Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(misconf): Hang on recursive terraform module #5121

Closed
2 tasks
simar7 opened this issue Sep 5, 2023 Discussed in #5086 · 1 comment
Closed
2 tasks

bug(misconf): Hang on recursive terraform module #5121

simar7 opened this issue Sep 5, 2023 Discussed in #5086 · 1 comment
Assignees
@nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.46.0

Comments

@simar7
Copy link
Member

simar7 commented Sep 5, 2023

Discussed in #5086

Originally posted by sebastianblunt September 1, 2023

Description

trivy seems to hang on recursive terraform modules, even exceeding --timeout.

It also seems to happen if you have a module that references a child module such that the reference to the child module is the same as the path to the outer module relative to where trivy is run from AND the inner child module is missing. This can be reproduced with reproduction steps (2).

Desired Behavior

trivy to exit.

Actual Behavior

trivy hangs indefinitely.

Reproduction Steps

(1) Create file with contents

module "foo" {
  source = "."
}

Run trivy config .

OR

(2) A file named foo/foo.tf with contents

module "foo" {
  source = "./foo"
}

and no other files. Run trivy config . from the outer directory.



### Target

Filesystem

### Scanner

None

### Output Format

None

### Mode

None

### Debug Output

```bash
> trivy config . --debug
2023-09-01T17:06:54.901+0900	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-09-01T17:06:54.901+0900	DEBUG	cache dir:  /home/sb/.cache/trivy
2023-09-01T17:06:54.901+0900	INFO	Misconfiguration scanning is enabled
2023-09-01T17:06:54.901+0900	DEBUG	Policies successfully loaded from disk
2023-09-01T17:06:54.926+0900	DEBUG	Walk the file tree rooted at '.' in parallel
2023-09-01T17:06:54.926+0900	DEBUG	Scanning Terraform files for misconfigurations...

Operating System

Linux

Version

Version: v0.44.1
Policy Bundle:
  Digest: sha256:fd5f1ce3d8efb1fe158cb41f9adb9d7c7cc5c4c863b261053c962e6d950350b3
  DownloadedAt: 2023-09-01 08:06:13.227805289 +0000 UTC

Checklist
@simar7 simar7 added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Sep 5, 2023
@simar7 simar7 added this to the v0.46.0 milestone Sep 6, 2023
@nikpivkin nikpivkin self-assigned this Sep 14, 2023
@nikpivkin nikpivkin mentioned this issue Sep 14, 2023
Merged
@simar7
Copy link
Member Author

simar7 commented Sep 20, 2023

Fixed via aquasecurity/defsec#1454

@simar7 simar7 closed this as completed Sep 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Milestone
v0.46.0
Development

No branches or pull requests
2 participants
@simar7 @nikpivkin