bug(cli): Don't error out on empty trivy config yaml file

[simar7]

We should handle empty trivy config yaml files more gracefully.

$ touch invalid-file.yaml
$ ./trivy config --ignorefile ./invalid-file.yaml  /tmp
2024-11-01T16:15:15-06:00       INFO    [misconfig] Misconfiguration scanning is enabled
2024-11-01T16:15:15-06:00       INFO    Detected config files   num=0
2024-11-01T16:15:15-06:00       FATAL   Fatal error     filter error: filtering error: ./invalid-file.yaml error: ./invalid-file.yaml parse error: yaml decode error: EOF

Originally posted by @EdKingscote in #7856 (comment)

[itaysk]

small nit but this should be either a bug or a feature

[simar7]

small nit but this should be either a bug or a feature

You're right. Since empty YAML files are technically valid YAML, this is a bug fix. I've updated the title.

[knqyf263]

If an empty file is a valid YAML, IMO, the YAML library should not return an error. Then, I found this issue.
go-yaml/yaml#805

I still feel like Decode should work in the same way as Unmarshal, but if that is the decision in the library, we may want to change it to Unmarshal here to work it around.

trivy/pkg/result/ignore.go

Line 231 in 46f1139

if err = yaml.NewDecoder(f).Decode(&ignoreConfig); err != nil {

[simar7]

If an empty file is a valid YAML, IMO, the YAML library should not return an error. Then, I found this issue. go-yaml/yaml#805

I still feel like Decode should work in the same way as Unmarshal, but if that is the decision in the library, we may want to change it to Unmarshal here to work it around.

trivy/pkg/result/ignore.go

Line 231 in 46f1139

if err = yaml.NewDecoder(f).Decode(&ignoreConfig); err != nil {

Yes, I also observed that but I thought I was doing something wrong as I didn't find the issue you linked.

But I agree, in theory the two methods should behave the same. I've updated the PR for now to use Unmarshal.