fix: regex issue on the skip path

checkov/terraform/module_loading/module_finder.py

@@ -60,7 +60,14 @@ def find_modules(path: str, loaded_files_cache: Optional[Dict[str, Any]] = None,
     if parsing_errors is None:
         parsing_errors = {}
 
-    excluded_paths_regex = re.compile('|'.join(f"({excluded_paths})")) if excluded_paths else None
+    excluded_paths_compiled = []
+    if excluded_paths:
+        for path in excluded_paths:
+            try:
+                excluded_paths_compiled.append(re.compile(path))
+            except re.error:
+                # Skip invalid regex patterns
+                continue
     for root, _, full_file_names in os.walk(path):
         for file_name in full_file_names:
             if not file_name.endswith(".tf"):
@@ -69,7 +76,7 @@ def find_modules(path: str, loaded_files_cache: Optional[Dict[str, Any]] = None,
                 # don't scan the modules folder used by Terraform
                 continue
             file_path = os.path.join(root, file_name)
-            if excluded_paths_regex and excluded_paths_regex.search(file_path):
+            if any(pattern.search(file_path) for pattern in excluded_paths_compiled):
                 continue
 
             data = load_or_die_quietly(file_path, parsing_errors)

tests/terraform/module_loading/test_tf_module_finder.py

@@ -2,6 +2,7 @@
 import shutil
 import unittest
 import logging
+import tempfile
 from pathlib import Path
 from unittest import mock
 
@@ -48,6 +49,44 @@ def test_module_finder_nested_blocks(self):
         self.assertEqual(1, len(modules))
         self.assertEqual("3.14.0", modules[0].version)
 
+    def test_excluded_paths_regex_with_character_classes(self):
+        """Test that excluded_paths with regex character classes work correctly (issue #7290)"""
+        with tempfile.TemporaryDirectory() as temp_dir:
+            # Create test directory structure
+            charts_dir = os.path.join(temp_dir, "charts", "app-123", "charts")
+            os.makedirs(charts_dir, exist_ok=True)
+
+            # Create terraform files
+            with open(os.path.join(charts_dir, "main.tf"), 'w') as f:
+                f.write('module "test" { source = "terraform-aws-modules/vpc/aws" }')
+            with open(os.path.join(temp_dir, "main.tf"), 'w') as f:
+                f.write('module "included" { source = "terraform-aws-modules/s3-bucket/aws" }')
+
+            # Test with character class regex pattern that caused the original issue
+            excluded_paths = [r"charts/[a-z0-9-]+/charts/.*"]
+
+            # This should not raise a regex compilation error
+            modules = find_modules(temp_dir, excluded_paths=excluded_paths)
+
+            # Should find only the included module, not the excluded one
+            self.assertEqual(1, len(modules))
+
+    def test_excluded_paths_invalid_regex_handling(self):
+        """Test that invalid regex patterns in excluded_paths are handled gracefully (issue #7290)"""
+        with tempfile.TemporaryDirectory() as temp_dir:
+            # Create terraform file
+            with open(os.path.join(temp_dir, "main.tf"), 'w') as f:
+                f.write('module "test" { source = "terraform-aws-modules/vpc/aws" }')
+
+            # Test with invalid regex pattern (backslash escapes that don't work)
+            excluded_paths = [r"charts\[a-z0-9-]+\charts\.*"]
+
+            # This should not raise a regex compilation error, just skip the invalid pattern
+            modules = find_modules(temp_dir, excluded_paths=excluded_paths)
+
+            # Should still find the module since the invalid pattern is ignored
+            self.assertEqual(1, len(modules))
+
     def test_downloader(self):
         modules = find_modules(self.get_src_dir())