From 83533de584f20ed96d581ffef13cc484c1289765 Mon Sep 17 00:00:00 2001
From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com>
Date: Tue, 11 May 2021 21:22:32 +0530
Subject: [PATCH] add check for unresolved variables

---
 .../rego/aws/aws_launch_configuration/hardCodedShellScript.rego  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/policies/opa/rego/aws/aws_launch_configuration/hardCodedShellScript.rego b/pkg/policies/opa/rego/aws/aws_launch_configuration/hardCodedShellScript.rego
index c40c555f3..a83cf4a2d 100755
--- a/pkg/policies/opa/rego/aws/aws_launch_configuration/hardCodedShellScript.rego
+++ b/pkg/policies/opa/rego/aws/aws_launch_configuration/hardCodedShellScript.rego
@@ -2,6 +2,7 @@ package accurics
 
 {{.prefix}}hardCodedShellScript[res.id]{
     res = input.aws_instance[_]
+    not startswith(res.config.user_data_base64, "$")
     value = base64NullCheck(res.config.user_data_base64)
     startswith(value, "#!/")
 }