From 770c3805b732670a86b9a6f01809586a4b40d1c2 Mon Sep 17 00:00:00 2001 From: Barak Fatal Date: Thu, 24 Jul 2025 16:37:36 +0300 Subject: [PATCH] Parse continue as a string rather as a pthon object --- .../graph_builder/variable_rendering/safe_eval_functions.py | 3 ++- .../graph/variable_rendering/test_string_evaluation.py | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/checkov/terraform/graph_builder/variable_rendering/safe_eval_functions.py b/checkov/terraform/graph_builder/variable_rendering/safe_eval_functions.py index 5d66ec0624..db7c3ff4d9 100644 --- a/checkov/terraform/graph_builder/variable_rendering/safe_eval_functions.py +++ b/checkov/terraform/graph_builder/variable_rendering/safe_eval_functions.py @@ -280,7 +280,6 @@ def terraform_try(*args: Any) -> Any: SAFE_EVAL_FUNCTIONS: List[str] = [] SAFE_EVAL_DICT = dict([(k, locals().get(k, None)) for k in SAFE_EVAL_FUNCTIONS]) - # type conversion functions TRY_STR_REPLACEMENT = "__terraform_try__" SAFE_EVAL_DICT[TRY_STR_REPLACEMENT] = terraform_try @@ -380,6 +379,8 @@ def evaluate(input_str: str) -> Any: # Don't use str.replace to make sure we replace just the first occurrence input_str = f"{TRY_STR_REPLACEMENT}{input_str[3:]}" + if input_str == "continue": + return input_str asteval = get_asteval() log_level = os.getenv("LOG_LEVEL") should_log_asteval_errors = log_level == "DEBUG" diff --git a/tests/terraform/graph/variable_rendering/test_string_evaluation.py b/tests/terraform/graph/variable_rendering/test_string_evaluation.py index eb52402036..69e0ecb941 100644 --- a/tests/terraform/graph/variable_rendering/test_string_evaluation.py +++ b/tests/terraform/graph/variable_rendering/test_string_evaluation.py @@ -537,6 +537,11 @@ def test_dict_as_string(self): result = evaluate_terraform(input_str) assert result == expected + def test_continue_stays_the_same(self): + expected = "continue" + result = evaluate_terraform("continue") + self.assertEqual(expected, result) + @pytest.mark.parametrize( "origin_str,str_to_replace,new_value,expected",