Merge pull request #81 from RoseSecurity/fix-parsing-and-dry-run

RoseSecurity · web-flow · commit f2b8bd600326 · 2025-09-24T15:56:21.000-04:00
refactor(attributes): improve unused attribute detection
diff --git a/internal/analyzer.go b/internal/analyzer.go
@@ -68,11 +68,34 @@ func printDiff(resources []Resource, schema ProviderSchema, model, tool, prompt,
 }
 
 func findUnusedAttributes(usedAttrs map[string]string, possibleAttrs map[string]interface{}) []string {
-	var unusedAttrs []string
-	for attr := range possibleAttrs {
-		if _, used := usedAttrs[attr]; !used {
-			unusedAttrs = append(unusedAttrs, attr)
-		}
-	}
-	return unusedAttrs
+    validNames := make(map[string]struct{})
+
+    if blockAny, ok := possibleAttrs["block"]; ok {
+        if block, ok := blockAny.(map[string]interface{}); ok {
+            //Attributes at the current block level
+            if attrsAny, ok := block["attributes"]; ok {
+                if attrsMap, ok := attrsAny.(map[string]interface{}); ok {
+                    for name := range attrsMap {
+                        validNames[name] = struct{}{}
+                    }
+                }
+            }
+            // Nested block types at this level (their names appear as top-level blocks in HCL)
+            if blockTypesAny, ok := block["block_types"]; ok {
+                if btMap, ok := blockTypesAny.(map[string]interface{}); ok {
+                    for name := range btMap {
+                        validNames[name] = struct{}{}
+                    }
+                }
+            }
+        }
+    }
+
+    var unused []string
+    for name := range validNames {
+        if _, used := usedAttrs[name]; !used {
+            unused = append(unused, name)
+        }
+    }
+    return unused
 }
diff --git a/internal/dry_run.go b/internal/dry_run.go
@@ -55,7 +55,6 @@ func testPossibleAttributes(resources []Resource, schema ProviderSchema, tool st
 		if possibleAttrs, ok := schema.ResourceTypes[resource.Type]; ok {
 			usedAttrs := resource.Attributes
 			unusedAttrsForResource := testFindUnusedAttributes(usedAttrs, possibleAttrs)
-
 			// Collect unused attributes
 			unusedAttrs = append(unusedAttrs, unusedAttrsForResource...)
 		} else {
@@ -67,11 +66,34 @@ func testPossibleAttributes(resources []Resource, schema ProviderSchema, tool st
 
 // testFindUnusedAttributes identifies unused attributes by comparing used and possible attributes.
 func testFindUnusedAttributes(usedAttrs map[string]string, possibleAttrs map[string]interface{}) []string {
-	var unusedAttrs []string
-	for attr := range possibleAttrs {
-		if _, used := usedAttrs[attr]; !used {
-			unusedAttrs = append(unusedAttrs, attr)
-		}
-	}
-	return unusedAttrs
+    // Mirror logic in analyzer's findUnusedAttributes: only consider names
+    // under block.attributes and block.block_types.
+    validNames := make(map[string]struct{})
+
+    if blockAny, ok := possibleAttrs["block"]; ok {
+        if block, ok := blockAny.(map[string]interface{}); ok {
+            if attrsAny, ok := block["attributes"]; ok {
+                if attrsMap, ok := attrsAny.(map[string]interface{}); ok {
+                    for name := range attrsMap {
+                        validNames[name] = struct{}{}
+                    }
+                }
+            }
+            if blockTypesAny, ok := block["block_types"]; ok {
+                if btMap, ok := blockTypesAny.(map[string]interface{}); ok {
+                    for name := range btMap {
+                        validNames[name] = struct{}{}
+                    }
+                }
+            }
+        }
+    }
+
+    var unused []string
+    for name := range validNames {
+        if _, used := usedAttrs[name]; !used {
+            unused = append(unused, name)
+        }
+    }
+    return unused
 }
diff --git a/internal/llm.go b/internal/llm.go
@@ -61,7 +61,7 @@ Example output:
 resource "type" "name" {
   # Enables feature X for improved security
   attribute1 = value1
-  
+
   # Optimizes performance by setting Y
   attribute2 = value2
 }`, tool, resourceType, unusedAttrs)
@@ -74,7 +74,7 @@ Example output:
 resource "type" "name" {
   # Enables feature X for improved security
   attribute1 = value1
-  
+
   # Optimizes performance by setting Y
   attribute2 = value2
 }`, tool, resourceType, unusedAttrs, prompt)
diff --git a/internal/parser.go b/internal/parser.go
@@ -47,17 +47,14 @@ func ParseConfigurationFile(file string) ([]Resource, error) {
 		resourceName := block.Labels[1]
 		attributes := make(map[string]string)
 
-		bodyContent, _, _ := block.Body.PartialContent(&hcl.BodySchema{
-			Attributes: []hcl.AttributeSchema{},
-		})
-
-		for attrName, attr := range bodyContent.Attributes {
-			value, diag := attr.Expr.Value(nil)
-			if diag.HasErrors() {
-				fmt.Printf("Error evaluating attribute %s in file %s: %s\n", attrName, file, diag.Error())
-				continue
-			}
-			attributes[attrName] = value.AsString()
+		// Collect all attributes present without requiring a schema and without evaluating expressions.
+		attrs, moreDiags := block.Body.JustAttributes()
+		if moreDiags.HasErrors() {
+			fmt.Printf("Warning: issues when reading attributes for %s.%s in file %s: %s\n", resourceType, resourceName, file, moreDiags.Error())
+		}
+		for attrName := range attrs {
+			// We only need attribute keys for unused detection downstream.
+			attributes[attrName] = ""
 		}
 
 		resources = append(resources, Resource{
