Creating Review Diff Check Based on Diff Check Implementation (#17)

* first try

* Update git_manager.py

* Auto change version.

* Yoav CR

* Auto change version.

* Update README.md

* Auto change version.

* Update README.md

* Auto change version.

---------

Co-authored-by: liav-certora <liav-certora@users.noreply.github.com>

.gitignore

@@ -1,4 +1,7 @@
 **.ipynb
 **__pycache__
 **/.vscode
-**/local*
+**/local*
+build/
+*.egg-info
+CustomerClones/

Quorum/apis/block_explorers/chains_api.py

@@ -31,8 +31,6 @@ class ChainAPI:
 
     Attributes:
         chain_mapping (dict): Maps Chain enum to APIinfo containing base URL and API key function.
-        base_url (str): The full base URL for making requests to the selected chain.
-        api_key (str): The API key required to access the blockchain explorer API.
     """
 
     # Maps Chain enums to their corresponding API base URL and API key retrieval function.

Quorum/apis/git_api/git_manager.py

@@ -24,36 +24,40 @@ def __init__(self, customer: str) -> None:
         """
         self.customer = customer
 
-        self.customer_path = config.MAIN_PATH / self.customer / "modules"
-        self.customer_path.mkdir(parents=True, exist_ok=True)
+        self.modules_path = config.MAIN_PATH / self.customer / "modules"
+        self.modules_path.mkdir(parents=True, exist_ok=True)
 
-        self.repos = self._load_repos()
+        self.review_module_path = config.MAIN_PATH / self.customer / "review_module"
+        self.review_module_path.mkdir(parents=True, exist_ok=True)
 
-    def _load_repos(self) -> dict:
+        self.repos, self.review_repo = self._load_repos_from_file()
+
+    def _load_repos_from_file(self) -> tuple[dict[str, str], dict[str, str]]:
         """
         Load repository URLs from the JSON file for the given customer.
 
         Returns:
-            dict: A dictionary mapping repository names to their URLs.
+            tuple[dict[str, str], dict[str, str]]: 2 dictionaries mapping repository names to their URLs.
+                The first dictionary contains the repos to diff against. The second dictionary is the verification repo.
         """
         with open(config.REPOS_PATH) as f:
             repos_data = json.load(f)
 
         # Normalize the customer name to handle case differences
         normalized_customer = self.customer.lower()
-        repos = next((repos for key, repos in repos_data.items() if key.lower() == normalized_customer), [])
+        customer_repos = next((repos for key, repos in repos_data.items() if key.lower() == normalized_customer), None)
+        if customer_repos is None:
+            return {}, {}
 
-        return {Path(r).stem: r for r in repos}
+        repos = {Path(r).stem: r for r in customer_repos["dev_repos"]}
 
-    def clone_or_update(self) -> None:
-        """
-        Clone the repositories for the customer.
+        verify_repo = ({Path(customer_repos["review_repo"]).stem: customer_repos["review_repo"]}
+                       if "review_repo" in customer_repos else {})
+        return repos, verify_repo
 
-        If the repository already exists locally, it will update the repository and its submodules.
-        Otherwise, it will clone the repository and initialize submodules.
-        """
-        for repo_name, repo_url in self.repos.items():
-            repo_path: Path = self.customer_path / repo_name
+    @staticmethod
+    def __clone_or_update_for_repo(repo_name: str, repo_url: str, to_path: Path):
+            repo_path = to_path / repo_name
             if repo_path.exists():
                 pp.pretty_print(f"Repository {repo_name} already exists at {repo_path}. Updating repo and submodules.", pp.Colors.INFO)
                 repo = Repo(repo_path)
@@ -63,3 +67,18 @@ def clone_or_update(self) -> None:
                 pp.pretty_print(f"Cloning {repo_name} from URL: {repo_url} to {repo_path}...", pp.Colors.INFO)
                 Repo.clone_from(repo_url, repo_path, multi_options=["--recurse-submodules"])
 
+
+    def clone_or_update(self) -> None:
+        """
+        Clone the repositories for the customer.
+
+        If the repository already exists locally, it will update the repository and its submodules.
+        Otherwise, it will clone the repository and initialize submodules.
+        """
+
+        for repo_name, repo_url in self.repos.items():
+           GitManager.__clone_or_update_for_repo(repo_name, repo_url, self.modules_path)
+
+        if self.review_repo:
+            repo_name, repo_url = next(iter(self.review_repo.items()))
+            GitManager.__clone_or_update_for_repo(repo_name, repo_url, self.review_module_path)

Quorum/check_proposal.py

@@ -67,6 +67,9 @@ def proposals_check(customer: str, chain_name: str, proposal_addresses: list[str
         # Diff check
         missing_files = Checks.DiffCheck(customer, chain, proposal_address, source_codes).find_diffs()
 
+        # Review diff check
+        Checks.ReviewDiffCheck(customer, chain, proposal_address, missing_files).find_diffs()
+
         # Global variables check
         Checks.GlobalVariableCheck(customer, chain, proposal_address, missing_files).check_global_variables()
 

Quorum/checks/__init__.py

@@ -1,6 +1,7 @@
 from .diff import DiffCheck
+from .review_diff import ReviewDiffCheck
 from .global_variables import GlobalVariableCheck
 from .feed_price import FeedPriceCheck
 from .new_listing import NewListingCheck
 
-all = ["DiffCheck", "GlobalVariableCheck", "FeedPriceCheck", "NewListingCheck"]
+all = ["DiffCheck", "ReviewDiffCheck", "GlobalVariableCheck", "FeedPriceCheck", "NewListingCheck"]

Quorum/checks/diff.py

@@ -5,6 +5,7 @@
 
 from Quorum.apis.block_explorers.source_code import SourceCode
 from Quorum.checks.check import Check
+from Quorum.utils.chain_enum import Chain
 import Quorum.utils.pretty_printer as pp
 
 
@@ -30,6 +31,9 @@ class DiffCheck(Check):
     This class compares source files from a local repository with those from a remote proposal,
     identifying differences and generating patch files.
     """
+    def __init__(self, customer: str, chain: Chain, proposal_address: str, source_codes: list[SourceCode]):
+        super().__init__(customer, chain, proposal_address, source_codes)
+        self.target_repo = self.customer_folder / "modules"
 
     def __find_most_common_path(self, source_path: Path, repo: Path) -> Optional[Path]:
         """
@@ -82,10 +86,8 @@ def find_diffs(self) -> list[SourceCode]:
         missing_files = []
         files_with_diffs = []
 
-        target_repo = self.customer_folder / "modules"
-
         for source_code in self.source_codes:
-            local_file = self.__find_most_common_path(Path(source_code.file_name), target_repo)
+            local_file = self.__find_most_common_path(Path(source_code.file_name), self.target_repo)
             if not local_file:
                 missing_files.append(source_code)
                 continue

Quorum/checks/review_diff.py

@@ -0,0 +1,15 @@
+from Quorum.checks.diff import DiffCheck
+from Quorum.apis.block_explorers.source_code import SourceCode
+from Quorum.utils.chain_enum import Chain
+import Quorum.utils.pretty_printer as pp
+
+
+class ReviewDiffCheck(DiffCheck):
+    def __init__(self, customer: str, chain: Chain, proposal_address: str, source_codes: list[SourceCode]):
+        super().__init__(customer, chain, proposal_address, source_codes)
+        self.target_repo = self.customer_folder / "review_module"
+
+    def find_diffs(self) -> list[SourceCode]:
+        pp.pretty_print(f'Verifying missing files against {self.customer} review repo '
+                        f'(cloned under {self.target_repo})', pp.Colors.INFO)
+        return super().find_diffs()

Quorum/repos.json

@@ -1,7 +1,12 @@
 {
-    "Aave": [
-        "https://github.com/bgd-labs/aave-helpers",
-        "https://github.com/bgd-labs/aave-address-book",
-        "https://github.com/aave-dao/aave-v3-origin"
-    ]
+    "Aave": 
+    {
+        "dev_repos":
+        [
+            "https://github.com/bgd-labs/aave-helpers",
+            "https://github.com/bgd-labs/aave-address-book",
+            "https://github.com/aave-dao/aave-v3-origin"
+        ],
+        "review_repo": "https://github.com/bgd-labs/aave-proposals-v3"
+    }
 }

README.md

@@ -5,6 +5,7 @@ Quorum is an open-source Python utility designed to verify the integrity of smar
 ## Features
 - **Fetch Smart Contract Source Codes:** Retrieve source code directly from various blockchains using contract addresses.
 - **Compare Local and Remote Codes:** Generate unified diffs to highlight differences between local and remote source codes.
+- **Verify Code Against Known Reviewed Repositories:** Generate diffs against specifically defined trusted auditor's repositories.
 - **Global Variable Check:** Ensure all global variables in unmatched contracts are either constant or immutable.
 - **Feed Price Check:** Verify the feed price of a contract is mentioned on ChainLink.
 - **New Listing Check:** Check if proposal contain a new Listing.
@@ -157,11 +158,16 @@ Example `repos.json`:
 
 ```json
 {
-    "Aave": [
-        "https://github.com/bgd-labs/aave-helpers",
-        "https://github.com/bgd-labs/aave-address-book",
-        "https://github.com/aave-dao/aave-v3-origin"
-    ]
+    "Aave": 
+    {
+        "dev_repos":
+        [
+            "https://github.com/bgd-labs/aave-helpers",
+            "https://github.com/bgd-labs/aave-address-book",
+            "https://github.com/aave-dao/aave-v3-origin"
+        ],
+        "review_repo": "https://github.com/bgd-labs/aave-proposals-v3"
+    }
 }
 ```
 

version

@@ -1 +1 @@
-20241105.182030.187611
+20241110.154442.714477