Linting for Unsafe Root TypeList to AWS Structure Expansion

[bflad]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When setting up resource logic to read an AWS structure-like field (can only be represented in the Terraform Plugin SDK as a TypeList currently), the desired convention is the following: https://github.com/hashicorp/terraform-provider-aws/blob/master/docs/contributing/data-handling-and-conversion.md#root-typelist-of-resource-and-aws-structure

if v, ok := d.GetOk("attribute_name"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil {
    input.AttributeName = expandServiceStructure(v.([]interface{})[0].(map[string]interface{}))
}

Currently there are quite a few resources that perform this operation in an unsafe way (either slice index reference or type assertion panics), e.g.

	if v, ok := d.GetOk("filter"); ok {
		filterList := v.([]interface{})
		filterMap := filterList[0].(map[string]interface{}) // panic: interface conversion: interface {} is nil, not map[string]interface {}
		inventoryConfiguration.Filter = expandS3InventoryFilter(filterMap)
	}

In this case, we may be able to setup semgrep rules to discover and report these, e.g. a pattern like this would directly catch this particular logic (the $TFMAP line is likely extraneous unless there are a lot of initial reports):

if $VALUE, $OK := d.GetOk($KEY); $OK {
  $TFLIST := $VALUE.([]interface{})
  $TFMAP := $TFLIST[0].(map[string]interface{})
  ...
}

However there are likely other similar patterns that will need to be created as well.

References

• Terraform crashes on trying to apply s3 bucket inventory configs #16952

[bflad]

Potentially requires some semgrep adjustments before this can be implemented in that tool: semgrep/semgrep#2376

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.