highlight only actions

bridgecrewio · Aug 26, 2024 · b829d60 · b829d60
1 parent 198073b
commit b829d60
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/checkov/terraform/checks/data/base_cloudsplaining_data_iam_check.py b/checkov/terraform/checks/data/base_cloudsplaining_data_iam_check.py
@@ -41,13 +41,13 @@ def cloudsplaining_enrich_evaluated_keys(self, policy: PolicyDocument,
                     if isinstance(actions, str):
                         for violating_action in violating_actions:
                             if fnmatch.fnmatch(violating_action.lower(), actions.lower()):  # found the violating action in our list of actions
-                                self.evaluated_keys = [f"statement/[{stmt_idx}]/actions"]
-                                break
+                                self.evaluated_keys.append(f"statement/[{stmt_idx}]/actions")
+                                return
                     if isinstance(actions, list):
                         for action_idx, action in enumerate(actions):      # go through the actions of this statement and try to match one violation
                             for violating_action in violating_actions:
                                 if isinstance(action, str) and fnmatch.fnmatch(violating_action.lower(), action.lower()):      # found the violating action in our list of actions
-                                    self.evaluated_keys.append(f"statement/[{stmt_idx}]/actions/[{action_idx}]/")
-                                    break
+                                    self.evaluated_keys.append(f"statement/[{stmt_idx}]/actions")
+                                    return
         except Exception as e:
             logging.warning(f'Failed enriching cloudsplaining evaluated keys due to: {e}')
diff --git a/checkov/terraform/checks/resource/base_cloudsplaining_resource_iam_check.py b/checkov/terraform/checks/resource/base_cloudsplaining_resource_iam_check.py
@@ -54,13 +54,13 @@ def cloudsplaining_enrich_evaluated_keys(self, policy: PolicyDocument,
                     if isinstance(actions, str):
                         for violating_action in violating_actions:
                             if fnmatch.fnmatch(violating_action.lower(), actions.lower()):  # found the violating action in our list of actions
-                                self.evaluated_keys = [f"policy/Statement/[{stmt_idx}]/Action"]
-                                break
+                                self.evaluated_keys.append(f"policy/Statement/[{stmt_idx}]/Action")
+                                return
                     if isinstance(actions, list):
                         for action_idx, action in enumerate(actions):  # go through the actions of this statement and try to match one violation
                             for violating_action in violating_actions:
                                 if isinstance(action, str) and fnmatch.fnmatch(violating_action.lower(), action.lower()):  # found the violating action in our list of actions
-                                    self.evaluated_keys.append(f"policy/Statement/[{stmt_idx}]/Action/[{action_idx}]/")
-                                    break
+                                    self.evaluated_keys.append(f"policy/Statement/[{stmt_idx}]/Action")
+                                    return
         except Exception as e:
             logging.warning(f'Failed enriching cloudsplaining evaluated keys due to: {e}')
diff --git a/checkov/terraform/modules/module_utils.py b/checkov/terraform/modules/module_utils.py
@@ -221,6 +221,7 @@ def clean_parser_types_lst(values: list[Any]) -> list[Any]:
             str_values_in_lst.append(val)
         else:
             result_values.append(val)
+    str_values_in_lst.sort()
     result_values.extend(str_values_in_lst)
     return result_values