Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

panic: interface conversion: interface {} is bool, not string #6404

Closed
2 tasks done
nikpivkin opened this issue Mar 27, 2024 Discussed in #6402 · 0 comments · Fixed by #6406
Closed
2 tasks done

panic: interface conversion: interface {} is bool, not string #6404

nikpivkin opened this issue Mar 27, 2024 Discussed in #6402 · 0 comments · Fixed by #6406
Assignees
@nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.51.0

Comments

@nikpivkin
Copy link
Contributor

Example:

Parameters:
  EnvironmentType:
    Type: String
    Description: Type of the environment, can only be "development"
    AllowedValues:
      - development
    Default: development

Mappings:
  ApiDB: 
     MultiAZ:
        development: False
      
Resources:
  ApiDB:
    Type: AWS::RDS::DBInstance
    Properties:
      MultiAZ: !FindInMap [ApiDB, MultiAZ, !Ref EnvironmentType]

Discussed in #6402

Originally posted by SorinFlueras March 27, 2024

Description

When scanning Cloudformation files for misconfigurations, Trivy fails with this message:
panic: interface conversion: interface {} is bool, not string

Desired Behavior

Trivy is running without errors.

Actual Behavior

Trivy fails with: panic: interface conversion: interface {} is bool, not string

Reproduction Steps

Run `trivy conf --severity HIGH,CRITICAL --debug .` on a CloudFormation template that contains AWS::RDS::DBInstance, AWS::SSM::Parameter and AWS::EC2::SecurityGroup

Target

None

Scanner

Misconfiguration

Output Format

None

Mode

None

Debug Output

trivy conf --severity HIGH,CRITICAL --debug .
2024-03-27T10:26:16.579+0200    DEBUG   Severities: ["HIGH" "CRITICAL"]
2024-03-27T10:26:16.589+0200    DEBUG   cache dir:  /Users/sorinflueras/Library/Caches/trivy
2024-03-27T10:26:16.589+0200    INFO    Misconfiguration scanning is enabled
2024-03-27T10:26:16.590+0200    DEBUG   Policies successfully loaded from disk
2024-03-27T10:26:16.609+0200    DEBUG   The nuget packages directory couldn't be found. License search disabled
2024-03-27T10:26:16.615+0200    DEBUG   Walk the file tree rooted at '.' in parallel
2024-03-27T10:26:16.621+0200    DEBUG   Scanning CloudFormation files for misconfigurations...
panic: interface conversion: interface {} is bool, not string

goroutine 1 [running]:
github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser.(*Property).AsString(0x14000e5f0e0)
        github.com/aquasecurity/[email protected]/pkg/scanners/cloudformation/parser/property_helpers.go:93 +0x1bc
github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser.(*Property).EqualTo(0x14000e5f0e0, {0x107ed95a0?, 0x108dcacb0?}, {0x14002999ec8?, 0x14002999ea8?, 0x100c13a1c?})
        github.com/aquasecurity/[email protected]/pkg/scanners/cloudformation/parser/property_helpers.go:189 +0x134
github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser.(*Resource).inferBool(0x3?, 0x0?, 0x80?)
        github.com/aquasecurity/[email protected]/pkg/scanners/cloudformation/parser/resource.go:181 +0x88
github.com/aquasecurity/defsec/pkg/scanners/cloudformation/parser.(*Resource).GetBoolProperty(0x6?, {0x10657d241?, 0x1065c352b?}, {0x0?, 0x0?, 0x103e305c0?})
        github.com/aquasecurity/[email protected]/pkg/scanners/cloudformation/parser/resource.go:148 +0xdc
github.com/aquasecurity/defsec/internal/adapters/cloudformation/aws/rds.getClustersAndInstances({{0x14001485b00, 0x22}, {0x14000ddb000, 0xae, 0xae}, {0x10656b846, 0x4}, 0x1400158dd70, 0x1400165a300, 0x0, ...})
        github.com/aquasecurity/[email protected]/internal/adapters/cloudformation/aws/rds/instance.go:41 +0x660
github.com/aquasecurity/defsec/internal/adapters/cloudformation/aws/rds.Adapt({{0x14001485b00, 0x22}, {0x14000ddb000, 0xae, 0xae}, {0x10656b846, 0x4}, 0x1400158dd70, 0x1400165a300, 0x0, ...})
        github.com/aquasecurity/[email protected]/internal/adapters/cloudformation/aws/rds/rds.go:10 +0xa0
github.com/aquasecurity/defsec/internal/adapters/cloudformation/aws.Adapt({{_, _}, {_, _, _}, {_, _}, _, _, _, ...})
        github.com/aquasecurity/[email protected]/internal/adapters/cloudformation/aws/adapt.go:65 +0xb14
github.com/aquasecurity/defsec/internal/adapters/cloudformation.Adapt(...)
        github.com/aquasecurity/[email protected]/internal/adapters/cloudformation/adapt.go:12
github.com/aquasecurity/defsec/pkg/scanners/cloudformation.(*Scanner).scanFileContext(0x14001244bb0, {0x108e82340, 0x14001560850}, 0x108ddb860?, 0x1400148c8a0, {0x108ddb860?, 0x140015175d8})
        github.com/aquasecurity/[email protected]/pkg/scanners/cloudformation/scanner.go:184 +0xbc
github.com/aquasecurity/defsec/pkg/scanners/cloudformation.(*Scanner).ScanFS(0x14001244bb0, {0x108e82340, 0x14001560850}, {0x108ddb860, 0x140015175d8}, {0x1079f9c60?, 0x14002934dd8?})
        github.com/aquasecurity/[email protected]/pkg/scanners/cloudformation/scanner.go:147 +0x124
github.com/aquasecurity/trivy/pkg/misconf.(*Scanner).Scan(0x1400123ac40, {0x108e82340, 0x14001560850}, {0x108ddb860?, 0x14001391110?})
        github.com/aquasecurity/trivy/pkg/misconf/scanner.go:154 +0x18c
github.com/aquasecurity/trivy/pkg/fanal/analyzer/config.(*Analyzer).PostAnalyze(0x1400035dec0, {0x108e82340?, 0x14001560850?}, {{0x108ddb860?, 0x14001391110?}, {0xe?, 0x0?}})
        github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/config.go:45 +0x38
github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.PostAnalyze({{0x14001d30780, 0x3, 0x4}, {0x14000e8f800, 0x7, 0x8}, 0x140027635c0}, {0x108e82340, 0x14001560850}, 0x1400124f270, ...)
        github.com/aquasecurity/trivy/pkg/fanal/analyzer/analyzer.go:491 +0x23c
github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect({{0x16f1ff454, 0x1}, {0x11664a038, 0x14002747b50}, {{{0x0, 0x0, 0x0}, {0x14001298400, 0x3, 0x4}, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/fanal/artifact/local/fs.go:171 +0x408
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact({{_, _}, {_, _}}, {_, _}, {{0x0, 0x0, 0x0}, {0x14002747a90, ...}, ...})
        github.com/aquasecurity/trivy/pkg/scanner/scan.go:145 +0xa0
github.com/aquasecurity/trivy/pkg/commands/artifact.scan({_, _}, {{{0x106595c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0x1400143ae70, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:683 +0x320
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact(_, {_, _}, {{{0x106595c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:266 +0xa0
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanFS(_, {_, _}, {{{0x106595c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...})
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:214 +0xa4
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).ScanFilesystem(_, {_, _}, {{{0x106595c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...})
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:194 +0x1b0
github.com/aquasecurity/trivy/pkg/commands/artifact.Run({_, _}, {{{0x106595c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0x1400143ae70, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:427 +0x3bc
github.com/aquasecurity/trivy/pkg/commands.NewConfigCommand.func2(0x14000ee0900, {0x14001d303c0, 0x1, 0x4})
        github.com/aquasecurity/trivy/pkg/commands/app.go:679 +0x290
github.com/spf13/cobra.(*Command).execute(0x14000ee0900, {0x14001d30380, 0x4, 0x4})
        github.com/spf13/[email protected]/command.go:940 +0x658
github.com/spf13/cobra.(*Command).ExecuteC(0x14000d71200)
        github.com/spf13/[email protected]/command.go:1068 +0x320
github.com/spf13/cobra.(*Command).Execute(0x1066014fc?)
        github.com/spf13/[email protected]/command.go:992 +0x1c
main.run()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:35 +0x150
main.main()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:17 +0x1c

Operating System

MacOS Sonoma 14.0 (23A344)

Version

Version: 0.46.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-01-10 06:13:55.903275063 +0000 UTC
  NextUpdate: 2024-01-10 12:13:55.903274573 +0000 UTC
  DownloadedAt: 2024-01-10 08:39:26.029785 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-01-09 00:47:12.747790854 +0000 UTC
  NextUpdate: 2024-01-12 00:47:12.747790693 +0000 UTC
  DownloadedAt: 2024-01-10 08:41:24.583461 +0000 UTC
Policy Bundle:
  Digest: sha256:1df8ade71efc830877ca3b1130f83e0c6368e3a45b0d4c0f0418955501644054
  DownloadedAt: 2024-03-27 08:18:01.177919 +0000 UTC

Checklist
@nikpivkin nikpivkin added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Mar 27, 2024
@nikpivkin nikpivkin self-assigned this Mar 27, 2024
@nikpivkin nikpivkin mentioned this issue Mar 27, 2024
Merged
6 tasks
@simar7 simar7 added this to the v0.51.0 milestone Mar 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Milestone
v0.51.0
Development

Successfully merging a pull request may close this issue.

fix(cloudformation): infer type after resolving a function nikpivkin/trivy
2 participants
@simar7 @nikpivkin