Skip to content

Commit

Permalink
fix(misconf): do not use semver for parsing tf module versions (#6614)
Browse files Browse the repository at this point in the history
  • Loading branch information
nikpivkin authored May 4, 2024
1 parent 14c1024 commit 9c794c0
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 4 deletions.
23 changes: 23 additions & 0 deletions pkg/iac/scanners/terraform/parser/parser_integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,26 @@ module "registry" {
require.NoError(t, err)
require.Len(t, modules, 2)
}

func Test_ModuleWithPessimisticVersionConstraint(t *testing.T) {
if testing.Short() {
t.Skip("skipping integration test in short mode")
}
fs := testutil.CreateFS(t, map[string]string{
"code/test.tf": `
module "registry" {
source = "registry.terraform.io/terraform-aws-modules/s3-bucket/aws"
bucket = "my-s3-bucket"
version = "~> 3.1"
}
`,
})

parser := New(fs, "", OptionStopOnHCLError(true), OptionWithSkipCachedModules(true))
if err := parser.ParseFS(context.TODO(), "code"); err != nil {
t.Fatal(err)
}
modules, _, err := parser.EvaluateAll(context.TODO())
require.NoError(t, err)
require.Len(t, modules, 2)
}
8 changes: 4 additions & 4 deletions pkg/iac/scanners/terraform/parser/resolvers/registry.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (

"golang.org/x/net/idna"

"github.com/aquasecurity/go-version/pkg/semver"
"github.com/aquasecurity/go-version/pkg/version"
)

type registryResolver struct {
Expand Down Expand Up @@ -167,13 +167,13 @@ func resolveVersion(input string, versions moduleVersions) (string, error) {
return "", fmt.Errorf("no available versions for module")
}

constraints, err := semver.NewConstraints(input)
constraints, err := version.NewConstraints(input)
if err != nil {
return "", err
}
var realVersions semver.Collection
var realVersions version.Collection
for _, rawVersion := range versions.Modules[0].Versions {
realVersion, err := semver.Parse(rawVersion.Version)
realVersion, err := version.Parse(rawVersion.Version)
if err != nil {
continue
}
Expand Down

0 comments on commit 9c794c0

Please sign in to comment.