StackGuardian
diff --git a/‎src/tirith/core/core.py‎
Lines changed: 34 additions & 21 deletions b/‎src/tirith/core/core.py‎
Lines changed: 34 additions & 21 deletions
diff --git a/‎src/tirith/providers/terraform_plan/handler.py‎
Lines changed: 15 additions & 3 deletions b/‎src/tirith/providers/terraform_plan/handler.py‎
Lines changed: 15 additions & 3 deletions
diff --git a/‎tests/core/test_core.py‎
Lines changed: 114 additions & 1 deletion b/‎tests/core/test_core.py‎
Lines changed: 114 additions & 1 deletion
@@ -56,30 +56,43 @@ def generate_evaluator_result(evaluator_obj, input_data, provider_module):
     evaluation_results = []
     has_evaluation_passed = True
 
-    for evaluator_input in evaluator_inputs:
-        if isinstance(evaluator_input["value"], ProviderError) and evaluator_input.get("err", None):
-            severity_value = evaluator_input["value"].severity_value
-            err_result = dict(message=evaluator_input["err"])
-
-            if severity_value > evaluator_error_tolerance:
-                err_result.update(dict(passed=False))
+    # If there are no evaluator inputs, it means the provider didn't find any resources
+    # In this case, the evaluation should fail
+    if not evaluator_inputs:
+        has_evaluation_passed = False
+        evaluation_results = [{"passed": False, "message": "Could not find input value"}]
+    else:
+        # Track if we've had at least one valid evaluation (not skipped)
+        has_valid_evaluation = False
+
+        for evaluator_input in evaluator_inputs:
+            if isinstance(evaluator_input["value"], ProviderError) and evaluator_input.get("err", None):
+                severity_value = evaluator_input["value"].severity_value
+                err_result = dict(message=evaluator_input["err"])
+
+                if severity_value > evaluator_error_tolerance:
+                    err_result.update(dict(passed=False))
+                    evaluation_results.append(err_result)
+                    has_evaluation_passed = False
+                    continue
+                # Mark as skipped evaluation
+                err_result.update(dict(passed=None))
                 evaluation_results.append(err_result)
-                has_evaluation_passed = False
+                has_evaluation_passed = None
                 continue
-            # Mark as skipped evaluation
-            err_result.update(dict(passed=None))
-            evaluation_results.append(err_result)
+
+            evaluation_result = evaluator_instance.evaluate(evaluator_input["value"], evaluator_data)
+            evaluation_result["meta"] = evaluator_input.get("meta")
+            evaluation_results.append(evaluation_result)
+            has_valid_evaluation = True
+
+            if not evaluation_result["passed"]:
+                has_evaluation_passed = False
+
+        # If all evaluations were skipped, we need to make sure the overall result is 'None'
+        if not has_valid_evaluation and has_evaluation_passed is None:
             has_evaluation_passed = None
-            continue
-
-        evaluation_result = evaluator_instance.evaluate(evaluator_input["value"], evaluator_data)
-        evaluation_result["meta"] = evaluator_input.get("meta")
-        evaluation_results.append(evaluation_result)
-        if not evaluation_result["passed"]:
-            has_evaluation_passed = False
-    if not evaluation_results:
-        has_evaluation_passed = False
-        evaluation_results = [{"passed": False, "message": "Could not find input value"}]
+
     result["result"] = evaluation_results
     result["passed"] = has_evaluation_passed
     return result
 
@@ -50,6 +50,7 @@ def provide(provider_inputs, input_data):
     input_resource_change_attrs = {}
     input_type = provider_inputs["operation_type"]
     resource_changes = input_data.get("resource_changes")
+
     if not resource_changes:
         outputs.append(
             {
@@ -72,12 +73,17 @@ def provide(provider_inputs, input_data):
             if resource_type in (resource_change["type"], "*"):
                 is_resource_found = True
                 input_resource_change_attrs = resource_change["change"]["after"]
+                # [local_is_found_attribute] (local scope)
+                # Used to decide whether to append a None value for each specific resource that's missing the attribute
                 if input_resource_change_attrs:
+                    local_is_found_attribute = False
                     if attribute in input_resource_change_attrs:
                         is_attribute_found = True
+                        local_is_found_attribute = True
+                        attribute_value = input_resource_change_attrs[attribute]
                         outputs.append(
                             {
-                                "value": input_resource_change_attrs[attribute],
+                                "value": attribute_value,
                                 "meta": resource_change,
                                 "err": None,
                             }
@@ -86,15 +92,21 @@ def provide(provider_inputs, input_data):
                         evaluated_outputs = _wrapper_get_exp_attribute(attribute, input_resource_change_attrs)
                         if evaluated_outputs:
                             is_attribute_found = True
-                        for evaluated_output in evaluated_outputs:
-                            outputs.append({"value": evaluated_output, "meta": resource_change, "err": None})
+                            local_is_found_attribute = True
+                            for evaluated_output in evaluated_outputs:
+                                outputs.append({"value": evaluated_output, "meta": resource_change, "err": None})
+
+                    # If we didn't find the attribute in this resource, add a None value so it still gets evaluated
+                    if not local_is_found_attribute:
+                        outputs.append({"value": None, "meta": resource_change, "err": None})
                 else:
                     outputs.append(
                         {
                             "value": ProviderError(severity_value=0),
                             "err": f"No Terraform changes found for resource type: '{resource_type}'",
                         }
                     )
+
         if not outputs:
             if not is_resource_found:
                 outputs.append(
 
@@ -1,7 +1,10 @@
 # Maintain all core related tests here
 from pytest import mark
+import pytest
 
-from tirith.core.core import final_evaluator
+from tirith.core.core import final_evaluator, generate_evaluator_result
+from tirith.providers.common import ProviderError
+from unittest.mock import patch, MagicMock
 
 
 @mark.passing
@@ -38,3 +41,113 @@ def test_final_evaluator_malicious_eval_should_err():
         "!skipped_check && passing_check || [].__class__.__base__", dict(skipped_check=None, passing_check=True)
     )
     assert actual_result == (False, ["The following symbols are not allowed: __class__, __base__"])
+
+
+class MockEvaluator:
+    def evaluate(self, input_value, data):
+        if input_value == "resource1":
+            return {"passed": True, "message": "First resource passed"}
+        else:
+            return {"passed": False, "message": "Second resource failed"}
+
+
+@mark.passing
+def test_generate_evaluator_result_empty_inputs():
+    """Test that when a provider returns no inputs, the evaluation should fail."""
+    # Mock evaluator object
+    evaluator_obj = {
+        "id": "test_evaluator",
+        "provider_args": {"operation_type": "attribute", "key": "value"},
+        "condition": {"type": "Equals", "value": True},
+    }
+
+    # Mock the provider function to return empty list
+    with patch("tirith.core.core.get_evaluator_inputs_from_provider_inputs", return_value=[]):
+        result = generate_evaluator_result(evaluator_obj, {}, "test_provider")
+
+        # Verify the result shows a failed evaluation with the correct message
+        assert result["passed"] is False
+        assert len(result["result"]) == 1
+        assert result["result"][0]["passed"] is False
+        assert result["result"][0]["message"] == "Could not find input value"
+
+
+@mark.passing
+def test_generate_evaluator_result_provider_error_above_tolerance():
+    """Test that provider errors with severity higher than tolerance cause the evaluation to fail."""
+    # Mock evaluator object with error_tolerance = 1
+    evaluator_obj = {
+        "id": "test_evaluator",
+        "provider_args": {"operation_type": "attribute", "key": "value"},
+        "condition": {"type": "Equals", "value": True, "error_tolerance": 1},
+    }
+
+    # Create a provider error with severity 2 (above tolerance)
+    provider_error = {"value": ProviderError(severity_value=2), "err": "Resource not found"}
+
+    # Mock the provider function to return the error
+    with patch("tirith.core.core.get_evaluator_inputs_from_provider_inputs", return_value=[provider_error]):
+        # Create a mapping for EVALUATORS_DICT.get to return a mock evaluator class
+        mock_evaluator_dict = {"Equals": MockEvaluator}
+        with patch("tirith.core.core.EVALUATORS_DICT", mock_evaluator_dict):
+            result = generate_evaluator_result(evaluator_obj, {}, "test_provider")
+
+            # Verify the result shows a failed evaluation
+            assert result["passed"] is False
+            assert len(result["result"]) == 1
+            assert result["result"][0]["passed"] is False
+            assert result["result"][0]["message"] == "Resource not found"
+
+
+@mark.passing
+def test_generate_evaluator_result_provider_error_within_tolerance():
+    """Test that provider errors with severity within tolerance are skipped."""
+    # Mock evaluator object with error_tolerance = 2
+    evaluator_obj = {
+        "id": "test_evaluator",
+        "provider_args": {"operation_type": "attribute", "key": "value"},
+        "condition": {"type": "Equals", "value": True, "error_tolerance": 2},
+    }
+
+    # Create a provider error with severity 1 (within tolerance)
+    provider_error = {"value": ProviderError(severity_value=1), "err": "Minor issue"}
+
+    # Mock the provider function to return the error
+    with patch("tirith.core.core.get_evaluator_inputs_from_provider_inputs", return_value=[provider_error]):
+        # Create a mapping for EVALUATORS_DICT.get to return a mock evaluator class
+        mock_evaluator_dict = {"Equals": MockEvaluator}
+        with patch("tirith.core.core.EVALUATORS_DICT", mock_evaluator_dict):
+            result = generate_evaluator_result(evaluator_obj, {}, "test_provider")
+
+            # Verify the result shows a skipped evaluation
+            assert result["passed"] is None
+            assert len(result["result"]) == 1
+            assert result["result"][0]["passed"] is None
+            assert result["result"][0]["message"] == "Minor issue"
+
+
+@mark.passing
+def test_generate_evaluator_result_multiple_resources_one_failing():
+    """Test that when one resource fails, the entire evaluation fails."""
+    # Mock evaluator object
+    evaluator_obj = {
+        "id": "test_evaluator",
+        "provider_args": {"operation_type": "attribute", "key": "value"},
+        "condition": {"type": "Equals", "value": "expected_value"},
+    }
+
+    # Mock provider to return two resources
+    with patch(
+        "tirith.core.core.get_evaluator_inputs_from_provider_inputs",
+        return_value=[{"value": "resource1"}, {"value": "resource2"}],
+    ):
+        # Create a mapping for EVALUATORS_DICT.get to return our mock evaluator class
+        mock_evaluator_dict = {"Equals": MockEvaluator}
+        with patch("tirith.core.core.EVALUATORS_DICT", mock_evaluator_dict):
+            result = generate_evaluator_result(evaluator_obj, {}, "test_provider")
+
+            # Verify the result shows a failed evaluation even though one resource passed
+            assert result["passed"] is False
+            assert len(result["result"]) == 2
+            assert result["result"][0]["passed"] is True
+            assert result["result"][1]["passed"] is False