Variable Without Type

  • Query id: fc5109bf-01fd-49fb-8bde-4492b543c34a
  • Query name: Variable Without Type
  • Platform: Terraform
  • Severity: Info
  • Category: Best Practices
  • CWE: 710
  • URL: Github

Description

All variables should contain a valid type.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
variable "cluster_name" {
  default = "example"
  description = "test"
}

resource "aws_eks_cluster" "positive1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name
}
Positive test num. 2 - tf file
variable "cluster_name" {
  default = "example"
  type    = " "
  description = "test"
}

resource "aws_eks_cluster" "positive1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name
}
Positive test num. 3 - tf file
variable "cluster_name" {
  default = "example"
  type    = ""
  description = "test"
}

resource "aws_eks_cluster" "positive1" {
  depends_on = [aws_cloudwatch_log_group.example]
  name                      = var.cluster_name
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
variable "cluster_name" {
  default = "example"
  description = "cluster name"
  type    = string
}

resource "aws_eks_cluster" "negative1" {
  depends_on = [aws_cloudwatch_log_group.example]

  enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
  name                      = var.cluster_name
}