secrets scanning engine does not ignore mounted files

[pna-nca]

Environment Platform: Rancher Kubernetes/Platform Version(s): Rancher 2.7.6 / RKE1 / Kubernetes v1.25.9

Describe the bug Secrets scanning engine of NeuVector does not scan secrets in mounted directories. See the following reference: https://github.com/neuvector/neuvector/blob/52d1ad6027b37ecdb53785c12fa62a896b9777b5/share/scan/secrets/secrets.go#L660

However, a deployment may mount a file containing secrets as a file. This should not trigger a finding. The secret data in this case is handled by the upper layer (for instance, by SealedSecrets).

Here is an example of mounted entity (/proc/mounts):

$ cat /proc/mounts | grep configdata
tmpfs /configdata/config/properties-custom.yaml tmpfs ro,relatime,size=458752k,inode64 0 0

To Reproduce Create a deployment with secrets mounted as files to a container, like in the following excerpt:

apiVersion: v1
kind: Pod
...
spec:
  containers:
    - image: >-
...
      volumeMounts:
        - mountPath: /configdata/config/properties-custom.yaml
          name: secretfile
          subPath: properties-custom.yaml
...
volumes:
...
    - name: secretfile
      secret:
        defaultMode: 420
        items:
          - key: properties-custom.yaml
            path: properties-custom.yaml
        secretName: secretfile
...

Expected behavior Configuration files with secrets which are mounted are not reported by secrets scanning engine of NeuVector.

Screenshots N/A

UI Issue N/A

Additional context N/A

[venkateshjayagopal]

This has been tested internally. With v5.3.0, the mounted secrets are not scanned.