Analysis of terraform dynamics blocks

SonarQube Server / Community Build
, ,
1

Hi!
We are trying to analyze terraform code, and we found a bunch security hotspots false positives while using in the code the terraform structure “dynamics blocks”. Dynamic Blocks - Configuration Language | Terraform | HashiCorp Developer

A dynamic block defines a property of a resource using the keyword “dynamic”, but the scanner arises an issue as if the property was not defined in te resource.
For instance, our code arise the following security hotspot, and we believe it is a false positive:

Captura de pantalla 2023-05-10 a las 9.20.23
Captura de pantalla 2023-05-10 a las 9.20.23736×103 8.86 KB

Captura de pantalla 2023-05-10 a las 9.23.52

Thank you.

1 Like
2

Hi @mvillanueva,

thank you for your report. Indeed, we are not considering dynamic blocks into account, when detecting the absence of relevant properties. I created a ticket to address the problem. I think it will be implemented soon as it affects multiple terraform rules.

Best,
Nils

1 Like
5

Hi Nils,
Thanks for your fast response. I don’t know if you meant this when you mentioned “it affects multiple terraform rules”, but we detected them in the following ones:

Thank you

2 Likes
6

Hi @mvillanueva,

yeah, exactly. Thank you for the list.

Best,

1 Like
8

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.