-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(terraform): panic when scanning a synthesized TF config using cdktf
#5080
Comments
@simar7 This problem is specific only to terraform JSON:
Resource blocks are parsed as attributes, so when trying to find a block, |
I see. Can we handle this case better? If nothing can be done, we can probably handle the case so that we don't panic but also are unable to support the scanning for such a case. |
@simar7 I think it would be difficult to add support for such cases. The resource in JSON config is parsed to terraform block, but nested blocks and attributes are parsed as attributes, and we cannot access attributes above the first level. This makes it impossible to get the positions of these attributes for use in metadata. All we can do with these attributes is just evaluate an expression whose result is Ref: |
Fair enough. I think gracefully handling (not panicking) is the best option here. What do you think? |
@simar7 I think so too, I'll fix it. |
Fixed via aquasecurity/defsec#1457 |
Source:
Steps to reproduce:
cdktf init --template=typescript --local
npm install @cdktf/provider-aws
main.ts
with:cdktf synth
docker run --rm -it -v ./cdktf.out/stacks:/workspace ghcr.io/aquasecurity/trivy:canary conf /workspace -d
Output:
The text was updated successfully, but these errors were encountered: