Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: panic: cannot refine an unknown value of an unknown type #5471

Closed
2 tasks done
nikpivkin opened this issue Oct 30, 2023 Discussed in #5468 · 0 comments · Fixed by aquasecurity/trivy-iac#40
Closed
2 tasks done

bug: panic: cannot refine an unknown value of an unknown type #5471

nikpivkin opened this issue Oct 30, 2023 Discussed in #5468 · 0 comments · Fixed by aquasecurity/trivy-iac#40
Assignees
@simar7 @nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.48.0

Comments

@nikpivkin
Copy link
Contributor

Discussed in #5468

Originally posted by thepoppingone October 30, 2023

Description

panic: cannot refine an unknown value of an unknown type

goroutine 1 [running]:
github.com/zclconf/go-cty/cty.Value.Refine({{{0x10cd77fd8?, 0x1106e5720?}}, {0x10c0eb160?, 0x11067cf90?}})
        github.com/zclconf/[email protected]/cty/unknown_refinement.go:47 +0x498
github.com/zclconf/go-cty/cty.Value.RefineNotNull({{{0x10cd77fd8?, 0x1106e5720?}}, {0x10c0eb160?, 0x11067cf90?}})
        github.com/zclconf/[email protected]/cty/unknown_refinement.go:123 +0x2c
github.com/hashicorp/hcl/v2/ext/typeexpr.(*Defaults).apply(0x14002c9fe20, {{{0x10cd77280?, 0x14003658540?}}, {0x10c1147a0?, 0x14003154960?}})
        github.com/hashicorp/hcl/[email protected]/ext/typeexpr/defaults.go:99 +0x7ac
github.com/hashicorp/hcl/v2/ext/typeexpr.(*Defaults).Apply(...)
        github.com/hashicorp/hcl/[email protected]/ext/typeexpr/defaults.go:45
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).evaluateVariable(0x1400020b8c0, 0x14002caf340)
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:378 +0x2f4
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).getValuesByBlockType(0x1400020b8c0, {0x10a478208, 0x8})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:414 +0x73c
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).evaluateStep(0x1400020b8c0)
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:93 +0x30
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).EvaluateAll(0x1400020b8c0, {0x10cd76340, 0x14002b1f1f0})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:135 +0x154
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*Parser).EvaluateAll(0x14002aea280, {0x10cd76340, 0x14002b1f1f0})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/parser.go:305 +0x47c
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).EvaluateAll(0x14000fbfc80, {0x10cd76340, 0x14002b1f1f0})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:159 +0x368
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*Parser).EvaluateAll(0x140017b0000, {0x10cd76340, 0x14002b1f1f0})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/parser.go:305 +0x47c
github.com/aquasecurity/defsec/pkg/scanners/terraform.(*Scanner).ScanFSWithMetrics(0x140027717a0, {0x10cd76340, 0x14002b1f1f0}, {0x10cccf860?, 0x14001a42690}, {0x10b8edc60, 0x1})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/scanner.go:231 +0x4a0
github.com/aquasecurity/defsec/pkg/scanners/terraform.(*Scanner).ScanFS(0x10a48160e?, {0x10cd76340?, 0x14002b1f1f0?}, {0x10cccf860?, 0x14001a42690?}, {0x10b8edc60?, 0x14002976dd8?})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/scanner.go:148 +0x38
github.com/aquasecurity/trivy/pkg/misconf.(*Scanner).Scan(0x1400112aa40, {0x10cd76340, 0x14002b1f1f0}, {0x10cccf860?, 0x1400091e570?})
        github.com/aquasecurity/trivy/pkg/misconf/scanner.go:154 +0x18c
github.com/aquasecurity/trivy/pkg/fanal/analyzer/config.(*Analyzer).PostAnalyze(0x140025de980, {0x10cd76340?, 0x14002b1f1f0?}, {{0x10cccf860?, 0x1400091e570?}, {0x9?, 0x0?}})
        github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/config.go:45 +0x38
github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.PostAnalyze({{0x14000ecaf80, 0x3, 0x4}, {0x140010fe700, 0x7, 0x8}, 0x14000a06ae0}, {0x10cd76340, 0x14002b1f1f0}, 0x140014fa410, ...)
        github.com/aquasecurity/trivy/pkg/fanal/analyzer/analyzer.go:491 +0x23c
github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect({{0x16b30b455, 0x1}, {0x11a0235d8, 0x14001c147f0}, {{{0x0, 0x0, 0x0}, {0x140009ec100, 0x3, 0x4}, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/fanal/artifact/local/fs.go:171 +0x408
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact({{_, _}, {_, _}}, {_, _}, {{0x0, 0x0, 0x0}, {0x14001c14750, ...}, ...})
        github.com/aquasecurity/trivy/pkg/scanner/scan.go:145 +0xa0
github.com/aquasecurity/trivy/pkg/commands/artifact.scan({_, _}, {{{0x10a489c63, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0x140026ad020, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:683 +0x320
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact(_, {_, _}, {{{0x10a489c63, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:266 +0xa0
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanFS(_, {_, _}, {{{0x10a489c63, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...})
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:214 +0xa4
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).ScanFilesystem(_, {_, _}, {{{0x10a489c63, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...})
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:194 +0x1b0
github.com/aquasecurity/trivy/pkg/commands/artifact.Run({_, _}, {{{0x10a489c63, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0x140026ad020, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:427 +0x3bc
github.com/aquasecurity/trivy/pkg/commands.NewConfigCommand.func2(0x14000239800, {0x14001c9c220, 0x1, 0x1})
        github.com/aquasecurity/trivy/pkg/commands/app.go:679 +0x290
github.com/spf13/cobra.(*Command).execute(0x14000239800, {0x14001c9c1e0, 0x1, 0x1})
        github.com/spf13/[email protected]/command.go:940 +0x658
github.com/spf13/cobra.(*Command).ExecuteC(0x140024c7800)
        github.com/spf13/[email protected]/command.go:1068 +0x320
github.com/spf13/cobra.(*Command).Execute(0x10a4f54fc?)
        github.com/spf13/[email protected]/command.go:992 +0x1c
main.run()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:35 +0x150
main.main()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:17 +0x1c

Desired Behavior

Trivy checks for Terraform config files results should proceed and results should output

Actual Behavior

It finds some unknown value that it tries to convert and it fails

Reproduction Steps

Run `trivy config .` on this folder and it fails on 0.46.1 

On version 0.45.1 it works

https://github.com/SPHTech-Platform/terraform-aws-eks/tree/main/modules/essentials

Target

None

Scanner

None

Output Format

SARIF

Mode

Standalone

Debug Output

2023-10-30T10:33:32.216+0800    DEBUG   Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-10-30T10:33:32.227+0800    DEBUG   cache dir:  /Users/wangpp/Library/Caches/trivy
2023-10-30T10:33:32.227+0800    INFO    Misconfiguration scanning is enabled
2023-10-30T10:33:32.227+0800    DEBUG   Policies successfully loaded from disk
2023-10-30T10:33:32.248+0800    DEBUG   The nuget packages directory couldn't be found. License search disabled
2023-10-30T10:33:32.256+0800    DEBUG   Walk the file tree rooted at '.' in parallel
2023-10-30T10:33:32.293+0800    DEBUG   Scanning Terraform files for misconfigurations...
panic: cannot refine an unknown value of an unknown type

goroutine 1 [running]:
github.com/zclconf/go-cty/cty.Value.Refine({{{0x10b273fd8?, 0x10ebe1720?}}, {0x10a5e7160?, 0x10eb78f90?}})
        github.com/zclconf/[email protected]/cty/unknown_refinement.go:47 +0x498
github.com/zclconf/go-cty/cty.Value.RefineNotNull({{{0x10b273fd8?, 0x10ebe1720?}}, {0x10a5e7160?, 0x10eb78f90?}})
        github.com/zclconf/[email protected]/cty/unknown_refinement.go:123 +0x2c
github.com/hashicorp/hcl/v2/ext/typeexpr.(*Defaults).apply(0x14001abc720, {{{0x10b273280?, 0x140031ae3e0?}}, {0x10a6107a0?, 0x1400291c870?}})
        github.com/hashicorp/hcl/[email protected]/ext/typeexpr/defaults.go:99 +0x7ac
github.com/hashicorp/hcl/v2/ext/typeexpr.(*Defaults).Apply(...)
        github.com/hashicorp/hcl/[email protected]/ext/typeexpr/defaults.go:45
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).evaluateVariable(0x140016ff500, 0x140036e8e00)
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:378 +0x2f4
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).getValuesByBlockType(0x140016ff500, {0x108974208, 0x8})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:414 +0x73c
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).evaluateStep(0x140016ff500)
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:93 +0x30
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).EvaluateAll(0x140016ff500, {0x10b272340, 0x14000aa6d20})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:135 +0x154
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*Parser).EvaluateAll(0x14001cfe500, {0x10b272340, 0x14000aa6d20})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/parser.go:305 +0x47c
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*evaluator).EvaluateAll(0x140016fe000, {0x10b272340, 0x14000aa6d20})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/evaluator.go:159 +0x368
github.com/aquasecurity/defsec/pkg/scanners/terraform/parser.(*Parser).EvaluateAll(0x14000a3aa00, {0x10b272340, 0x14000aa6d20})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/parser/parser.go:305 +0x47c
github.com/aquasecurity/defsec/pkg/scanners/terraform.(*Scanner).ScanFSWithMetrics(0x140013e4240, {0x10b272340, 0x14000aa6d20}, {0x10b1cb860?, 0x14001b61c38}, {0x109de9c60, 0x1})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/scanner.go:231 +0x4a0
github.com/aquasecurity/defsec/pkg/scanners/terraform.(*Scanner).ScanFS(0x10897d60e?, {0x10b272340?, 0x14000aa6d20?}, {0x10b1cb860?, 0x14001b61c38?}, {0x109de9c60?, 0x1400216edd8?})
        github.com/aquasecurity/[email protected]/pkg/scanners/terraform/scanner.go:148 +0x38
github.com/aquasecurity/trivy/pkg/misconf.(*Scanner).Scan(0x14002805540, {0x10b272340, 0x14000aa6d20}, {0x10b1cb860?, 0x140016e0c30?})
        github.com/aquasecurity/trivy/pkg/misconf/scanner.go:154 +0x18c
github.com/aquasecurity/trivy/pkg/fanal/analyzer/config.(*Analyzer).PostAnalyze(0x140003679e0, {0x10b272340?, 0x14000aa6d20?}, {{0x10b1cb860?, 0x140016e0c30?}, {0x9?, 0x0?}})
        github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/config.go:45 +0x38
github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.PostAnalyze({{0x140016526c0, 0x3, 0x4}, {0x140012bce00, 0x7, 0x8}, 0x140016a8a20}, {0x10b272340, 0x14000aa6d20}, 0x140016f2be0, ...)
        github.com/aquasecurity/trivy/pkg/fanal/analyzer/analyzer.go:491 +0x23c
github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect({{0x16ce0f44d, 0x1}, {0x118554600, 0x140016b1370}, {{{0x0, 0x0, 0x0}, {0x140016b99c0, 0x3, 0x4}, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/fanal/artifact/local/fs.go:171 +0x408
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact({{_, _}, {_, _}}, {_, _}, {{0x0, 0x0, 0x0}, {0x140016b12b0, ...}, ...})
        github.com/aquasecurity/trivy/pkg/scanner/scan.go:145 +0xa0
github.com/aquasecurity/trivy/pkg/commands/artifact.scan({_, _}, {{{0x108985c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0x1400120de60, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:683 +0x320
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact(_, {_, _}, {{{0x108985c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:266 +0xa0
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanFS(_, {_, _}, {{{0x108985c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...})
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:214 +0xa4
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).ScanFilesystem(_, {_, _}, {{{0x108985c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...})
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:194 +0x1b0
github.com/aquasecurity/trivy/pkg/commands/artifact.Run({_, _}, {{{0x108985c63, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0x1400120de60, ...}, ...}, ...}, ...)
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:427 +0x3bc
github.com/aquasecurity/trivy/pkg/commands.NewConfigCommand.func2(0x14001592900, {0x140001957a0, 0x1, 0x2})
        github.com/aquasecurity/trivy/pkg/commands/app.go:679 +0x290
github.com/spf13/cobra.(*Command).execute(0x14001592900, {0x14000195780, 0x2, 0x2})
        github.com/spf13/[email protected]/command.go:940 +0x658
github.com/spf13/cobra.(*Command).ExecuteC(0x14001303200)
        github.com/spf13/[email protected]/command.go:1068 +0x320
github.com/spf13/cobra.(*Command).Execute(0x1089f14fc?)
        github.com/spf13/[email protected]/command.go:992 +0x1c
main.run()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:35 +0x150
main.main()
        github.com/aquasecurity/trivy/cmd/trivy/main.go:17 +0x1c


### Operating System

macOS

### Version

```bash
0.46.1

Checklist
@nikpivkin nikpivkin added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Oct 30, 2023
@nikpivkin nikpivkin mentioned this issue Oct 30, 2023
Merged
@simar7 simar7 added this to the v0.47.0 milestone Oct 30, 2023
@simar7 simar7 modified the milestones: v0.47.0, v0.48.0 Nov 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simar7 simar7

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Archived in project
Milestone
v0.48.0
Development

Successfully merging a pull request may close this issue.

fix(terraform): convert input variables to expected type nikpivkin/trivy-iac
2 participants
@simar7 @nikpivkin