From d440f58352c938d9aaa9a35ba8e79a357fb31944 Mon Sep 17 00:00:00 2001
From: alex <alex@coderabbit.ai>
Date: Wed, 16 Apr 2025 13:03:15 -0400
Subject: [PATCH 1/2] add a bad tf file

---
 sampleTerraformFile.tf | 105 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 sampleTerraformFile.tf

diff --git a/sampleTerraformFile.tf b/sampleTerraformFile.tf
new file mode 100644
index 0000000..3cde87c
--- /dev/null
+++ b/sampleTerraformFile.tf
@@ -0,0 +1,105 @@
+## This is a sample Terraform file to check CHECKOV with intentional vulnerabilities.
+## Run checkov:
+## checkov --directory /user/path/to/iac/code
+## checkov --file /user/tf/example.tf
+## checkov -f /user/cloudformation/example1.yml -f /user/cloudformation/example2.yml
+##
+## Refer: https://www.checkov.io/2.Basics/Installing%20Checkov.html
+
+locals {
+  sg_name    = "checkov-test"
+  aws_vpc_id = "vpc-#####" #enter vpc id here
+  cidr_block = ["0.0.0.0/0"]
+  from_port  = "80"
+  to_port    = "80"
+}
+
+##################################################################
+# Insecure provider block with hardcoded AWS credentials 
+# (should be retrieved from environment variables or a secure store)
+##################################################################
+provider "aws" {
+  region     = "us-east-1"
+  access_key = "AKIA123456789EXAMPLE"      # Vulnerability: Hardcoded AWS access key
+  secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"  # Vulnerability: Hardcoded AWS secret key
+}
+
+##################################################################
+# A security group with minimal restrictions in the first resource.
+##################################################################
+resource "aws_security_group" "this" {
+  name        = local.sg_name
+  description = "Security group "
+  vpc_id      = local.aws_vpc_id
+
+  ingress {
+    description = "Ingress from VPC"
+    from_port   = local.from_port
+    to_port     = local.to_port
+    protocol    = "tcp"
+    cidr_blocks = local.cidr_block
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+##################################################################
+# An additional security group with an overly permissive rule.
+# This rule allows ALL TCP ports (0-65535) from ANY source.
+##################################################################
+resource "aws_security_group" "insecure" {
+  name        = "insecure-sg"
+  description = "Insecure SG exposing all TCP ports to the world"
+  vpc_id      = local.aws_vpc_id
+
+  ingress {
+    description = "Allow all TCP traffic"
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    description = "Allow all outbound traffic"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+##################################################################
+# A public S3 bucket configuration with unsafe ACL and disabled block public access.
+##################################################################
+resource "aws_s3_bucket" "public" {
+  bucket = "checkov-public-bucket-demo-12345"
+  acl    = "public-read"   # Vulnerability: Bucket is publicly readable
+
+  versioning {
+    enabled = false
+  }
+
+  # Intentionally not configuring block public access to expose potential risk
+  website {
+    index_document = "index.html"
+  }
+}
+
+##################################################################
+# Terraform configuration, with required versions and providers.
+##################################################################
+terraform {
+  required_version = "~> 1.2.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.20.0"
+    }
+  }
+}

From 5d7beff0d0621fe5da55d56e83f78860024ec7b7 Mon Sep 17 00:00:00 2001
From: alex <alex@coderabbit.ai>
Date: Thu, 17 Apr 2025 11:10:45 -0400
Subject: [PATCH 2/2] this should trigger shit

---
 sampleTerraformFile.tf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sampleTerraformFile.tf b/sampleTerraformFile.tf
index 3cde87c..b60d383 100644
--- a/sampleTerraformFile.tf
+++ b/sampleTerraformFile.tf
@@ -15,13 +15,13 @@ locals {
 }
 
 ##################################################################
-# Insecure provider block with hardcoded AWS credentials 
-# (should be retrieved from environment variables or a secure store)
+# we do this in production
+# do the lalalalalala
 ##################################################################
 provider "aws" {
   region     = "us-east-1"
-  access_key = "AKIA123456789EXAMPLE"      # Vulnerability: Hardcoded AWS access key
-  secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"  # Vulnerability: Hardcoded AWS secret key
+  access_key = "AKIA123456789EXAMPLE"
+  secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
 }
 
 ##################################################################