From 799bb758e44b951525f9afa9927114ec37bbf84b Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Thu, 26 May 2022 17:38:44 -0400
Subject: [PATCH 1/2] cache: respect pip's `PIP_NO_CACHE_DIR`

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 pip_audit/_cache.py | 8 +++++++-
 test/test_cache.py  | 7 +++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/pip_audit/_cache.py b/pip_audit/_cache.py
index c154c694..b7687906 100644
--- a/pip_audit/_cache.py
+++ b/pip_audit/_cache.py
@@ -36,6 +36,8 @@ def _get_pip_cache() -> Path:
     try:
         process = subprocess.run(cmd, check=True, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL)
     except subprocess.CalledProcessError as cpe:  # pragma: no cover
+        # NOTE: This should only happen if pip's cache has been explicitly disabled,
+        # which we check for in the caller (via `PIP_NO_CACHE_DIR`).
         raise ServiceError(f"Failed to query the `pip` HTTP cache directory: {cmd}") from cpe
     cache_dir = process.stdout.decode("utf-8").strip("\n")
     http_cache_dir = Path(cache_dir) / "http"
@@ -47,13 +49,17 @@ def _get_cache_dir(custom_cache_dir: Optional[Path], *, use_pip: bool = True) ->
     Returns a directory path suitable for HTTP caching.
 
     The directory is **not** guaranteed to exist.
+
+    `use_pip` tells the function to prefer `pip`'s pre-existing cache,
+    **unless** `PIP_NO_CACHE_DIR` is present in the environment.
     """
 
     # If the user has explicitly requested a directory, pass it through unscathed.
     if custom_cache_dir is not None:
         return custom_cache_dir
 
-    if use_pip:
+    # Respect pip's PIP_NO_CACHE_DIR environment setting.
+    if use_pip and not os.getenv("PIP_NO_CACHE_DIR"):
         pip_cache_dir = _get_pip_cache() if _PIP_VERSION >= _MINIMUM_PIP_VERSION else None
         if pip_cache_dir is not None:
             return pip_cache_dir
diff --git a/test/test_cache.py b/test/test_cache.py
index ef2b4146..d6c80190 100644
--- a/test/test_cache.py
+++ b/test/test_cache.py
@@ -32,6 +32,13 @@ def test_get_cache_dir_do_not_use_pip():
     assert cache_dir == Path.home() / ".pip-audit-cache"
 
 
+def test_get_cache_dir_pip_disabled_in_environment(monkeypatch):
+    monkeypatch.setenv("PIP_NO_CACHE_DIR", "1")
+
+    # Even with use_pip=True, we avoid pip's cache if the environment tells us to.
+    assert _get_cache_dir(None, use_pip=True) == Path.home() / ".pip-audit-cache"
+
+
 def test_get_cache_dir_old_pip(monkeypatch):
     # Check the case where we have an old `pip`
     monkeypatch.setattr(cache, "_PIP_VERSION", Version("1.0.0"))

From ebea21cd276e113fa2ea59695ec893579f5c2627 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Thu, 26 May 2022 17:42:17 -0400
Subject: [PATCH 2/2] CHANGELOG: record changes

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 64411bcd..bd8d7803 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,10 @@ All versions prior to 0.0.9 are untracked.
   about OSV's schema guarantees was fixed
   ([#284](https://github.com/trailofbits/pip-audit/pull/284))
 
+* Caching: `pip-audit` now respects `pip`'s `PIP_NO_CACHE_DIR`
+  and will not attempt to use the `pip` cache if present
+  ([#290](https://github.com/trailofbits/pip-audit/pull/290))
+
 ## [2.3.1] - 2022-05-24
 
 ### Fixed