Skip to content

fix(misconf): reject nil plays during playbook parsing#10132

Open
nikpivkin wants to merge 4 commits intoaquasecurity:mainfrom
nikpivkin:parse-ansible-pl
Open

fix(misconf): reject nil plays during playbook parsing#10132
nikpivkin wants to merge 4 commits intoaquasecurity:mainfrom
nikpivkin:parse-ansible-pl

Conversation

@nikpivkin
Copy link
Contributor

@nikpivkin nikpivkin commented Feb 3, 2026

Description

Prevent panic when accessing nil plays by filtering them out during parsing.

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@nikpivkin
fix(misconf): reject nil plays during playbook parsing
45a6447 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
@nikpivkin
refactor: extract role meta parsing
183cf9b 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
@nikpivkin
chore: remove outdated todo comment
d1d4161 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
@nikpivkin
chore: fix linter issue
364ae8e 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
@nikpivkin nikpivkin added the autoready Automatically mark PR as ready for review when all checks pass label Feb 3, 2026
@github-actions github-actions bot marked this pull request as ready for review February 3, 2026 13:18
@github-actions github-actions bot removed the autoready Automatically mark PR as ready for review when all checks pass label Feb 3, 2026
@github-actions github-actions bot requested a review from simar7 as a code owner February 3, 2026 13:18
willhughes-au
willhughes-au reviewed Feb 4, 2026
View reviewed changes
pkg/iac/scanners/ansible/parser/discovery_test.go
dir: ".",
expected: []string{"proj1", "proj2"},
},
{
Copy link

@willhughes-au willhughes-au Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can I ask a clarifying question regarding this test, and the fix in general:

Will this result in an error for any *.yaml file that doesn't have a valid play, or simply skip/ignore the file?

The context is that I've been testing the Trivy 0.68.2 -> 0.69.0 upgrade in our CI pipelines and we had it fail as described in #10131 for YAML files that are not Ansible playbooks.

Copy link
Contributor Author

@nikpivkin nikpivkin Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The parser simply logs the error when parsing the playbook and skips the file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 Awaiting requested review from simar7 simar7 is a code owner

1 more reviewer

@willhughes-au willhughes-au willhughes-au left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug(ansible): invalid playbook YAML causes panic

2 participants

@nikpivkin @willhughes-au