From 315ef95a17ce2f8a8217f06877b99d1aa4ea93e8 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@yossarian.net>
Date: Tue, 11 Feb 2025 21:11:31 -0500
Subject: [PATCH] feat: relax ignore comment regex (#531)

* feat: relax ignore comment regex

We now allow trailing comments after the ignore rule list,
which is useful for self-documenting ignores.

Closes #513.

* docs: record changes
---
 docs/release-notes.md |  2 ++
 docs/usage.md         |  6 ++++++
 src/finding/mod.rs    | 10 +++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes.md b/docs/release-notes.md
index ff99e6c5..3d6d5762 100644
--- a/docs/release-notes.md
+++ b/docs/release-notes.md
@@ -13,6 +13,8 @@ of `zizmor`.
 
 * SARIF outputs are now slightly more aligned with GitHub Code Scanning
   expectations (#528)
+* `# zizmor: ignore[rule]` comments can now have trailing explanations,
+  e.g. `# zizmor: ignore[rule] because reasons` (#531)
 
 ## v1.3.1
 
diff --git a/docs/usage.md b/docs/usage.md
index 0b82ab3b..fb64c03b 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -287,6 +287,12 @@ For example, to ignore a single `artipacked` finding:
 uses: actions/checkout@v3 # zizmor: ignore[artipacked]
 ```
 
+Ignore comments can also have a trailing explanation:
+
+```yaml title="example.yml"
+uses: actions/checkout@v3 # zizmor: ignore[artipacked] this is actually fine
+```
+
 ### With `zizmor.yml`
 
 When ignoring multiple findings (or entire files), a `zizmor.yml` configuration
diff --git a/src/finding/mod.rs b/src/finding/mod.rs
index 326ff298..3cb869c4 100644
--- a/src/finding/mod.rs
+++ b/src/finding/mod.rs
@@ -282,7 +282,7 @@ impl From<&yamlpath::Location> for ConcreteLocation {
 static ANY_COMMENT: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"#.*$").unwrap());
 
 static IGNORE_EXPR: LazyLock<Regex> =
-    LazyLock::new(|| Regex::new(r"# zizmor: ignore\[(.+)\]\s*$").unwrap());
+    LazyLock::new(|| Regex::new(r"# zizmor: ignore\[(.+)\](?:\s+.*)?$").unwrap());
 
 /// Represents a single source comment.
 #[derive(Debug, Serialize)]
@@ -510,6 +510,14 @@ mod tests {
             ("# zizmor: ignore[foo, bar,   foo-bar]", "foo-bar", true),
             // Extra commas and duplicates are nonsense but OK.
             ("# zizmor: ignore[foo,foo,,foo,,,,foo,]", "foo", true),
+            // Trailing content with a space is OK.
+            ("# zizmor: ignore[foo] some other stuff", "foo", true),
+            // Trailing spaces are OK.
+            ("# zizmor: ignore[foo] ", "foo", true),
+            ("# zizmor: ignore[foo]  ", "foo", true),
+            ("# zizmor: ignore[foo]   ", "foo", true),
+            // Trailing content without a space is not OK.
+            ("# zizmor: ignore[foo]some other stuff", "foo", false),
             // Valid ignore, but not a match.
             ("# zizmor: ignore[foo,bar]", "baz", false),
             // Invalid ignore: empty rule list.