Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Allow comments behind # zizmor ignore to explain why #513

Open
2 tasks done
MarcHagen opened this issue Feb 4, 2025 · 1 comment
Open
2 tasks done

Feature: Allow comments behind # zizmor ignore to explain why #513

MarcHagen opened this issue Feb 4, 2025 · 1 comment
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@MarcHagen
Copy link

MarcHagen commented Feb 4, 2025
edited
Loading

Pre-submission checks

  • I am not reporting a bug (crash, false positive/negative, etc). These must be filed via the bug report template.
  • I have looked through the open issues for a duplicate request.

What's the problem this feature will solve?

We currently can add # zizmor: ignore to specific lines in the Yaml except it will not allow any more words/comments behind it.
We have some details on why some permissions are what they are:

permissions:
  contents: read  # to fetch code (actions/checkout)
  issues: read # for enricoMi/publish-unit-test-result-action
  checks: write # for enricoMi/publish-unit-test-result-action

Adding those comments behind the # zizmor: ignore would give more context and yet still allow ignore of specific parts.

I've I am missing something please let me know how to do it in other ways.

Describe the solution you'd like

Allowing extra comments behind # zizmor: ignore

permissions:
  checks: write # zizmor: ignore[excessive-permissions] for enricoMi/publish-unit-test-result-action

Additional context

Im not the best in Rust or Regex but simple change would allow extra comments:

zizmor/src/finding/mod.rs

Line 285 in 1311239

LazyLock::new(|| Regex::new(r"# zizmor: ignore\[(.+)\]\s*$").unwrap()); 

index b9a3b6b..3833c8a 100644
--- a/src/finding/mod.rs
+++ b/src/finding/mod.rs
@@ -282,7 +282,7 @@ impl From<&yamlpath::Location> for ConcreteLocation {
 static ANY_COMMENT: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"#.*$").unwrap());

 static IGNORE_EXPR: LazyLock<Regex> =
-    LazyLock::new(|| Regex::new(r"# zizmor: ignore\[(.+)\]\s*$").unwrap());
+    LazyLock::new(|| Regex::new(r"# zizmor: ignore\[(.+)\]\s.*$").unwrap());

 /// Represents a single source comment.
 #[derive(Debug, Serialize)]

UNTESTED ! as in regex will work but not tested it with that change sorry
@MarcHagen MarcHagen added the enhancement New feature or request label Feb 4, 2025
@woodruffw
Copy link
Owner

Hi @MarcHagen, thanks for the request!

Yeah, I agree we should relax the comment check here, to allow these kinds of trailing explanations. If you could send your proposed change as a PR I'd appreciate it! There should also be some pre-existing tests that should be easy to extend with some new cases.

@woodruffw woodruffw added help wanted Extra attention is needed good first issue Good for newcomers labels Feb 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarcHagen @woodruffw