fix: match bare-function middleware values in gin/echo rule

[boorad]

Summary

• Extend go-gin-auth-middleware to match bare function-value middleware (r.Use(AuthRequired)) in addition to the factory form (r.Use(AuthRequired())).
• Add an alternation in the arguments: clause so either a call_expression or a bare identifier / selector_expression is accepted; the existing auth-flavored regex applies to whichever form appears.
• Confidence stays medium — the fn-name regex (AuthRequired, JWTAuth, RequireAuth, …) is specific enough that accepting bare identifiers does not meaningfully widen FP risk.
• Add positive tests for r.Use(AuthRequired) and r.Use(m.RequireAuth), plus a negative test for r.Use(Logger).

Closes #31.

Test plan

• cargo run -- rules test — 206 passed (was 203; three new cases added)
• cargo fmt
• cargo clippy -- -D warnings
• cargo test

Summary by CodeRabbit

• Bug Fixes
  • Enhanced the Go/Gin auth middleware detection rule to recognize middleware patterns in additional contexts, now matching both function calls and bare function references.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 741b5546-6e3c-4b57-a4a5-7dda2daa7fdc

📥 Commits

Reviewing files that changed from the base of the PR and between a859312 and b952745.

📒 Files selected for processing (1)

• rules/go/gin-auth-middleware.toml

---

📝 Walkthrough

Walkthrough

The go-gin-auth-middleware rule's query pattern is expanded to match authentication middleware passed to r.Use() in both call-expression form (AuthRequired()) and bare-function-value form (AuthRequired). Test cases validate both positive matches and a negative case for non-auth bare functions.

Changes

Middleware Argument Pattern Expansion

Layer / File(s)	Summary
Query Pattern rules/go/gin-auth-middleware.toml (lines 6–32)	query is updated to accept either a call_expression (existing) or a bare identifier/selector_expression (new) as the middleware argument to <router>.Use(...), with auth-flavored regex applied to both forms. Inline commentary is refreshed to reflect expanded coverage.
Positive Test Cases rules/go/gin-auth-middleware.toml (lines 101–123)	Two new test cases: r.Use(AuthRequired) and r.Use(m.RequireAuth) (bare identifiers/selectors) are asserted to match with expect_match = true.
Negative Test Case rules/go/gin-auth-middleware.toml (lines 124–132)	New negative test confirms r.Use(Logger) (non-auth bare identifier) does not match, validating that the expanded pattern remains auth-specific.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

A rabbit hops through middlewares two:
Some call with (), some bare and true,
Both forms now caught by pattern's gleam,
One rule to match each auth-flavored dream! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: match bare-function middleware values in gin/echo rule' accurately and specifically describes the main change: extending the gin-auth-middleware rule to match bare function values in addition to factory-form middleware.
Linked Issues check	✅ Passed	The PR fully addresses all four acceptance criteria from issue #31: captures r.Use(AuthRequired) and r.Use(m.RequireAuth), includes negative test for r.Use(Logger), and adds TOML test cases for both bare-function forms.
Out of Scope Changes check	✅ Passed	All changes are scoped to the gin-auth-middleware rule's matching logic and tests; no extraneous modifications are present and changes directly address the linked issue requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Review rate limit: 4/5 reviews remaining, refill in 12 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[amazon-q-developer]

The changes correctly extend the rule to match both factory-form middleware (r.Use(AuthRequired())) and bare function-value middleware (r.Use(AuthRequired)). The tree-sitter query alternation is properly structured, test coverage is appropriate, and documentation accurately reflects the new behavior. No blocking issues identified.

---

You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.