Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cloudformation): resolve property depending on conditions #1396

Merged
merged 1 commit into from
Jul 20, 2023
Merged

fix(cloudformation): resolve property depending on conditions #1396

merged 1 commit into from
Jul 20, 2023

Conversation

nikpivkin
Copy link
Collaborator

@nikpivkin nikpivkin commented Jul 18, 2023
edited
Loading

When a property is a value returned by a condition, then defsec does not evaluate it

Example:

Resources:
  Bucket:
    Type: "AWS::S3::Bucket"
    Properties:
      VersioningConfiguration:
        !If [true, { Status: Enabled }, { Status: Suspended }]

Output:

....
AVD-AWS-0090 aws-s3-enable-versioning test.yaml:2-6
....

See aquasecurity/trivy#4844

@nikpivkin nikpivkin marked this pull request as ready for review July 18, 2023 09:46
@simar7
Copy link
Member

simar7 commented Jul 19, 2023

do we have an issue in trivy/defsec which this fixes?

@nikpivkin
Copy link
Collaborator Author

@simar7 I opened an issue

@simar7 simar7 enabled auto-merge (squash) July 20, 2023 12:01
@simar7 simar7 merged commit 193ef12 into aquasecurity:master Jul 20, 2023
8 checks passed
@simar7 simar7 mentioned this pull request Jul 20, 2023
Closed
@nikpivkin nikpivkin deleted the nik-resolve-prop branch July 20, 2023 16:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 approved these changes

@giorod3 giorod3 Awaiting requested review from giorod3

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nikpivkin @simar7