Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CKV_GCP_33 reports a false positive `true` vs `"TRUE"`

See original GitHub issue

Bug/False Positive: CKV_GCP_33 reports a false positive depending on the syntax used in the metadata block specifically true vs "TRUE"

Steps to reproduce the behavior:

resource "google_compute_project_metadata" "general" {
  metadata = {
    "enable-oslogin" = "TRUE"
    "google-compute-default-region" = "europe-west4"
    "google-compute-default-zone"   = "europe-west4-a"
  }
}

or

resource "google_compute_project_metadata" "general" {
  metadata = {
    enable-oslogin    = "TRUE"
    google-compute-default-region = "europe-west4"
    google-compute-default-zone   = "europe-west4-a"
  }
}

Expected behavior: The above examples should be valid and not flagged as failed for Check: CKV_GCP_33: "Ensure oslogin is enabled for a Project"

  • Checkov Version [1.0.702]

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
TheMacStackcommented, Jan 18, 2021

@TheMacStack should "TRUE" always be evaluated like true? from the HCL specification looks like capital letters “TRUE” is not necessarily a boolean value.

No, typically not, but in this particular field it is a set of arbitrary key/value pairs, basically as plain text, not actual defined terraform params that expect a true boolean value.

So in general true != "TRUE" but for this metadata block "TRUE" is a valid value

0reactions
schosterbarakcommented, Jan 18, 2021

sweet. thanks for reporting on it @TheMacStack

Read more comments on GitHub >

github_iconTop Results From Across the Web

Classification: True vs. False and Positive vs. Negative
A true positive is an outcome where the model correctly predicts the positive class. Similarly, a true negative is an outcome where the...
Read more >
Exhibit 14. Schematic showing the sampling process for chart ...
Schematic showing the sampling process for chart review and the assignment of true and false positives and negatives. Previous Page · Next Page ......
Read more >
Baffling Concept of True Positive and True Negative
There is no good (positive) or bad (negative) aspect in it. What is True and False? When there is a sample data from...
Read more >
True and false positive rates for different criteria of evaluating ...
In this paper, we compare true positive and false positive rates for different evaluation criteria through simulations that rely on (1) ...
Read more >
False Positive, False Negative, True Positive and True Negative
True Positive: A legitimate attack which triggers to produce an alarm. ... False Negative: When no alarm is raised when an attack has...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Checkov fails to parse tf.json sources and returns an error to the console

Next page

Checkov return empty result