feat(misconf): Add support for skip-dirs and skip-files misconf scanning

[simar7]

Description

Add support for skip-dirs and skip-files in post misconf scanning reports.

Related issues

• Close fix(misconf): directory filtering after scanning #7220

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[knqyf263]

On second thoughts, it may be better to filter before scanning.

First, other file paths are skipped before scanning, and the scan is not performed at all.

trivy/pkg/fanal/walker/fs.go

Line 62 in 8016b82

case SkipPath(relPath, opt.SkipFiles):

However, only files outside the root will be processed differently, leading to inconsistent results. For example, skipped files are not considered "ignored" now.

trivy/pkg/result/filter.go

Lines 127 to 130 in 01e8a4f

	log.Debug("skipping path based on glob match", log.String("file", filename))
	result.MisconfSummary.Exceptions++
	result.ModifiedFindings = append(result.ModifiedFindings,
	types.NewModifiedFinding(misconf, types.FindingStatusIgnored, fmt.Sprintf("skipped due to glob match: %s", skips), "trivy cli args"))

Secondly, if heavy processing is involved, unnecessary files are scanned, which worsens the execution time. Therefore, we are now making changes elsewhere to make the specific filtering happen before scanning.
#7484

I've not tested, but can't we do something like this?

diff --git a/pkg/mapfs/fs.go b/pkg/mapfs/fs.go
index 4cba59263..1dc057db7 100644
--- a/pkg/mapfs/fs.go
+++ b/pkg/mapfs/fs.go
@@ -12,6 +12,7 @@ import (

        "golang.org/x/xerrors"

+       "github.com/aquasecurity/trivy/pkg/fanal/walker"
        xsync "github.com/aquasecurity/trivy/pkg/x/sync"
 )

@@ -35,6 +36,8 @@ type FS struct {
        // In other words, although mapfs.Open("../foo") would normally result in an error, if this option is enabled,
        // it will be executed as os.Open(filepath.Join(underlyingRoot, "../foo")).
        underlyingRoot string
+
+       skipPaths []string
 }

 type Option func(*FS)
@@ -145,6 +148,9 @@ func (m *FS) Stat(name string) (fs.FileInfo, error) {
 // ReadDir reads the named directory
 // and returns a list of directory entries sorted by filename.
 func (m *FS) ReadDir(name string) ([]fs.DirEntry, error) {
+       if m.skipPath(name) {
+               return nil, fs.SkipDir
+       }
        if strings.HasPrefix(name, "../") && m.underlyingRoot != "" {
                return os.ReadDir(filepath.Join(m.underlyingRoot, name))
        }
@@ -233,6 +239,13 @@ func (m *FS) RemoveAll(path string) error {
        return m.root.RemoveAll(cleanPath(path))
 }

+func (m *FS) skipPath(path string) bool {
+       if strings.HasPrefix(path, "../") && m.underlyingRoot != "" {
+               path = filepath.Join(m.underlyingRoot, path)
+       }
+       return walker.SkipPath(path, m.skipPaths)
+}
+
 func cleanPath(path string) string {
        // Convert the volume name like 'C:' into dir like 'C\'
        if vol := filepath.VolumeName(path); vol != "" {