-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CKV2_AWS_44 is showing false positive #6277
Labels
checks
Check additions or changes
Comments
@rickythain Hi, thanks for reporting this, I believe the Policy is triggering when the destination_cidr_block IP Address contains "0.0.0.0", even if it is "10.0.0.0". The policy passes when the IP Address does not contain "0.0.0.0" such as in the case of "10.1.0.0/16". There's potentially an issue in the Policy logic. We'll investigate on this internally. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue
CKV2_AWS_44 (Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic) is showing false-positive but there may be more than just that issue.
i summarized and compiled the tf code, json plan file, and checkov result in this repo for reference.
Examples
terraform code:
checkov returned fail for aws_route.route2, when the resource does not have overly permissive route.
Version (please complete the following information):
Additional context
I tried creating a custom policy basing the current policy; replacing the
not_contains
tonot_equals
. it is working for aws_route resources but not aws_route_table inline routes.when multiple inline routes are created in a aws_route_table, both
not_contains
andnot_equals
return false reports.The text was updated successfully, but these errors were encountered: