Checkmarx · cx-artur-ribeiro · Jan 14, 2026 · Jan 15, 2026 · Jan 15, 2026 · Jan 15, 2026
@@ -0,0 +1,57 @@
+{
+  "document": [
+    {
+      "file": "file",
+      "id": "0",
+      "locals": {
+        "environment": "production",
+        "resource_name": "my-app-service"
+      },
+      "resource": {
+        "aws_s3_bucket": {
+          "example": {
+            "bucket": "my-app-service",
+            "tags": {
+              "Environment": "production",
+              "Name": "my-app-service"
+            }
+          }
+        },
+        "kubernetes_service_v1": {
+          "example": {
+            "metadata": {
+              "labels": {
+                "app": "my-app-service"
+              },
+              "name": "my-service",
+              "namespace": "default"
+            },
+            "spec": {
+              "port": {
+                "port": 80,
+                "target_port": 8080
+              },
+              "selector": {
+                "app": "my-app-service"
+              }
+            }
+          }
+        }
+      }
+    },
+    {
+      "file": "file",
+      "id": "0",
+      "variable": {
+        "name": {
+          "default": "service",
+          "type": "${string}"
+        },
+        "resource_prefix": {
+          "default": "my-app-",
+          "type": "${string}"
+        }
+      }
+    }
+  ]
+}
@@ -0,0 +1,159 @@
+{
+  "kics_version": "development",
+  "files_scanned": 2,
+  "lines_scanned": 47,
+  "files_parsed": 2,
+  "lines_parsed": 47,
+  "lines_ignored": 0,
+  "files_failed_to_scan": 0,
+  "queries_total": 1101,
+  "queries_failed_to_execute": 0,
+  "queries_failed_to_compute_similarity_id": 0,
+  "scan_id": "console",
+  "severity_counters": {
+    "CRITICAL": 0,
+    "HIGH": 0,
+    "INFO": 2,
+    "LOW": 1,
+    "MEDIUM": 2,
+    "TRACE": 0
+  },
+  "total_counter": 5,
+  "total_bom_resources": 0,
+  "start": "2026-01-14T21:29:02.4901976Z",
+  "end": "2026-01-14T21:29:16.8821957Z",
+  "paths": [
+    "/path/e2e/fixtures/samples/terraform-locals"
+  ],
+  "queries": [
+    {
+      "query_name": "S3 Bucket Logging Disabled",
+      "query_id": "f861041c-8c9f-4156-acfc-5e6e524f5884",
+      "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket",
+      "severity": "MEDIUM",
+      "platform": "Terraform",
+      "cwe": "778",
+      "risk_score": "5.1",
+      "cloud_provider": "AWS",
+      "category": "Observability",
+      "experimental": false,
+      "description": "Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable",
+      "description_id": "fa5c7c72",
+      "files": [
+        {
+          "file_name": "/path/e2e/fixtures/samples/terraform-locals/main.tf",
+          "similarity_id": "e0510199dceea096d9c476c2b1a5e181b6d3050159e1019049ef068ad0d0e3c9",
+          "line": 27,
+          "resource_type": "aws_s3_bucket",
+          "resource_name": "my-app-service",
+          "issue_type": "MissingAttribute",
+          "search_key": "aws_s3_bucket[example]",
+          "search_line": 27,
+          "search_value": "",
+          "expected_value": "'logging' should be defined and not null",
+          "actual_value": "'logging' is undefined or null"
+        }
+      ]
+    },
+    {
+      "query_name": "S3 Bucket Without Versioning",
+      "query_id": "568a4d22-3517-44a6-a7ad-6a7eed88722c",
+      "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning",
+      "severity": "MEDIUM",
+      "platform": "Terraform",
+      "cwe": "710",
+      "risk_score": "5.7",
+      "cloud_provider": "AWS",
+      "category": "Backup",
+      "experimental": false,
+      "description": "S3 bucket should have versioning enabled",
+      "description_id": "7614ce3b",
+      "files": [
+        {
+          "file_name": "/path/e2e/fixtures/samples/terraform-locals/main.tf",
+          "similarity_id": "7152d8bab096599974a6e046e2b7ae3855c5ba4bf5aa1e7b47de1d3834dddc1a",
+          "line": 27,
+          "resource_type": "aws_s3_bucket",
+          "resource_name": "my-app-service",
+          "issue_type": "MissingAttribute",
+          "search_key": "aws_s3_bucket[example]",
+          "search_line": 27,
+          "search_value": "",
+          "expected_value": "'versioning' should be true",
+          "actual_value": "'versioning' is undefined or null"
+        }
+      ]
+    },
+    {
+      "query_name": "IAM Access Analyzer Not Enabled",
+      "query_id": "e592a0c5-5bdb-414c-9066-5dba7cdea370",
+      "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/accessanalyzer_analyzer",
+      "severity": "LOW",
+      "platform": "Terraform",
+      "cwe": "710",
+      "risk_score": "3.5",
+      "cloud_provider": "AWS",
+      "category": "Best Practices",
+      "experimental": false,
+      "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions",
+      "description_id": "d03e85ae",
+      "files": [
+        {
+          "file_name": "/path/e2e/fixtures/samples/terraform-locals/main.tf",
+          "similarity_id": "0a7d0464de505a54720d6002d14a22a32e6b20bb8189d444ab621d8ab838304f",
+          "line": 6,
+          "resource_type": "n/a",
+          "resource_name": "n/a",
+          "issue_type": "MissingAttribute",
+          "search_key": "resource",
+          "search_line": -1,
+          "search_value": "",
+          "expected_value": "'aws_accessanalyzer_analyzer' should be set",
+          "actual_value": "'aws_accessanalyzer_analyzer' is undefined"
+        }
+      ]
+    },
+    {
+      "query_name": "Variable Without Description",
+      "query_id": "2a153952-2544-4687-bcc9-cc8fea814a9b",
+      "query_url": "https://www.terraform.io/docs/language/values/variables.html#input-variable-documentation",
+      "severity": "INFO",
+      "platform": "Terraform",
+      "cwe": "710",
+      "risk_score": "0.0",
+      "cloud_provider": "COMMON",
+      "category": "Best Practices",
+      "experimental": false,
+      "description": "All variables should contain a valid description.",
+      "description_id": "b44986be",
+      "files": [
+        {
+          "file_name": "/path/e2e/fixtures/samples/terraform-locals/variables.tf",
+          "similarity_id": "71c203d56572e4a0245f96d579cf681005b1cd368cbe27273e237b286eeb1867",
+          "line": 6,
+          "resource_type": "n/a",
+          "resource_name": "n/a",
+          "issue_type": "MissingAttribute",
+          "search_key": "variable.{{name}}",
+          "search_line": -1,
+          "search_value": "",
+          "expected_value": "'description' should be defined and not null",
+          "actual_value": "'description' is undefined or null"
+        },
+        {
+          "file_name": "/path/e2e/fixtures/samples/terraform-locals/variables.tf",
+          "similarity_id": "77b2c29716b6deec350157e0176aba10a75eefb94ebc3c0e19bd2d20ff19eb3b",
+          "line": 1,
+          "resource_type": "n/a",
+          "resource_name": "n/a",
+          "issue_type": "MissingAttribute",
+          "search_key": "variable.{{resource_prefix}}",
+          "search_line": -1,
+          "search_value": "",
+          "expected_value": "'description' should be defined and not null",
+          "actual_value": "'description' is undefined or null"
+        }
+      ]
+    }
+  ]
+}
@@ -0,0 +1,35 @@
+locals {
+  resource_name = "${var.resource_prefix}${var.name}"
+  environment   = "production"
+}
+
+resource "kubernetes_service_v1" "example" {
+  metadata {
+    name      = "my-service"
+    namespace = "default"
+    labels = {
+      app = local.resource_name
+    }
+  }
+
+  spec {
+    selector = {
+      app = local.resource_name
+    }
+
+    port {
+      port        = 80
+      target_port = 8080
+    }
+  }
+}
+
+resource "aws_s3_bucket" "example" {
+  bucket = local.resource_name
+
+  tags = {
+    Name        = local.resource_name
+    Environment = local.environment
+  }
+}
+
@@ -0,0 +1,10 @@
+variable "resource_prefix" {
+  type = string
+  default = "my-app-"
+}
+
+variable "name" {
+  type = string
+  default = "service"
+}
+
@@ -0,0 +1,29 @@
+// Package testcases provides end-to-end (E2E) testing functionality for the application.
+package testcases
+
+// E2E-CLI-104 - KICS scan should parse and evaluate terraform locals and find vulnerabilities
+// should perform the scan successfully, find issues, and return exit code 50
+func init() { //nolint
+	testSample := TestCase{
+		Name: "should perform a valid scan, evaluate terraform locals, and find vulnerabilities [E2E-CLI-104]",
+		Args: args{
+			Args: []cmdArgs{
+				[]string{"scan", "-o", "/path/e2e/output",
+					"--output-name", "E2E_CLI_104_RESULT",
+					"-p", "\"/path/e2e/fixtures/samples/terraform-locals\"",
+					"--payload-path", "/path/e2e/output/E2E_CLI_104_PAYLOAD.json"},
+			},
+			ExpectedPayload: []string{
+				"E2E_CLI_104_PAYLOAD.json",
+			},
+			ExpectedResult: []ResultsValidation{
+				{
+					ResultsFile: "E2E_CLI_104_RESULT",
+				},
+			},
+		},
+		WantStatus: []int{40},
+	}
+
+	Tests = append(Tests, testSample)
+}