource azurerm_web_application_firewall_policy instead of direct policy_settings { enabled = true } configuration.

Examples

The check should return successful if any of the following are true:

  • policy_settings { enabled = true }
  • dynamic policy_settings { enabled = policy_settings.value.enabled }

Desktop (please complete the following information):

  • Checkov Version 2.1.82

rafaelhsg avatar Oct 31 '22 13:10 rafaelhsg

hi @rafaelhsg thanks for reaching out. We currently don't support dynamic blocks with reference to object values.

gruebel avatar Nov 01 '22 09:11 gruebel

Hey @rafaelhsg we are now working on supporting dynamic blocks rendering, and we have already implemented a lot in this area. Could you please try again to scan this resource?

ChanochShayner avatar Nov 17 '22 14:11 ChanochShayner

feel free to reach out again after testing the latest version 🙂

gruebel avatar Mar 19 '23 20:03 gruebel