Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ERROR:checkov.terraform.checks.resource.gcp.CloudStorageSelfLogging:Failed to run check: Bucket should not log to itself for configuration

See original GitHub issue

Describe the bug Error during check with rule CKV_GCP_63 (not clearly identify)

Here is the result of my terraform plan for my GCS resource using terraform google storage module

resource "google_storage_bucket" "buckets" {
  bucket_policy_only          = (known after apply)
      force_destroy               = false
      id                          = (known after apply)
      labels                      = {
          "name" = "xxxxxxxx-bucket"
      }
      location                    = "EU"
      name                        = "xxxxxxxx-bucket"
      project                     = "xxxxxxxx-project"
      self_link                   = (known after apply)
      storage_class               = "STANDARD"
      uniform_bucket_level_access = true
      url                         = (known after apply)
      versioning {
          enabled = true
      }
  }

ERROR:checkov.terraform.checks.resource.gcp.CloudStorageSelfLogging:Failed to run check: Bucket should not log to itself for configuration
[[]], 'default_event_based_hold': [None], 'encryption': [[]], 'force_destroy': [False], 'labels': [{'name': ['xxxxxxxx-bucket'], 'start_line': [158], 'end_line': [160]}], 'lifecycle_rule': [[]], 'location': ['EU'], 'logging': [[]], 'name': ['xxxxxxxx-bucket'], 'project': ['xxxxxxxx-project'], 'requester_pays': [None], 'retention_policy': [[]], 'storage_class': ['STANDARD'], 'uniform_bucket_level_access': [True], 'versioning': [{'enabled': [True], 'start_line': [171], 'end_line': [173]}], 'website': [[]], 'start_line': [153], 'end_line': [176]} at file: /checkov.tfplan.json
Traceback (most recent call last):
  File "/usr/local/bin/checkov", line 5, in <module>
    run()
  File "/usr/local/lib/python3.8/site-packages/checkov/main.py", line 96, in run
    scan_reports = runner_registry.run(external_checks_dir=external_checks_dir, files=args.file,
  File "/usr/local/lib/python3.8/site-packages/checkov/common/runners/runner_registry.py", line 34, in run
    scan_report = runner.run(root_folder, external_checks_dir=external_checks_dir, files=files,
  File "/usr/local/lib/python3.8/site-packages/checkov/terraform/plan_runner.py", line 65, in run
    self.check_tf_definition(report, runner_filter)
  File "/usr/local/lib/python3.8/site-packages/checkov/terraform/plan_runner.py", line 79, in check_tf_definition
    self.run_block(definition[block_type], full_file_path, report, scanned_file,
  File "/usr/local/lib/python3.8/site-packages/checkov/terraform/plan_runner.py", line 95, in run_block
    results = registry.scan(scanned_file, entity, [], runner_filter)
  File "/usr/local/lib/python3.8/site-packages/checkov/common/checks/base_check_registry.py", line 109, in scan
    result = self.run_check(check, entity_configuration, entity_name, entity_type, scanned_file, skip_info)
  File "/usr/local/lib/python3.8/site-packages/checkov/common/checks/base_check_registry.py", line 115, in run_check
    result = check.run(scanned_file=scanned_file, entity_configuration=entity_configuration,
  File "/usr/local/lib/python3.8/site-packages/checkov/common/checks/base_check.py", line 62, in run
    raise e
  File "/usr/local/lib/python3.8/site-packages/checkov/common/checks/base_check.py", line 42, in run
    check_result['result'] = self.scan_entity_conf(entity_configuration, entity_type)
  File "/usr/local/lib/python3.8/site-packages/checkov/terraform/checks/resource/base_resource_check.py", line 17, in scan_entity_conf
    return self.scan_resource_conf(conf, entity_type)
  File "/usr/local/lib/python3.8/site-packages/checkov/terraform/checks/resource/base_resource_check.py", line 33, in wrapper
    return wrapped(self, conf)
  File "/usr/local/lib/python3.8/site-packages/checkov/terraform/checks/resource/gcp/CloudStorageSelfLogging.py", line 17, in scan_resource_conf
    if conf['logging'][0]['log_bucket']:
TypeError: list indices must be integers or slices, not str

To Reproduce Steps to reproduce the behavior:

Using terraform GCS module in your terraform
Run checkov scan
See error

Informations

Checkov Version 1.0.799 (from docker image)

Issue Analytics

State:
Created 3 years ago
Reactions:2
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

franviera92commented, Mar 30, 2021

This error persist in the version 1.0.863 @carlobongiovanni

MBP-CVIERA@MacBook-Pro-de-MBP-SOPORTE taz % checkov --version 1.0.863 MBP-CVIERA@MacBook-Pro-de-MBP-SOPORTE taz % checkov -d .
ERROR:checkov.terraform.checks.resource.gcp.CloudStorageSelfLogging:Failed to run check: Bucket should not log to itself for configuration: {‘cors’: [[]], ‘default_event_based_hold’: [None], ‘encryption’: [[]], ‘force_destroy’: [True], ‘labels’: [None], ‘lifecycle_rule’: [[]], ‘location’: [‘US-CENTRAL1’], ‘logging’: [[]], ‘project’: [‘tc-sc-bi-bigdata-dp-pmo-dev’], ‘requester_pays’: [None], ‘retention_policy’: [[]], ‘storage_class’: [‘REGIONAL’], ‘uniform_bucket_level_access’: [True], ‘versioning’: [[]], ‘website’: [[]], ‘start_line’: [0], ‘end_line’: [0]} at file: /tfplan.json 2021-03-30 16:11:27,755 [MainThread ] [ERROR] Failed to run check: Bucket should not log to itself for configuration: {‘cors’: [[]], ‘default_event_based_hold’: [None], ‘encryption’: [[]], ‘force_destroy’: [True], ‘labels’: [None], ‘lifecycle_rule’: [[]], ‘location’: [‘US-CENTRAL1’], ‘logging’: [[]], ‘project’: [‘tc-sc-bi-bigdata-dp-pmo-dev’], ‘requester_pays’: [None], ‘retention_policy’: [[]], ‘storage_class’: [‘REGIONAL’], ‘uniform_bucket_level_access’: [True], ‘versioning’: [[]], ‘website’: [[]], ‘start_line’: [0], ‘end_line’: [0]} at file: /tfplan.json Traceback (most recent call last): File “/Library/Frameworks/Python.framework/Versions/3.8/bin/checkov”, line 5, in <module> run() File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/main.py”, line 97, in run scan_reports = runner_registry.run(root_folder=root_folder, external_checks_dir=external_checks_dir, File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/common/runners/runner_registry.py”, line 34, in run scan_report = runner.run(root_folder, external_checks_dir=external_checks_dir, files=files, File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/terraform/plan_runner.py”, line 62, in run self.check_tf_definition(report, runner_filter) File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/terraform/plan_runner.py”, line 78, in check_tf_definition self.run_block(definition[block_type], full_file_path, report, scanned_file, File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/terraform/plan_runner.py”, line 94, in run_block results = registry.scan(scanned_file, entity, [], runner_filter) File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/common/checks/base_check_registry.py”, line 109, in scan result = self.run_check(check, entity_configuration, entity_name, entity_type, scanned_file, skip_info) File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/common/checks/base_check_registry.py”, line 115, in run_check result = check.run(scanned_file=scanned_file, entity_configuration=entity_configuration, File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/common/checks/base_check.py”, line 62, in run raise e File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/common/checks/base_check.py”, line 42, in run check_result[‘result’] = self.scan_entity_conf(entity_configuration, entity_type) File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/terraform/checks/resource/base_resource_check.py”, line 17, in scan_entity_conf return self.scan_resource_conf(conf, entity_type) File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/terraform/checks/resource/base_resource_check.py”, line 33, in wrapper return wrapped(self, conf) File “/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/checkov/terraform/checks/resource/gcp/CloudStorageSelfLogging.py”, line 14, in scan_resource_conf bucket_name = conf[‘name’] KeyError: ‘name’

0reactions

carlobongiovannicommented, Mar 2, 2021

@schosterbarak https://github.com/bridgecrewio/checkov/pull/936