checkov icon indicating copy to clipboard operation
checkov copied to clipboard

Published 20 hours ago verified publisher icon bridgecrewio

False positive for CKV_AZURE_135

Open rafaelhsg opened this issue 2 years ago • 3 comments

Describe the issue

The check CKV_AZURE_135 returns an error when using the:

  managed_rules {
    dynamic "managed_rule_set" {
      for_each = var.managed_rules.managed_rule_set
      content {
        type    = managed_rule_set.value.type
        version = managed_rule_set.value.version
   ...

inside the resource azurerm_web_application_firewall_policy instead of direct:

  managed_rules {
    managed_rule_set {
      type    = "OWASP"
      version = "3.1"
  ...

Examples The check should return successful if any of the following are true:

  • dynamic managed_rule_set { type = managed_rule_set.value.type version = managed_rule_set.value.version }
  • managed_rule_set { type = "OWASP" version = "3.1"}

Desktop (please complete the following information):

  • Checkov Version 2.1.82

rafaelhsg avatar Oct 31 '22 14:10 rafaelhsg

Hey, @rafaelhsg thanks for reaching out, I'll look into it. Could you please provide the logs of the run/crash? BTW, we are currently working on TF Dynamic Blocks support.

ChanochShayner avatar Oct 31 '22 15:10 ChanochShayner

In fact the label came out wrong there was no crash just a false positive

rafaelhsg avatar Oct 31 '22 16:10 rafaelhsg

Hey @rafaelhsg we are now working on supporting dynamic blocks rendering, and we have already implemented a lot in this area. Could you please try again to scan this resource?

ChanochShayner avatar Nov 17 '22 14:11 ChanochShayner

feel free to reach out again after testing the latest version 🙂

gruebel avatar Mar 19 '23 20:03 gruebel