fix(terraform): Fix two checks and logs (#6874)

* Fix checks and logs * Fix flake8
bridgecrewio · Nov 26, 2024 · 4db0683 · 4db0683
1 parent 13f5933
commit 4db0683
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/checkov/common/graph/graph_builder/graph_components/blocks.py b/checkov/common/graph/graph_builder/graph_components/blocks.py
@@ -171,9 +171,9 @@ def update_attribute(
                     try:
                         self._update_attribute_based_on_jsonpath_key(attribute_value, key)
                     except Exception as e:
-                        logging.warning(f"Failed updating attribute for key: {key} and value {attribute_value} for"
-                                        f"vertex attributes {self.attributes}. Falling back to explicitly setting it."
-                                        f"Exception - {e}")
+                        logging.debug(f"Failed updating attribute for key: {key} and value {attribute_value} for"
+                                      f"vertex attributes {self.attributes}. Falling back to explicitly setting it."
+                                      f"Exception - {e}")
                         self.attributes[key] = attribute_value
                 else:
                     self.attributes[key] = attribute_value

diff --git a/checkov/terraform/checks/resource/aws/S3GlobalViewACL.py b/checkov/terraform/checks/resource/aws/S3GlobalViewACL.py
@@ -19,7 +19,8 @@ def scan_resource_conf(self, conf: dict[str, list[Any]]) -> CheckResult:
             for policy in conf.get('access_control_policy'):
                 if 'grant' in policy:
                     for grant in policy.get('grant'):
-                        if 'permission' in grant and ('FULL_CONTROL' in grant.get('permission') or 'READ_ACP' in grant.get('permission')):
+                        if (isinstance(grant, dict) and 'permission' in grant and
+                                ('FULL_CONTROL' in grant.get('permission') or 'READ_ACP' in grant.get('permission'))):
                             if 'grantee' in grant:
                                 for grantee in grant.get('grantee'):
                                     if 'uri' in grantee and 'http://acs.amazonaws.com/groups/global/AllUsers' in grantee.get('uri'):

diff --git a/checkov/terraform/checks/resource/aws/S3SecureDataTransport.py b/checkov/terraform/checks/resource/aws/S3SecureDataTransport.py
@@ -77,6 +77,8 @@ def scan_resource_conf(self, conf) -> CheckResult:
         if not is_public and access_control_policy:
             grants = access_control_policy[0].get('grant', [])
             for grant in grants:
+                if isinstance(grant, str):
+                    continue
                 grantee = grant.get('grantee', [])
                 if grantee and grantee[0].get('uri', [None])[0] == 'http://acs.amazonaws.com/groups/global/AllUsers':
                     # Search for a connected aws_s3_bucket then a connected aws_s3_bucket_public_access_block then