feat(engine): ignore terraform cache folders

pkg/engine/provider/filesystem.go

@@ -6,6 +6,7 @@ import (
 	ioFs "io/fs"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"sync"
 	"syscall"
@@ -26,8 +27,11 @@ type FileSystemSourceProvider struct {
 	mu       sync.RWMutex
 }
 
-// ErrNotSupportedFile - error representing when a file format is not supported by KICS
-var ErrNotSupportedFile = errors.New("invalid file format")
+var (
+	queryRegexExcludeTerraCache = regexp.MustCompile(fmt.Sprintf(`^(.*?%s)?\.terra.*`, regexp.QuoteMeta(string(os.PathSeparator))))
+	// ErrNotSupportedFile - error representing when a file format is not supported by KICS
+	ErrNotSupportedFile = errors.New("invalid file format")
+)
 
 // NewFileSystemSourceProvider initializes a FileSystemSourceProvider with path and files that will be ignored
 func NewFileSystemSourceProvider(paths, excludes []string) (*FileSystemSourceProvider, error) {
@@ -231,10 +235,20 @@ func (s *FileSystemSourceProvider) checkConditions(info os.FileInfo, extensions
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	if info.IsDir() {
+		// exclude terraform cache folders
+		if queryRegexExcludeTerraCache.MatchString(path) {
+			log.Info().Msgf("Directory ignored: %s", path)
+			err := s.AddExcluded([]string{info.Name()})
+			if err != nil {
+				return true, err
+			}
+			return true, filepath.SkipDir
+		}
 		if f, ok := s.excludes[info.Name()]; ok && containsFile(f, info) {
 			log.Info().Msgf("Directory ignored: %s", path)
 			return true, filepath.SkipDir
 		}
+
 		_, err := os.Stat(filepath.Join(path, "Chart.yaml"))
 		if err != nil || resolved {
 			return true, nil

pkg/engine/provider/filesystem_test.go

@@ -277,6 +277,11 @@ func TestFileSystemSourceProvider_checkConditions(t *testing.T) {
 	}
 	infoHelm, errHelm := os.Stat(filepath.FromSlash("test/fixtures/test_helm"))
 	checkStatErr(t, errHelm)
+	infoTerraCache, errTerraCache := os.Stat(filepath.FromSlash("test/fixtures/test_terra_cache"))
+	checkStatErr(t, errTerraCache)
+	infoTerraCacheFolder, errTerraCacheFolder := os.Stat(filepath.FromSlash("test/fixtures/test_terra_cache/.terraform"))
+	checkStatErr(t, errTerraCacheFolder)
+
 	type fields struct {
 		paths    []string
 		excludes map[string][]os.FileInfo
@@ -350,6 +355,150 @@ func TestFileSystemSourceProvider_checkConditions(t *testing.T) {
 				err: filepath.SkipDir,
 			},
 		},
+		{
+			name: "check_condition_ignore_terra_cache for .terra",
+			fields: fields{
+				paths:    []string{filepath.FromSlash(".terra")},
+				excludes: nil,
+			},
+			args: args{
+				info:       infoTerraCache,
+				extensions: model.Extensions{},
+				path:       filepath.FromSlash(".terra"),
+			},
+			want: want{
+				got: true,
+				err: filepath.SkipDir,
+			},
+		},
+		{
+			name: "check_condition_ignore_terra_cache for .terraform",
+			fields: fields{
+				paths:    []string{filepath.FromSlash(".terraform")},
+				excludes: nil,
+			},
+			args: args{
+				info:       infoTerraCache,
+				extensions: model.Extensions{},
+				path:       filepath.FromSlash(".terraform"),
+			},
+			want: want{
+				got: true,
+				err: filepath.SkipDir,
+			},
+		},
+		{
+			name: "check_condition_ignore_terra_cache for .terra/lalala",
+			fields: fields{
+				paths:    []string{filepath.FromSlash(".terra/lalala")},
+				excludes: nil,
+			},
+			args: args{
+				info:       infoTerraCache,
+				extensions: model.Extensions{},
+				path:       filepath.FromSlash(".terra/lalala"),
+			},
+			want: want{
+				got: true,
+				err: filepath.SkipDir,
+			},
+		},
+		{
+			name: "check_condition_ignore_terra_cache for .terraform/lalala",
+			fields: fields{
+				paths:    []string{filepath.FromSlash(".terraform/lalala")},
+				excludes: nil,
+			},
+			args: args{
+				info:       infoTerraCache,
+				extensions: model.Extensions{},
+				path:       filepath.FromSlash(".terraform/lalala"),
+			},
+			want: want{
+				got: true,
+				err: filepath.SkipDir,
+			},
+		},
+		{
+			name: "check_condition_ignore_terra_cache for /.terra",
+			fields: fields{
+				paths:    []string{filepath.FromSlash("/.terra")},
+				excludes: nil,
+			},
+			args: args{
+				info:       infoTerraCache,
+				extensions: model.Extensions{},
+				path:       filepath.FromSlash("/.terra"),
+			},
+			want: want{
+				got: true,
+				err: filepath.SkipDir,
+			},
+		},
+		{
+			name: "check_condition_ignore_terra_cache for /.terraform",
+			fields: fields{
+				paths:    []string{filepath.FromSlash("/.terraform")},
+				excludes: nil,
+			},
+			args: args{
+				info:       infoTerraCache,
+				extensions: model.Extensions{},
+				path:       filepath.FromSlash("/.terraform"),
+			},
+			want: want{
+				got: true,
+				err: filepath.SkipDir,
+			},
+		},
+		{
+			name: "check_condition_ignore_terra_cache for /.terra/lalala",
+			fields: fields{
+				paths:    []string{filepath.FromSlash("/.terra/lalala")},
+				excludes: nil,
+			},
+			args: args{
+				info:       infoTerraCache,
+				extensions: model.Extensions{},
+				path:       filepath.FromSlash("/.terra/lalala"),
+			},
+			want: want{
+				got: true,
+				err: filepath.SkipDir,
+			},
+		},
+		{
+			name: "check_condition_ignore_terra_cache for /.terraform/lalala",
+			fields: fields{
+				paths:    []string{filepath.FromSlash("/.terraform/lalala")},
+				excludes: nil,
+			},
+			args: args{
+				info:       infoTerraCache,
+				extensions: model.Extensions{},
+				path:       filepath.FromSlash("/.terraform/lalala"),
+			},
+			want: want{
+				got: true,
+				err: filepath.SkipDir,
+			},
+		},
+		{
+			name: "should_skip_terra_cache_folder",
+			fields: fields{
+				paths:    []string{filepath.FromSlash("test/fixtures/test_terra_cache/.terraform")},
+				excludes: nil,
+			},
+			args: args{
+				info:       infoTerraCacheFolder,
+				extensions: model.Extensions{},
+				path:       filepath.FromSlash("test/fixtures/test_terra_cache/.terraform"),
+			},
+			want: want{
+				got: true,
+				err: filepath.SkipDir,
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

test/fixtures/test_terra_cache/.terraform/positive.tf

@@ -0,0 +1,8 @@
+resource "aws_security_group_rule" "positive1" {
+  type              = "ingress"
+  from_port         = 3306
+  to_port           = 3306
+  protocol          = "tcp"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.default.id
+}

test/fixtures/test_terra_cache/negative.tf

@@ -0,0 +1,9 @@
+resource "aws_security_group_rule" "negative1" {
+  type              = "ingress"
+  from_port         = 3306
+  to_port           = 3306
+  protocol          = "tcp"
+  cidr_blocks       = ["0.0.2.0/0"]
+  security_group_id = aws_security_group.default.id
+}
+