gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-05 20:40:16 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(misconf): ensure value used as ignore marker is non-null and known (#9835)

Browse Source 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
This commit is contained in:
Nikita Pivkin
2025-11-26 12:28:38 +06:00
committed by GitHub
parent 7b2b4d4b45
commit 7aca80151c
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/iac/scanners/terraform/executor/executor.go
View File

@@ -204,6 +204,9 @@ func ignoreByParams(params map[string]string, modules terraform.Modules, m *type
}
for key, param := range params {
val := block.GetValueByPath(key)
if val.IsNull() || !val.IsKnown() {
return false
}
switch val.Type() {
case cty.String:
if val.AsString() != param {

8
pkg/iac/scanners/terraform/ignore_test.go
View File

@@ -390,6 +390,14 @@ data "aws_iam_policy_document" "this" {
}`,
assertLength: 0,
},
{
name: "ignore marker value is unknown",
source: `#trivy:ignore:*[bucket=mybucket-bucket1]
resource "aws_s3_bucket" "test" {
bucket = "mybucket-${each.key}"
}`,
assertLength: 1,
},
}
for _, tc := range testCases {