Open
Description
Describe the issue
Graph checks such as CKV2_AWS_33 now fail when the output format is JSON with the following error:
Stacktrace
2025-03-19 19:49:50,040 [MainThread ] [ERROR] Exception traceback:
Traceback (most recent call last):
File "/home/joeyhage/demo/.venv/lib/python3.11/site-packages/checkov/main.py", line 571, in run
exit_codes.append(self.print_results(
^^^^^^^^^^^^^^^^^^^
File "/home/joeyhage/demo/.venv/lib/python3.11/site-packages/checkov/main.py", line 848, in print_results
return runner_registry.print_reports(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/joeyhage/demo/.venv/lib/python3.11/site-packages/checkov/common/runners/runner_registry.py", line 539, in print_reports
json_output = json.dumps(report_json_output, indent=4, cls=CustomJSONEncoder)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/__init__.py", line 238, in dumps
**kw).encode(obj)
^^^^^^^^^^^
File "/home/joeyhage/demo/.venv/lib/python3.11/site-packages/checkov/common/util/json_utils.py", line
57, in encode
return super().encode(self._encode(obj))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/encoder.py", line 202, in encode
chunks = list(chunks)
^^^^^^^^^^^^
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/encoder.py", line 432, in _iterencode
yield from _iterencode_dict(o, _current_indent_level)
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/encoder.py", line 406, in _iterencode_dict
yield from chunks
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/encoder.py", line 406, in _iterencode_dict
yield from chunks
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/encoder.py", line 326, in _iterencode_list
yield from chunks
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/encoder.py", line 406, in _iterencode_dict
yield from chunks
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/encoder.py", line 406, in _iterencode_dict
yield from chunks
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/encoder.py", line 406, in _iterencode_dict
yield from chunks
File "/home/joeyhage/.pyenv/versions/3.11.9/lib/python3.11/json/encoder.py", line 377, in _iterencode_dict
raise TypeError(f'keys must be str, int, float, bool or None, '
TypeError: keys must be str, int, float, bool or None, not tuple
To reproduce, clone bridgecrewio/checkov, install the project using pipenv, and execute a scan using these arguments:
checkov --check CKV2_AWS_33 \
--directory tests/cloudformation/graph/checks/resources \
--output jsonAdditional context
I believe this issue was introduced in 3.2.381 by the changes to connected_node. This line of code adds a new key of type tuple to the source connected node.