`skip-path` regex parsing broken

[KOliver94]

Describe the issue
After upgrading to Checkov v3.2.449 or above, regex patterns in skip-path that contain character classes ([]) no longer work.
This used to work fine in previous versions.

Examples

1. Create .checkov.yml with the following:

skip-path:
  - charts/[a-z0-9-]+/charts/.*
  - charts\\[a-z0-9-]+\\charts\\.*

2. Run checkov -d .

Exception Trace

2025-09-07 15:51:15,900 [MainThread  ] [ERROR]  Exception traceback:
Traceback (most recent call last):
  File "C:\Development\helm\venv\Lib\site-packages\checkov\main.py", line 532, in run
    self.scan_reports = runner_registry.run(
                        ~~~~~~~~~~~~~~~~~~~^
        root_folder=root_folder,
        ^^^^^^^^^^^^^^^^^^^^^^^^
        external_checks_dir=external_checks_dir,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        files=file,
        ^^^^^^^^^^^
    )
    ^
  File "C:\Development\helm\venv\Lib\site-packages\checkov\common\runners\runner_registry.py", line 177, in run
    for result in parallel_runner_results:
                  ^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python313\Lib\concurrent\futures\_base.py", line 619, in result_iterator
    yield _result_or_cancel(fs.pop())
          ~~~~~~~~~~~~~~~~~^^^^^^^^^^
  File "C:\Program Files\Python313\Lib\concurrent\futures\_base.py", line 317, in _result_or_cancel
    return fut.result(timeout)
           ~~~~~~~~~~^^^^^^^^^
  File "C:\Program Files\Python313\Lib\concurrent\futures\_base.py", line 449, in result
    return self.__get_result()
           ~~~~~~~~~~~~~~~~~^^
  File "C:\Program Files\Python313\Lib\concurrent\futures\_base.py", line 401, in __get_result
    raise self._exception
  File "C:\Program Files\Python313\Lib\concurrent\futures\thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
  File "C:\Development\helm\venv\Lib\site-packages\checkov\common\runners\runner_registry.py", line 839, in _parallel_run
    report = runner.run(
        root_folder=root_folder,
    ...<3 lines>...
        collect_skip_comments=collect_skip_comments,
    )
  File "C:\Development\helm\venv\Lib\site-packages\checkov\terraform\runner.py", line 98, in run
    single_graph, self.definitions = self.graph_manager.build_graph_from_source_directory(
                                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
        source_dir=root_folder,
        ^^^^^^^^^^^^^^^^^^^^^^^
    ...<5 lines>...
        vars_files=runner_filter.var_files,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "C:\Development\helm\venv\Lib\site-packages\checkov\terraform\graph_manager.py", line 72, in build_graph_from_source_directory
    module, tf_definitions = self.parser.parse_hcl_module(
                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
        source_dir=source_dir,
        ^^^^^^^^^^^^^^^^^^^^^^
    ...<6 lines>...
        external_modules_content_cache=kwargs.get('external_modules_content_cache', None)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "C:\Development\helm\venv\Lib\site-packages\checkov\terraform\tf_parser.py", line 324, in parse_hcl_module
    tf_definitions = self.parse_directory(
        directory=source_dir, out_evaluations_context={},
    ...<3 lines>...
        vars_files=vars_files, external_modules_content_cache=external_modules_content_cache
    )
  File "C:\Development\helm\venv\Lib\site-packages\checkov\terraform\tf_parser.py", line 99, in parse_directory
    load_tf_modules(directory, loaded_files_cache=self.loaded_files_map, parsing_errors=self.out_parsing_errors, excluded_paths=self.excluded_paths)
    ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Development\helm\venv\Lib\site-packages\checkov\terraform\module_loading\module_finder.py", line 112, in load_tf_modules
    modules_to_load = find_modules(path, loaded_files_cache=loaded_files_cache, parsing_errors=parsing_errors, excluded_paths=excluded_paths)
  File "C:\Development\helm\venv\Lib\site-packages\checkov\terraform\module_loading\module_finder.py", line 63, in find_modules
    excluded_paths_regex = re.compile('|'.join(f"({excluded_paths})")) if excluded_paths else None
                           ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python313\Lib\re\__init__.py", line 289, in compile
    return _compile(pattern, flags)
  File "C:\Program Files\Python313\Lib\re\__init__.py", line 350, in _compile
    p = _compiler.compile(pattern, flags)
  File "C:\Program Files\Python313\Lib\re\_compiler.py", line 743, in compile
    p = _parser.parse(p, flags)
  File "C:\Program Files\Python313\Lib\re\_parser.py", line 980, in parse
    p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
  File "C:\Program Files\Python313\Lib\re\_parser.py", line 459, in _parse_sub
    itemsappend(_parse(source, state, verbose, nested + 1,
                ~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                       not nested and not items))
                       ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python313\Lib\re\_parser.py", line 863, in _parse
    p = _parse_sub(source, state, sub_verbose, nested + 1)
  File "C:\Program Files\Python313\Lib\re\_parser.py", line 459, in _parse_sub
    itemsappend(_parse(source, state, verbose, nested + 1,
                ~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                       not nested and not items))
                       ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python313\Lib\re\_parser.py", line 686, in _parse
    raise source.error("nothing to repeat",
                       source.tell() - here + len(this))
re.PatternError: nothing to repeat at position 38

Desktop (please complete the following information):

• OS: Windows 11 Pro (22000.2538)
• Checkov Version: 3.2.449+

Additional context
Workaround:
Only a simplified regex without [] works now:

skip-path:
  - charts/.+/charts/.*
  - charts\\.+\\charts\\.*

Last working version: 3.2.447

[eliviatar]

@KOliver94 Thanks for bringing up this issue.
We’re waiting for the changes by @quixoticmonk to pass the tests, after which we can move forward with this issue.