fix(kustomize): fix empty kustomize file crash (#5131)

fix empty kustomize file crash
bridgecrewio · May 24, 2023 · 2584ada · 2584ada
1 parent 90c670c
commit 2584ada
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 11 deletions.
diff --git a/checkov/kustomize/runner.py b/checkov/kustomize/runner.py
@@ -246,7 +246,7 @@ def get_kustomize_metadata(self) -> dict[str, dict[str, Any]]:
         return {'kustomizeMetadata': self.kustomizeProcessedFolderAndMeta,
                 'kustomizeFileMappings': self.kustomizeFileMappings}
 
-    def _parseKustomization(self, kustomize_dir: str) -> dict[str, str]:
+    def _parseKustomization(self, kustomize_dir: str) -> dict[str, Any]:
         # We may have multiple results for "kustomization.yaml" files. These could be:
         # - Base and Environment (overlay) DIR's for the same kustomize-powered deployment
         # - OR, Multiple different Kustomize-powered deployments
@@ -263,29 +263,33 @@ def _parseKustomization(self, kustomize_dir: str) -> dict[str, str]:
         else:
             return {}
 
-        with open(kustomization_path, 'r') as kustomizationFile:
-            metadata = {}
+        with open(kustomization_path, 'r') as kustomization_file:
+            metadata: dict[str, Any] = {}
             try:
-                fileContent = yaml.safe_load(kustomizationFile)
+                file_content = yaml.safe_load(kustomization_file)
             except yaml.YAMLError:
                 logging.info(f"Failed to load Kustomize metadata from {kustomization_path}.", exc_info=True)
+                return {}
 
-            if 'resources' in fileContent:
+            if not isinstance(file_content, dict):
+                return {}
+
+            if 'resources' in file_content:
                 logging.debug(f"Kustomization contains resources: section. Likley a base. {kustomization_path}")
                 metadata['type'] = "base"
 
-            elif 'patchesStrategicMerge' in fileContent:
+            elif 'patchesStrategicMerge' in file_content:
                 logging.debug(f"Kustomization contains patchesStrategicMerge: section. Likley an overlay/env. {kustomization_path}")
                 metadata['type'] = "overlay"
-                if 'bases' in fileContent:
-                    metadata['referenced_bases'] = fileContent['bases']
+                if 'bases' in file_content:
+                    metadata['referenced_bases'] = file_content['bases']
 
-            elif 'bases' in fileContent:
+            elif 'bases' in file_content:
                 logging.debug(f"Kustomization contains bases: section. Likley an overlay/env. {kustomization_path}")
                 metadata['type'] = "overlay"
-                metadata['referenced_bases'] = fileContent['bases']
+                metadata['referenced_bases'] = file_content['bases']
 
-            metadata['fileContent'] = fileContent
+            metadata['fileContent'] = file_content
             metadata['filePath'] = f"{kustomization_path}"
             if metadata.get('type') == "base":
                 self.potentialBases.append(metadata['filePath'])

diff --git a/tests/kustomize/runner/resources/example/overlays/empty/kustomization.yaml b/tests/kustomize/runner/resources/example/overlays/empty/kustomization.yaml
@@ -0,0 +1 @@
+# just an empty file, shouldn't crash the run