Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tfsec failing to parse #56

Open
Artemu opened this issue Jun 24, 2021 · 1 comment · May be fixed by #55
Open

tfsec failing to parse #56

Artemu opened this issue Jun 24, 2021 · 1 comment · May be fixed by #55

Comments

@Artemu
Copy link

Artemu commented Jun 24, 2021

I currently have an issue, where this module is causing tfsec to fail when parsing, due to a secret being parsed via the local variables and triggering a GEN002 error.

[GEN002][WARNING] Local 'locals.' includes a potentially sensitive value that is defined within the project.

For more info see: https://tfsec.dev/docs/general/GEN002/
@Artemu Artemu linked a pull request Jun 24, 2021 that will close this issue
Open
@Artemu
Copy link
Author

Artemu commented Jun 24, 2021

Before change

$ tfsec .                                                           

Check 1

  [GEN002][WARNING] Local 'locals.' includes a potentially sensitive value which is defined within the project.
  /Users/[REDACTED]/Projects/terraform-aws-ecs-task-definition/main.tf:68


      65 |
      66 |   repositoryCredentials = jsonencode(var.repositoryCredentials)
      67 |   resourceRequirements  = jsonencode(var.resourceRequirements)
      68 |   secrets               = jsonencode(var.secrets)    [string] "[]"
      69 |   systemControls        = jsonencode(var.systemControls)
      70 |
      71 |   ulimits = replace(jsonencode(var.ulimits), local.classes["digit"], "$1")

  Impact:     Local value could be leaking secrets
  Resolution: Don't include sensitive data in locals

  https://tfsec.dev/docs/general/GEN002/
  https://www.terraform.io/docs/state/sensitive-data.html

  times
  ------------------------------------------
  disk i/o             4.500128ms
  parsing HCL          25.751µs
  evaluating values    1.479904ms
  running checks       325.951µs

  counts
  ------------------------------------------
  files loaded         4
  blocks               53
  evaluated blocks     53
  modules              0
  module blocks        0
  ignored checks       0

1 potential problems detected.

After Change

$ tfsec .                                                         

  times
  ------------------------------------------
  disk i/o             3.845602ms
  parsing HCL          26.376µs
  evaluating values    1.593058ms
  running checks       224.918µs

  counts
  ------------------------------------------
  files loaded         4
  blocks               53
  evaluated blocks     53
  modules              0
  module blocks        0
  ignored checks       0

No problems detected!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Module is failing tfsec security parsing Artemu/terraform-aws-ecs-task-definition
1 participant
@Artemu