fix(general): CKV2_AZURE_50 generates false positive azurerm_storage_…

…account violations (#6391)

fix(generak): CKV2_AZURE_50 generates false positive azurerm_storage_account alerts

Co-authored-by: tlevi <tomerlevi1983@gmail.co>

checkov/terraform/checks/graph_checks/azure/AzureMLWorkspaceHBIPublicNetwork.yaml

@@ -5,12 +5,22 @@ metadata:
 
 definition:
   or:
+  - cond_type: filter
+    attribute: resource_type
+    operator: within
+    value:
+      - azurerm_machine_learning_workspace
   - cond_type: attribute
     resource_types: azurerm_machine_learning_workspace
-    attribute: "high_business_impact"
-    operator: "equals"
-    value: "false"
+    attribute: high_business_impact
+    operator: equals
+    value: false
   - and:
+    - cond_type: filter
+      attribute: resource_type
+      operator: within
+      value:
+        - azurerm_machine_learning_workspace
     - cond_type: connection
       resource_types:
         - azurerm_machine_learning_workspace
@@ -19,8 +29,8 @@ definition:
       operator: exists
     - cond_type: attribute
       resource_types: azurerm_storage_account
-      attribute: "public_network_access_enabled"
-      operator: "equals"
-      value: "false"
+      attribute: public_network_access_enabled
+      operator: equals
+      value: false
 
 

tests/terraform/graph/checks/resources/AzureMLWorkspaceHBIPublicNetwork/expected.yaml

@@ -1,9 +1,6 @@
 pass:
   - "azurerm_machine_learning_workspace.pass1"
   - "azurerm_machine_learning_workspace.pass2"
-  - "azurerm_storage_account.pass"
 fail:
   - "azurerm_machine_learning_workspace.fail1"
-  - "azurerm_storage_account.example"
-  - "azurerm_storage_account.example-default"
   - "azurerm_machine_learning_workspace.fail2"