From 37a5f60fd0ecac405f8b7a5074f89f7bb02dbc8f Mon Sep 17 00:00:00 2001
From: Masayoshi Mizutani <masayoshi.mizutani@dr-ubie.com>
Date: Sat, 28 Jan 2023 09:31:45 +0900
Subject: [PATCH 1/2] Add --ignore-auto-generated option

---
 cmd/goast/cli.go         | 25 +++++++++++++++++-------
 eval.go                  | 19 ++++++++++++++++++
 eval_test.go             | 42 ++++++++++++++++++++++++++++++++++++++++
 examples/autogen/main.go | 11 +++++++++++
 goast.go                 |  8 ++++++++
 5 files changed, 98 insertions(+), 7 deletions(-)
 create mode 100644 examples/autogen/main.go

diff --git a/cmd/goast/cli.go b/cmd/goast/cli.go
index 54dc402..2da9f15 100644
--- a/cmd/goast/cli.go
+++ b/cmd/goast/cli.go
@@ -175,11 +175,12 @@ func cmdSync() *cli.Command {
 
 func cmdEval() *cli.Command {
 	var (
-		policies cli.StringSlice
-		format   string
-		output   string
-		fail     bool
-		opt      inspectOptions
+		policies      cli.StringSlice
+		format        string
+		output        string
+		fail          bool
+		opt           inspectOptions
+		ignoreAutoGen bool
 	)
 
 	return &cli.Command{
@@ -213,6 +214,11 @@ func cmdEval() *cli.Command {
 				Destination: &fail,
 				Usage:       "Exit with non-zero code when detecting violation",
 			},
+			&cli.BoolFlag{
+				Name:        "ignore-auto-generated",
+				Destination: &ignoreAutoGen,
+				Usage:       "Ignore auto generated go code file",
+			},
 		}, opt.Flags()...),
 		Action: func(c *cli.Context) error {
 			files := c.Args().Slice()
@@ -250,10 +256,15 @@ func cmdEval() *cli.Command {
 				return goerr.Wrap(err)
 			}
 
-			g := goast.New(
+			goastOptions := []goast.Option{
 				goast.WithOpacClient(client),
 				goast.WithInspectOptions(opt.Options()...),
-			)
+			}
+			if ignoreAutoGen {
+				goastOptions = append(goastOptions, goast.WithIgnoreAutoGen())
+			}
+
+			g := goast.New(goastOptions...)
 
 			var failCases []*goast.Fail
 
diff --git a/eval.go b/eval.go
index 005beb3..afb5c31 100644
--- a/eval.go
+++ b/eval.go
@@ -2,9 +2,11 @@ package goast
 
 import (
 	"context"
+	"go/ast"
 	"go/parser"
 	"go/token"
 	"io"
+	"regexp"
 
 	"github.com/m-mizutani/goerr"
 )
@@ -19,6 +21,19 @@ type evalOutput struct {
 	Fail []*failCase `json:"fail"`
 }
 
+var generatedCodePattern = regexp.MustCompile(`^// Code generated .* DO NOT EDIT\.$`)
+
+func isGeneratedFile(file *ast.File) bool {
+	for _, comment := range file.Comments {
+		for _, row := range comment.List {
+			if generatedCodePattern.MatchString(row.Text) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 func (x *Goast) Eval(filePath string, r io.Reader) ([]*Fail, error) {
 	var fails []*Fail
 
@@ -49,6 +64,10 @@ func (x *Goast) Eval(filePath string, r io.Reader) ([]*Fail, error) {
 		return nil, err
 	}
 
+	if x.ignoreAutoGen && isGeneratedFile(f) {
+		return nil, nil
+	}
+
 	if err := Inspect(f, fSet, callback, x.inspectOpt...); err != nil {
 		return nil, err
 	}
diff --git a/eval_test.go b/eval_test.go
index 91ff993..f021bdc 100644
--- a/eval_test.go
+++ b/eval_test.go
@@ -57,3 +57,45 @@ func TestEval(t *testing.T) {
 	assert.Equal(t, 3, fails[0].Line)
 	assert.Equal(t, "eval_test", fails[0].Msg)
 }
+
+func TestIgnoreAutoGeneratedFile(t *testing.T) {
+	const code = `// Code generated by yo. DO NOT EDIT.
+// Package model contains the types.
+package main
+
+func Add(a, b int) int {
+	return a + b
+}
+`
+	mock := opac.NewMock(func(in any) (any, error) {
+		return &goast.EvalOutput{
+			Fail: []*goast.FailCase{
+				{
+					Msg: "always fail",
+					Pos: 15,
+				},
+			},
+		}, nil
+	})
+
+	t.Run("with ignore option", func(t *testing.T) {
+		g := goast.New(
+			goast.WithOpacClient(mock),
+			goast.WithIgnoreAutoGen(),
+		)
+
+		fails, err := g.Eval("test.go", strings.NewReader(code))
+		require.NoError(t, err)
+		assert.Len(t, fails, 0)
+	})
+
+	t.Run("without ignore option", func(t *testing.T) {
+		g := goast.New(
+			goast.WithOpacClient(mock),
+		)
+
+		fails, err := g.Eval("test.go", strings.NewReader(code))
+		require.NoError(t, err)
+		assert.Greater(t, len(fails), 0)
+	})
+}
diff --git a/examples/autogen/main.go b/examples/autogen/main.go
new file mode 100644
index 0000000..11ace48
--- /dev/null
+++ b/examples/autogen/main.go
@@ -0,0 +1,11 @@
+// Code generated by yo. DO NOT EDIT.
+// Package model contains the types.
+package main
+
+import (
+	"fmt"
+)
+
+func main() {
+	fmt.Println("this should be detected as violation")
+}
diff --git a/goast.go b/goast.go
index b867973..a2efbba 100644
--- a/goast.go
+++ b/goast.go
@@ -18,6 +18,8 @@ type Goast struct {
 
 	dumpCompact bool
 	dumpHook    DumpHook
+
+	ignoreAutoGen bool
 }
 
 type Option func(g *Goast)
@@ -61,3 +63,9 @@ func WithCompact(enable bool) Option {
 		g.dumpCompact = enable
 	}
 }
+
+func WithIgnoreAutoGen() Option {
+	return func(g *Goast) {
+		g.ignoreAutoGen = true
+	}
+}

From 43364c21de515c571d524a6d7bc49acf806ea864 Mon Sep 17 00:00:00 2001
From: Masayoshi Mizutani <masayoshi.mizutani@dr-ubie.com>
Date: Sat, 28 Jan 2023 09:46:37 +0900
Subject: [PATCH 2/2] Fix CVE-2022-32149

---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index c03348d..859e480 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.18
 require (
 	github.com/fatih/color v1.13.0
 	github.com/m-mizutani/goerr v0.1.7
-	github.com/m-mizutani/opac v0.1.2-0.20220911011947-30fd33506a09
+	github.com/m-mizutani/opac v0.1.1
 	github.com/m-mizutani/zlog v0.3.2
 	github.com/reviewdog/reviewdog v0.14.1
 	github.com/stretchr/testify v1.8.0
@@ -25,7 +25,7 @@ require (
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
 	github.com/k0kubun/pp/v3 v3.1.0 // indirect
-	github.com/kr/pretty v0.1.0 // indirect
+	github.com/kr/pretty v0.2.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.16 // indirect
 	github.com/open-policy-agent/opa v0.44.0 // indirect
@@ -39,7 +39,7 @@ require (
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	github.com/yashtewari/glob-intersection v0.1.0 // indirect
 	golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/text v0.6.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 6e72219..267c95d 100644
--- a/go.sum
+++ b/go.sum
@@ -49,15 +49,15 @@ github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q
 github.com/k0kubun/pp/v3 v3.1.0 h1:ifxtqJkRZhw3h554/z/8zm6AAbyO4LLKDlA5eV+9O8Q=
 github.com/k0kubun/pp/v3 v3.1.0/go.mod h1:vIrP5CF0n78pKHm2Ku6GVerpZBJvscg48WepUYEk2gw=
 github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/m-mizutani/goerr v0.1.7 h1:T0k3nUVQPBXkLrhE+ZmzJP87KVa9Eb6PAWPVSO6bRYU=
 github.com/m-mizutani/goerr v0.1.7/go.mod h1:fQkXuu06q+oLlp4FkbiTFzI/N/+WAK/Mz1W5kPZ6yzs=
-github.com/m-mizutani/opac v0.1.2-0.20220911011947-30fd33506a09 h1:LXIbVjhcYSJP0wkLdiXDOZ7gjDWxIfp/FWidqN8jhQo=
-github.com/m-mizutani/opac v0.1.2-0.20220911011947-30fd33506a09/go.mod h1:XLr1rba7h2qEUmOpVb1DKwOV1w3UvZP4q/zJWKtO1z0=
+github.com/m-mizutani/opac v0.1.1 h1:zKveASkRSjJCbLVyCp0GRxZ1Gj4/Oq0T8kKWZO+7Ku0=
+github.com/m-mizutani/opac v0.1.1/go.mod h1:Y0XcaGkXMCtwsxlCeAw3S77EAvn/tjF85LrbPdcPeB8=
 github.com/m-mizutani/zlog v0.3.2 h1:gdtvmISolbikEt+9ZfP/WGOlzePQOYUWFisI+ZolUtQ=
 github.com/m-mizutani/zlog v0.3.2/go.mod h1:GxFJcc4bguQJIHXYOOBF16Of2+SIrPGlZ5JkdOECzyE=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@@ -113,8 +113,8 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2 h1:wM1k/lXfpc5HdkJJyW9GELpd8ERGdnh8sMGL6Gzq3Ho=
 golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
+golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=