bug(terraform): false positive for "ALB Is not Integrated With WAF" for NLBs #7964
Description
Query id: 0afa6ab8-a047-48cf-be07-93a2f8c34cf7
Query name: ALB Is Not Integrated With WAF
Platform: Terraform
Severity: Medium
Expected Behavior
The rule should only flag ALBs.
Actual Behavior
The rule flags any aws_lb or aws_alb resource without checking that load_balancer_type is application or not.
Steps to Reproduce the Problem
- Create
test.tf:
resource "aws_lb" "test" {
name = "test-lb-tf"
internal = false
load_balancer_type = "network"
security_groups = [aws_security_group.lb_sg.id]
subnets = [for subnet in aws_subnet.public : subnet.id]
enable_deletion_protection = true
access_logs {
bucket = aws_s3_bucket.lb_logs.id
prefix = "test-lb"
enabled = true
}
tags = {
Environment = "production"
}
}
- Run
make buildon master branch - Run
./bin/kics scan \
-p test.tf \
--include-queries 0afa6ab8-a047-48cf-be07-93a2f8c34cf7 \
-o ./out \
--report-formats json
Specifications
- Version: latest
master - Platform: Terraform
- Provider: hashicorp/aws
I am new to this project but I have a pull request ready to go that I can link here if that is okay.