From c8c14d36245623019f29d258f813d2325f7490f7 Mon Sep 17 00:00:00 2001
From: Nikita Pivkin <nikita.pivkin@smartforce.io>
Date: Thu, 17 Oct 2024 09:40:14 +0600
Subject: [PATCH] fix(misconf): check if property is not nil before conversion
 (#7578)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
---
 .../cloudformation/aws/ec2/adapt_test.go      | 28 +++++++++++++++++++
 .../parser/property_conversion.go             |  7 +++++
 2 files changed, 35 insertions(+)

diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/adapt_test.go b/pkg/iac/adapters/cloudformation/aws/ec2/adapt_test.go
index b218b95a4e99..c56471aa2bad 100644
--- a/pkg/iac/adapters/cloudformation/aws/ec2/adapt_test.go
+++ b/pkg/iac/adapters/cloudformation/aws/ec2/adapt_test.go
@@ -338,6 +338,34 @@ Resources:
 				},
 			},
 		},
+		{
+			name: "empty",
+			source: `---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Godd example of excessive ports
+Resources: 
+  NetworkACL:
+    Type: AWS::EC2::NetworkAcl
+  Rule:
+    Type: AWS::EC2::NetworkAclEntry
+    Properties:
+      NetworkAclId:
+        Ref: NetworkACL`,
+			expected: ec2.EC2{
+				NetworkACLs: []ec2.NetworkACL{
+					{
+						Rules: []ec2.NetworkACLRule{
+							{
+								Action:   types.StringTest("allow"),
+								Type:     types.StringTest("ingress"),
+								FromPort: types.IntTest(-1),
+								ToPort:   types.IntTest(-1),
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 
 	for _, tt := range tests {
diff --git a/pkg/iac/scanners/cloudformation/parser/property_conversion.go b/pkg/iac/scanners/cloudformation/parser/property_conversion.go
index 35847bb35c5b..d1ef23d396f2 100644
--- a/pkg/iac/scanners/cloudformation/parser/property_conversion.go
+++ b/pkg/iac/scanners/cloudformation/parser/property_conversion.go
@@ -10,6 +10,10 @@ import (
 )
 
 func (p *Property) IsConvertableTo(conversionType cftypes.CfType) bool {
+	if p.IsNil() {
+		return false
+	}
+
 	switch conversionType {
 	case cftypes.Int:
 		return p.isConvertableToInt()
@@ -62,6 +66,9 @@ func (p *Property) isConvertableToInt() bool {
 }
 
 func (p *Property) ConvertTo(conversionType cftypes.CfType) *Property {
+	if p.IsNil() {
+		return nil
+	}
 
 	if p.Type() == conversionType {
 		return p