feat(serverless): add check for empty resource attributes (#7074)

maxamel · Max Amelchenko · web-flow · commit bed46f6aaaa7 · 2025-03-31T09:50:27.000+03:00
* add check for empty resource attributes

* add test

---------

Co-authored-by: Max Amelchenko &lt;mamelchenko@paloaltonetworks.com&gt;
diff --git a/checkov/serverless/graph_builder/definition_context.py b/checkov/serverless/graph_builder/definition_context.py
@@ -39,18 +39,18 @@ def add_resource_to_definitions_context(definitions_context: dict[str, dict[str,
     if resource_key in LINE_FIELD_NAMES:
         return
 
-    if isinstance(resource_attributes, dict):
-        start_line = resource_attributes[START_LINE] - 1
-        end_line = resource_attributes[END_LINE] - 1
-
-    elif isinstance(resource_attributes, ListNode):
-        start_line = resource_attributes.start_mark.line
-        end_line = resource_attributes.end_mark.line
-
-    elif isinstance(resource_attributes, StrNode):
-        start_line = resource_attributes.start_mark.line + 1
-        end_line = resource_attributes.end_mark.line + 1
-
+    if resource_attributes:
+        if isinstance(resource_attributes, dict):
+            start_line = resource_attributes[START_LINE] - 1
+            end_line = resource_attributes[END_LINE] - 1
+        elif isinstance(resource_attributes, ListNode):
+            start_line = resource_attributes.start_mark.line
+            end_line = resource_attributes.end_mark.line
+        elif isinstance(resource_attributes, StrNode):
+            start_line = resource_attributes.start_mark.line + 1
+            end_line = resource_attributes.end_mark.line + 1
+        else:
+            return
     else:
         return
 
diff --git a/tests/serverless/checks/aws/example_AWSCredentials/AWSCredentials-FAILED-provider_level/serverless.yml b/tests/serverless/checks/aws/example_AWSCredentials/AWSCredentials-FAILED-provider_level/serverless.yml
@@ -5,6 +5,7 @@ provider:
   runtime: python3.7
   stackName: lambda-${self:service.name}
   tag: ${opt:tag}
+  stackTags: ${file(${env:STACK_TAGS_FILE, 'dummy.yaml'}), null}
   environment:
     TABLE_NAME: "mytable"
     BUCKET_NAME: "mybucket"
