Skip to content

fix(terraform): fix broken --skip-path command line option#7543

Open
brendanator wants to merge 1 commit into
bridgecrewio:mainfrom
brendanator:fix-7290-skip-path-join-typo
Open

fix(terraform): fix broken --skip-path command line option#7543
brendanator wants to merge 1 commit into
bridgecrewio:mainfrom
brendanator:fix-7290-skip-path-join-typo

Conversation

@brendanator
Copy link
Copy Markdown

@brendanator brendanator commented May 13, 2026

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Fixes #7290 where the excluded_paths regex was always garbled, regardless of which patterns were passed via --skip-path

Here's what the code before and after does:

>>> excluded_paths = ['testdata', 'fixtures']

>>> '|'.join(f"({excluded_paths})")             # before
"(|[|'|t|e|s|t|d|a|t|a|'|,| |'|f|i|x|t|u|r|e|s|'|]|)"

>>> '|'.join(f"({p})" for p in excluded_paths)  # after
'(testdata)|(fixtures)'

The fix iterates excluded_paths so each pattern becomes its own group, which is what the surrounding code already expects.

Checklist

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

@brendanator brendanator changed the title fix(terraform): iterate excluded_paths when joining the skip regex (#… fix(terraform): iterate excluded_paths when joining the skip regex May 13, 2026
@brendanator
fix(terraform): iterate excluded_paths when joining the skip regex (b…
82fe1d5 
…ridgecrewio#7290)

`'|'.join(f"({excluded_paths})")` interpolates the *list* into the
f-string and then iterates the resulting string character-by-character,
so the compiled regex is garbled regardless of the patterns passed in.
With a single short pattern the garbled regex happened to compile and
matched paths by individual character; with multiple patterns the join
produces sequences (e.g. `*` after empty alternation) that `re.compile`
rejects with "nothing to repeat".

Change the call to iterate `excluded_paths` so each pattern becomes its
own group, which is what the surrounding code expects. Add a regression
test that fails before this change with `len(modules) == 0` (every path
matched the garbled regex) and passes after.
@brendanator brendanator force-pushed the fix-7290-skip-path-join-typo branch from eb56664 to 82fe1d5 Compare May 15, 2026 16:16
@brendanator brendanator changed the title fix(terraform): iterate excluded_paths when joining the skip regex fix(terraform): fix broken --skip-path command line option May 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

skip-path regex parsing broken

1 participant

@brendanator