securesauce · MVrachev · Jan 10, 2019 · Dec 19, 2018
diff --git a/cache.js b/cache.js
@@ -8,46 +8,32 @@ const path = require('path')
  * Get the cache path for this PR branch tag
  * @param {number} repoID repository identifier
  * @param {number} prID pull request identifier
- * @param {string} branchTag branch name
  * @param {string} app Optional: an app that calls the function. (default bandit)
  * It's needed because gosec uses GOPATH.
  */
-function getBranchPath (repoID, prID, branchTag, app) {
+function getBranchPath (repoID, prID, app) {
   app = app || 'bandit'
   if (app === 'bandit') {
-    return path.join('cache', repoID.toString(), prID.toString(), branchTag)
+    return path.join('cache', repoID.toString(), prID.toString())
   } else if (app === 'gosec') {
     return path.join('cache/go/src', repoID.toString(), prID.toString())
   }
 }
 
-/**
- * Check whether the cache directory for this branch exists
- * @param {number} repoID repository identifier
- * @param {number} prID pull request identifier
- * @param {string} branchTag branch name
- */
-function branchPathExists (repoID, prID, branchTag) {
-  return fs.existsSync(getBranchPath(repoID, prID, branchTag))
-}
-
 /**
  * Save a file to local PR cache, distinguish by revision
  * @param {number} repoID unique repository identifier
  * @param {number} prID unique pull request identifier
- * @param {string} branchTag a tag to identify the current file revision
  * @param {string} filePath relative file path
  * @param {any} data file data
  * @param {string} fileType Optional: file type so it knows where to save the file (default python)
  * It's needed because go files should be in the GOPATH.
  */
-function saveFileToPRCache (repoID, prID, branchTag, filePath, data, fileType) {
+function saveFileToPRCache (repoID, prID, filePath, data, fileType) {
   fileType = fileType || 'python'
-  if (fileType === 'go') {
-    writeFileCreateDirs(path.join('cache/go/src', repoID.toString(), prID.toString(), filePath), data)
-  } else if (fileType === 'python') {
-    writeFileCreateDirs(path.join('cache', repoID.toString(), prID.toString(), branchTag, filePath), data)
-  }
+  const appTag = (fileType === 'go') ? 'gosec' : 'bandit'
+  const dir = getBranchPath(repoID, prID, appTag)
+  writeFileCreateDirs(path.join(dir, filePath), data)
 }
 
 /**
@@ -56,8 +42,8 @@ function saveFileToPRCache (repoID, prID, branchTag, filePath, data, fileType) {
  * @param {number} prID pull request identifier
  */
 function clearPRCache (repoID, prID) {
-  fs.removeSync(path.join('cache', repoID.toString(), prID.toString()))
-  fs.removeSync(path.join('cache/go/src', repoID.toString(), prID.toString()))
+  fs.removeSync(getBranchPath(repoID, prID, 'bandit'))
+  fs.removeSync(getBranchPath(repoID, prID, 'gosec'))
 }
 
 /**
@@ -71,6 +57,5 @@ function writeFileCreateDirs (filePath, data) {
 }
 
 module.exports.getBranchPath = getBranchPath
-module.exports.branchPathExists = branchPathExists
 module.exports.saveFile = saveFileToPRCache
 module.exports.clear = clearPRCache
diff --git a/config.js b/config.js
@@ -3,7 +3,6 @@
 
 const config = {
   cleanupAfterRun: true,
-  compareAgainstBaseline: false,
   fileExtensions: ['.py', '.pyw', '.go'],
   checkRunName: 'Precaution',
   noIssuesResultTitle: 'No issues found',

diff --git a/index.js b/index.js
@@ -78,22 +78,13 @@ async function runLinterFromPRData (pullRequests, context, headSha) {
 
     // For now only deal with one PR
     const PR = pullRequests[0]
-
     const inputFiles = resolvedPRs[0]
 
-    let banditResults
-    // Only run baseline scan if the directory exists (spawn will crash if working directory doesn't exist)
-    if (config.compareAgainstBaseline && cache.branchPathExists(repoID, PR.id, 'base')) {
-      const baselineFile = '../baseline.json'
-      await runBandit(cache.getBranchPath(repoID, PR.id, 'base'), inputFiles, { reportFile: baselineFile })
-      banditResults = await runBandit(cache.getBranchPath(repoID, PR.id, 'head'), inputFiles, { baselineFile })
-    } else {
-      banditResults = await runBandit(cache.getBranchPath(repoID, PR.id, 'head'), inputFiles)
-    }
-    const banditReport = generateBanditReport(banditResults, cache.getBranchPath(repoID, PR.id, 'head', 'bandit'))
+    const banditResults = await runBandit(cache.getBranchPath(repoID, PR.id, 'bandit'), inputFiles)
+    const banditReport = generateBanditReport(banditResults, cache.getBranchPath(repoID, PR.id, 'bandit'))
 
-    const gosecResults = await runGosec(cache.getBranchPath(repoID, PR.id, 'head', 'gosec'), inputFiles)
-    const gosecReport = generateGosecReport(gosecResults, path.resolve(cache.getBranchPath(repoID, PR.id, 'head', 'gosec')))
+    const gosecResults = await runGosec(cache.getBranchPath(repoID, PR.id, 'gosec'), inputFiles)
+    const gosecReport = generateGosecReport(gosecResults, path.resolve(cache.getBranchPath(repoID, PR.id, 'gosec')))
 
     const output = mergeReports(banditReport, gosecReport)
     const resolvedCheckRunResponse = await checkRunResponse
@@ -121,7 +112,6 @@ async function runLinterFromPRData (pullRequests, context, headSha) {
 async function processPullRequest (pullRequest, context) {
   const number = pullRequest.number
   const ref = pullRequest.head.ref
-  const baseRef = pullRequest.base.ref
   const id = pullRequest.id
   const repoID = context.payload.repository.id
 
@@ -133,19 +123,14 @@ async function processPullRequest (pullRequest, context) {
     .filter(async fileJSON => fileJSON !== 'deleted')
     .map(async fileJSON => {
       const filename = fileJSON.filename
-      const status = fileJSON.status
 
       const headRevision = apiHelper.getContents(context, filename, ref)
 
-      if (config.compareAgainstBaseline && status === 'modified') {
-        const baseRevision = apiHelper.getContents(context, filename, baseRef)
-        cache.saveFile(repoID, id, 'base', filename, (await baseRevision).data, 'python')
-      }
-
+      // TODO: merge this code with linter-specific path resolution
       if (filename.endsWith('.py')) {
-        cache.saveFile(repoID, id, 'head', filename, (await headRevision).data, 'python')
+        cache.saveFile(repoID, id, filename, (await headRevision).data, 'python')
       } else if (filename.endsWith('.go')) {
-        cache.saveFile(repoID, id, 'head', filename, (await headRevision).data, 'go')
+        cache.saveFile(repoID, id, filename, (await headRevision).data, 'go')
       }
 
       return filename

diff --git a/test/index.test.js b/test/index.test.js
@@ -6,18 +6,13 @@ const path = require('path')
 
 const { Application } = require('probot')
 const linterApp = require('..')
-const { config } = require('../config')
 
 const checkSuiteRerequestedEvent = require('./events/check_suite.rerequested.json')
 const checkRunRerequestEvent = require('./events/check_run_rerequested.json')
 const pullRequestOpenedEvent = require('./events/pull_request.opened.json')
 
 const samplePythonPRFixture = require('./fixtures/pull_request.files.python.json')
 const sampleMixedPRFixture = require('./fixtures/pull_request.files.mix.json')
-const simplePRFixture = require('./fixtures/pull_request.files.modified.json')
-const fileCreatedPRFixture = require('./fixtures/pull_request.files.added.json')
-
-const fileNotFoundResponse = require('./fixtures/github/getContent.response.missing.json')
 
 function mockPRContents (github, PR) {
   github.pullRequests.listFiles = jest.fn().mockResolvedValue(PR)
@@ -173,68 +168,6 @@ describe('Bandit-linter', () => {
       }))
     })
 
-    test('does not report baseline errors', async () => {
-      mockPRContents(github, simplePRFixture)
-      github.repos.getContents = jest.fn(({ ref }) => Promise.resolve({ data: fileRefs[ref] }))
-
-      const previousConfig = config.compareAgainstBaseline
-      config.compareAgainstBaseline = true
-
-      await app.receive(pullRequestOpenedEvent)
-
-      config.compareAgainstBaseline = previousConfig
-
-      // Is there a better way to do this?
-
-      expect(github.checks.update).toHaveBeenCalledWith(expect.objectContaining({
-        output: expect.objectContaining({
-          annotations: expect.arrayContaining([
-            expect.objectContaining({
-              start_line: 5
-            }),
-            expect.objectContaining({
-              start_line: 8
-            })
-          ])
-        })
-      }))
-
-      expect(github.checks.update).toHaveBeenCalledWith(expect.objectContaining({
-        output: expect.objectContaining({
-          annotations: expect.not.arrayContaining([
-            expect.objectContaining({
-              start_line: 13
-            }),
-            expect.objectContaining({
-              start_line: 16
-            })
-          ])
-        })
-      }))
-    })
-
-    test('does not download base version of new files', async () => {
-      mockPRContents(github, fileCreatedPRFixture)
-
-      // Simulate newly created file: return contents on head ref, error on base ref
-      github.repos.getContents = jest.fn(({ ref, path }) => {
-        if (ref === 'head') {
-          return mockFiles[path]
-        } else {
-          return fileNotFoundResponse
-        }
-      })
-
-      await app.receive(pullRequestOpenedEvent)
-
-      expect(github.repos.getContents).toHaveBeenCalledWith(expect.objectContaining({
-        ref: 'head_ref'
-      }))
-      expect(github.repos.getContents).not.toHaveBeenCalledWith(expect.objectContaining({
-        ref: 'base_ref'
-      }))
-    })
-
     test('cleans up after performing checks', async () => {
       await app.receive(checkSuiteRerequestedEvent)