"WRN Failed to detect line" when scanning an Ansible role

[anappi-wex]

There seems to be an issue with the iam_access_analyzer_not_enabled query in v1.7.4 when scanning an Ansible role.

Expected Behavior

The scan finishes without error.

Actual Behavior

KICS reports errors like WRN Failed to detect line, query response Resources fileName=/workspace/test-role-1/tasks/main.yml queryName=iam_access_analyzer_not_enabled scanID=console.

This happens in v1.7.4 but not in v1.7.3.

Steps to Reproduce the Problem

1. Clone the repo here or unzip Archive.zip
2. From the project's root, run ansible-playbook playbook.yml

I included the debug logs in that repo as well in the file playbook.log.

This recreates the problem discussed here.

This seems to be a problem with the variables in vars/main.yml.
This was the minimal set of vars and values that I could narrow it down to:

---
my_var: provider:a
service: foo

As weird as it sounds, if you delete a character from "provider" or "service", it works again.
Same if you delete ":a".

Specifications

• Version: 1.7.4
• Platform: N/A
• Subsystem: N/A

[pereiramarco011]

Hello @anappi-wex ,

First of all, thank you for bringing this issue to our attention.

After analyzing the situation, the query in question is not working as expected, it assumes that the ''Resources'' property is present in all yaml/json files, which it obviously is not. I will fix it and link your issue to the corresponding PR.

Marco Pereira