Fix Analyze Local Requires Internet (#37)

SUSTAPLE117 · web-flow · commit 55f55d82bb53 · 2024-04-29T16:33:20.000-04:00
* hiding git operations behind an interface and grouped the analysis dependencies under a struct for better management

* implementing and using a local only git client for the analyze local
diff --git a/analyze/analyze.go b/analyze/analyze.go
@@ -9,11 +9,11 @@ import (
 	"os"
 	"strings"
 	"sync"
+	"time"
 
 	"github.com/rs/zerolog/log"
 
 	"github.com/boostsecurityio/poutine/opa"
-	"github.com/boostsecurityio/poutine/providers/gitops"
 	"github.com/boostsecurityio/poutine/providers/pkgsupply"
 	"github.com/boostsecurityio/poutine/scanner"
 	"github.com/schollz/progressbar/v3"
@@ -43,18 +43,40 @@ type ScmClient interface {
 	ParseRepoAndOrg(string) (string, string, error)
 }
 
-func AnalyzeOrg(ctx context.Context, org string, scmClient ScmClient, numberOfGoroutines *int, formatter Formatter) error {
-	provider := scmClient.GetProviderName()
+type GitClient interface {
+	Clone(ctx context.Context, clonePath string, url string, token string, ref string) error
+	CommitSHA(clonePath string) (string, error)
+	LastCommitDate(ctx context.Context, clonePath string) (time.Time, error)
+	GetRemoteOriginURL(ctx context.Context, repoPath string) (string, error)
+	GetRepoHeadBranchName(ctx context.Context, repoPath string) (string, error)
+}
+
+func NewAnalyzer(scmClient ScmClient, gitClient GitClient, formatter Formatter) *Analyzer {
+	return &Analyzer{
+		ScmClient: scmClient,
+		GitClient: gitClient,
+		Formatter: formatter,
+	}
+}
+
+type Analyzer struct {
+	ScmClient ScmClient
+	GitClient GitClient
+	Formatter Formatter
+}
+
+func (a *Analyzer) AnalyzeOrg(ctx context.Context, org string, numberOfGoroutines *int) error {
+	provider := a.ScmClient.GetProviderName()
 
-	providerVersion, err := scmClient.GetProviderVersion(ctx)
+	providerVersion, err := a.ScmClient.GetProviderVersion(ctx)
 	if err != nil {
 		log.Debug().Err(err).Msgf("Failed to get provider version for %s", provider)
 	}
 
 	log.Debug().Msgf("Provider: %s, Version: %s", provider, providerVersion)
 
 	log.Debug().Msgf("Fetching list of repositories for organization: %s on %s", org, provider)
-	orgReposBatches := scmClient.GetOrgRepos(ctx, org)
+	orgReposBatches := a.ScmClient.GetOrgRepos(ctx, org)
 
 	opaClient, _ := opa.NewOpa()
 	pkgsupplyClient := pkgsupply.NewStaticClient()
@@ -96,14 +118,14 @@ func AnalyzeOrg(ctx context.Context, org string, scmClient ScmClient, numberOfGo
 				defer sem.Release(1)
 				defer wg.Done()
 				repoNameWithOwner := repo.GetRepoIdentifier()
-				tempDir, err := cloneRepoToTemp(ctx, repo.BuildGitURL(scmClient.GetProviderBaseURL()), scmClient.GetToken())
+				tempDir, err := a.cloneRepoToTemp(ctx, repo.BuildGitURL(a.ScmClient.GetProviderBaseURL()), a.ScmClient.GetToken())
 				if err != nil {
 					log.Error().Err(err).Str("repo", repoNameWithOwner).Msg("failed to clone repo")
 					return
 				}
 				defer os.RemoveAll(tempDir)
 
-				pkg, err := generatePackageInsights(ctx, tempDir, repo)
+				pkg, err := a.generatePackageInsights(ctx, tempDir, repo)
 				if err != nil {
 					errChan <- err
 					return
@@ -132,21 +154,21 @@ func AnalyzeOrg(ctx context.Context, org string, scmClient ScmClient, numberOfGo
 
 	fmt.Print("\n\n")
 
-	return finalizeAnalysis(ctx, inventory, formatter)
+	return a.finalizeAnalysis(ctx, inventory)
 }
 
-func AnalyzeRepo(ctx context.Context, repoString string, scmClient ScmClient, formatter Formatter) error {
-	org, repoName, err := scmClient.ParseRepoAndOrg(repoString)
+func (a *Analyzer) AnalyzeRepo(ctx context.Context, repoString string) error {
+	org, repoName, err := a.ScmClient.ParseRepoAndOrg(repoString)
 	if err != nil {
 		return fmt.Errorf("failed to parse repository: %w", err)
 	}
-	repo, err := scmClient.GetRepo(ctx, org, repoName)
+	repo, err := a.ScmClient.GetRepo(ctx, org, repoName)
 	if err != nil {
 		return fmt.Errorf("failed to get repo: %w", err)
 	}
 	provider := repo.GetProviderName()
 
-	providerVersion, err := scmClient.GetProviderVersion(ctx)
+	providerVersion, err := a.ScmClient.GetProviderVersion(ctx)
 	if err != nil {
 		log.Debug().Err(err).Msgf("Failed to get provider version for %s", provider)
 	}
@@ -166,13 +188,13 @@ func AnalyzeRepo(ctx context.Context, repoString string, scmClient ScmClient, fo
 		progressbar.OptionSetWriter(os.Stderr),
 	)
 
-	tempDir, err := cloneRepoToTemp(ctx, repo.BuildGitURL(scmClient.GetProviderBaseURL()), scmClient.GetToken())
+	tempDir, err := a.cloneRepoToTemp(ctx, repo.BuildGitURL(a.ScmClient.GetProviderBaseURL()), a.ScmClient.GetToken())
 	if err != nil {
 		return err
 	}
 	defer os.RemoveAll(tempDir)
 
-	pkg, err := generatePackageInsights(ctx, tempDir, repo)
+	pkg, err := a.generatePackageInsights(ctx, tempDir, repo)
 	if err != nil {
 		return err
 	}
@@ -184,21 +206,21 @@ func AnalyzeRepo(ctx context.Context, repoString string, scmClient ScmClient, fo
 	_ = bar.Add(1)
 
 	fmt.Print("\n\n")
-	return finalizeAnalysis(ctx, inventory, formatter)
+	return a.finalizeAnalysis(ctx, inventory)
 }
 
-func AnalyzeLocalRepo(ctx context.Context, repoPath string, scmClient ScmClient, formatter Formatter) error {
-	org, repoName, err := scmClient.ParseRepoAndOrg(repoPath)
+func (a *Analyzer) AnalyzeLocalRepo(ctx context.Context, repoPath string) error {
+	org, repoName, err := a.ScmClient.ParseRepoAndOrg(repoPath)
 	if err != nil {
 		return fmt.Errorf("failed to parse repository: %w", err)
 	}
-	repo, err := scmClient.GetRepo(ctx, org, repoName)
+	repo, err := a.ScmClient.GetRepo(ctx, org, repoName)
 	if err != nil {
 		return fmt.Errorf("failed to get repo: %w", err)
 	}
 	provider := repo.GetProviderName()
 
-	providerVersion, err := scmClient.GetProviderVersion(ctx)
+	providerVersion, err := a.ScmClient.GetProviderVersion(ctx)
 	if err != nil {
 		log.Debug().Err(err).Msgf("Failed to get provider version for %s", provider)
 	}
@@ -218,7 +240,7 @@ func AnalyzeLocalRepo(ctx context.Context, repoPath string, scmClient ScmClient,
 		progressbar.OptionSetWriter(os.Stderr),
 	)
 
-	pkg, err := generatePackageInsights(ctx, repoPath, repo)
+	pkg, err := a.generatePackageInsights(ctx, repoPath, repo)
 	if err != nil {
 		return err
 	}
@@ -230,40 +252,39 @@ func AnalyzeLocalRepo(ctx context.Context, repoPath string, scmClient ScmClient,
 	_ = bar.Add(1)
 
 	fmt.Print("\n\n")
-	return finalizeAnalysis(ctx, inventory, formatter)
+	return a.finalizeAnalysis(ctx, inventory)
 }
 
 type Formatter interface {
 	Format(ctx context.Context, report *opa.FindingsResult, packages []*models.PackageInsights) error
 }
 
-func finalizeAnalysis(ctx context.Context, inventory *scanner.Inventory, formatter Formatter) error {
+func (a *Analyzer) finalizeAnalysis(ctx context.Context, inventory *scanner.Inventory) error {
 	report, err := inventory.Findings(ctx)
 	if err != nil {
 		return err
 	}
 
-	err = formatter.Format(ctx, report, inventory.Packages)
+	err = a.Formatter.Format(ctx, report, inventory.Packages)
 	if err != nil {
 		return err
 	}
 
 	return nil
 }
 
-func generatePackageInsights(ctx context.Context, tempDir string, repo Repository) (*models.PackageInsights, error) {
-	gitClient := gitops.NewGitClient(nil)
-	commitDate, err := gitClient.LastCommitDate(ctx, tempDir)
+func (a *Analyzer) generatePackageInsights(ctx context.Context, tempDir string, repo Repository) (*models.PackageInsights, error) {
+	commitDate, err := a.GitClient.LastCommitDate(ctx, tempDir)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get last commit date: %w", err)
 	}
 
-	commitSha, err := gitClient.CommitSHA(tempDir)
+	commitSha, err := a.GitClient.CommitSHA(tempDir)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get commit SHA: %w", err)
 	}
 
-	headBranchName, err := gitClient.GetRepoHeadBranchName(ctx, tempDir)
+	headBranchName, err := a.GitClient.GetRepoHeadBranchName(ctx, tempDir)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get head branch name: %w", err)
 	}
@@ -284,14 +305,13 @@ func generatePackageInsights(ctx context.Context, tempDir string, repo Repositor
 	return pkg, nil
 }
 
-func cloneRepoToTemp(ctx context.Context, gitURL string, token string) (string, error) {
+func (a *Analyzer) cloneRepoToTemp(ctx context.Context, gitURL string, token string) (string, error) {
 	tempDir, err := os.MkdirTemp("", TEMP_DIR_PREFIX)
 	if err != nil {
 		return "", fmt.Errorf("failed to create temp directory: %w", err)
 	}
 
-	gitClient := gitops.NewGitClient(nil)
-	err = gitClient.Clone(ctx, tempDir, gitURL, token, "HEAD")
+	err = a.GitClient.Clone(ctx, tempDir, gitURL, token, "HEAD")
 	if err != nil {
 		os.RemoveAll(tempDir) // Clean up if cloning fails
 		return "", fmt.Errorf("failed to clone repo: %s", err)
diff --git a/poutine.go b/poutine.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"github.com/boostsecurityio/poutine/providers/gitops"
 	"os"
 	"os/signal"
 	"path/filepath"
@@ -113,33 +114,37 @@ func run(ctx context.Context, args []string) error {
 
 	formatter := getFormatter()
 
+	gitClient := gitops.NewGitClient(nil)
+
+	analyzer := analyze.NewAnalyzer(scmClient, gitClient, formatter)
+
 	switch command {
 	case "analyze_org":
-		return analyzeOrg(ctx, args[1], scmClient, formatter)
+		return analyzeOrg(ctx, args[1], analyzer)
 	case "analyze_repo":
-		return analyzeRepo(ctx, args[1], scmClient, formatter)
+		return analyzeRepo(ctx, args[1], analyzer)
 	case "analyze_local":
 		return analyzeLocal(ctx, args[1], formatter)
 	default:
 		return fmt.Errorf("unknown command %q", command)
 	}
 }
 
-func analyzeOrg(ctx context.Context, org string, scmClient analyze.ScmClient, formatter analyze.Formatter) error {
+func analyzeOrg(ctx context.Context, org string, analyzer *analyze.Analyzer) error {
 	if org == "" {
 		return fmt.Errorf("invalid organization name %q", org)
 	}
 
-	err := analyze.AnalyzeOrg(ctx, org, scmClient, threads, formatter)
+	err := analyzer.AnalyzeOrg(ctx, org, threads)
 	if err != nil {
 		return fmt.Errorf("failed to analyze org %s: %w", org, err)
 	}
 
 	return nil
 }
 
-func analyzeRepo(ctx context.Context, repo string, scmClient analyze.ScmClient, formatter analyze.Formatter) error {
-	err := analyze.AnalyzeRepo(ctx, repo, scmClient, formatter)
+func analyzeRepo(ctx context.Context, repo string, analyzer *analyze.Analyzer) error {
+	err := analyzer.AnalyzeRepo(ctx, repo)
 	if err != nil {
 		return fmt.Errorf("failed to analyze repo %s: %w", repo, err)
 	}
@@ -152,7 +157,12 @@ func analyzeLocal(ctx context.Context, repoPath string, formatter analyze.Format
 	if err != nil {
 		return fmt.Errorf("failed to create local SCM client: %w", err)
 	}
-	err = analyze.AnalyzeLocalRepo(ctx, repoPath, localScmClient, formatter)
+
+	localGitClient := gitops.NewLocalGitClient(nil)
+
+	analyzer := analyze.NewAnalyzer(localScmClient, localGitClient, formatter)
+
+	err = analyzer.AnalyzeLocalRepo(ctx, repoPath)
 	if err != nil {
 		return fmt.Errorf("failed to analyze repoPath %s: %w", repoPath, err)
 	}
diff --git a/providers/gitops/gitops.go b/providers/gitops/gitops.go
@@ -3,6 +3,7 @@ package gitops
 import (
 	"bytes"
 	"context"
+	"github.com/rs/zerolog/log"
 	"os"
 	"os/exec"
 	"strconv"
@@ -132,3 +133,45 @@ func (g *GitClient) GetRepoHeadBranchName(ctx context.Context, repoPath string)
 
 	return "HEAD", nil
 }
+
+func NewLocalGitClient(command *GitCommand) *LocalGitClient {
+	if command != nil {
+		return &LocalGitClient{GitClient: &GitClient{Command: *command}}
+	}
+	return &LocalGitClient{GitClient: &GitClient{Command: &ExecGitCommand{}}}
+}
+
+type LocalGitClient struct {
+	GitClient *GitClient
+}
+
+func (g *LocalGitClient) GetRemoteOriginURL(ctx context.Context, repoPath string) (string, error) {
+	return g.GitClient.GetRemoteOriginURL(ctx, repoPath)
+}
+
+func (g *LocalGitClient) LastCommitDate(ctx context.Context, clonePath string) (time.Time, error) {
+	return g.GitClient.LastCommitDate(ctx, clonePath)
+}
+
+func (g *LocalGitClient) CommitSHA(clonePath string) (string, error) {
+	return g.GitClient.CommitSHA(clonePath)
+}
+
+func (g *LocalGitClient) Clone(ctx context.Context, clonePath string, url string, token string, ref string) error {
+	log.Debug().Msgf("Local Git Client shouldn't be used to clone repositories")
+	return nil
+}
+
+func (g *LocalGitClient) GetRepoHeadBranchName(ctx context.Context, repoPath string) (string, error) {
+	cmd := "git"
+	args := []string{"branch", "--show-current"}
+
+	output, err := g.GitClient.Command.Run(ctx, cmd, args, repoPath)
+	if err != nil {
+		return "", err
+	}
+
+	headBranch := string(bytes.TrimSpace(output))
+
+	return headBranch, nil
+}
