fix: deal with various dirs

Author: samrose

nix/packages/cis-audit/scanner/cmd/cis-generate-spec/main.go

@@ -98,6 +98,7 @@ func run(cmd *cobra.Command, args []string) error {
 		IncludeProcesses: includeProcess,
 		ShallowDirs:      shallowDirs,
 		ShallowDepth:     shallowDepth,
+		ShallowDepthSet:  cmd.Flags().Changed("shallow-depth"),
 	}
 	cfg, err := config.Load(configFile, cliOpts)
 	if err != nil {

nix/packages/cis-audit/scanner/internal/config/loader.go

@@ -57,7 +57,11 @@ type CLIOptions struct {
 	ShallowDirs []string
 
 	// ShallowDepth controls recursion depth in shallow directories (from CLI)
+	// Use -1 to indicate "not set" (will use default), 0+ for explicit depth
 	ShallowDepth int
+
+	// ShallowDepthSet indicates whether ShallowDepth was explicitly set via CLI
+	ShallowDepthSet bool
 }
 
 // Load reads configuration from defaults, optional config file, and CLI options.
@@ -105,12 +109,11 @@ func Load(configPath string, opts CLIOptions) (*Config, error) {
 	}
 
 	// Set shallow depth from CLI (overrides config file and defaults)
-	if opts.ShallowDepth > 0 {
+	// ShallowDepthSet allows explicit 0 to be distinguished from "not set"
+	if opts.ShallowDepthSet {
 		cfg.ShallowDepth = opts.ShallowDepth
-	}
-
-	// Default shallow depth to 1 if not set
-	if cfg.ShallowDepth == 0 {
+	} else if cfg.ShallowDepth == 0 {
+		// Default shallow depth to 1 only if not explicitly set
 		cfg.ShallowDepth = 1
 	}
 

nix/packages/cis-audit/scanner/internal/scanners/files.go

@@ -74,9 +74,9 @@ func (s *FileScanner) Scan(ctx context.Context, opts ScanOptions) (ScanStats, er
 		}
 
 		// Handle shallow directories - limit recursion depth
-		if d != nil && d.IsDir() {
-			depth := cfg.GetShallowDirDepth(path)
-			if depth >= 0 {
+		depth := cfg.GetShallowDirDepth(path)
+		if depth >= 0 {
+			if d != nil && d.IsDir() {
 				if depth == 0 && cfg.ShallowDepth == 0 {
 					// Depth 0 means capture this directory entry but don't recurse into it
 					info, err := d.Info()
@@ -95,6 +95,12 @@ func (s *FileScanner) Scan(ctx context.Context, opts ScanOptions) (ScanStats, er
 					opts.Logger.Debug("Skipping directory beyond shallow depth", "path", path, "depth", depth, "max_depth", cfg.ShallowDepth)
 					return filepath.SkipDir
 				}
+			} else if d != nil && d.Type().IsRegular() {
+				// For files inside shallow dirs, skip if at or beyond shallow depth
+				if depth > cfg.ShallowDepth {
+					opts.Logger.Debug("Skipping file beyond shallow depth", "path", path, "depth", depth, "max_depth", cfg.ShallowDepth)
+					return nil
+				}
 			}
 		}