Adds metadata failure 4xx,5xx error captures (#10483)

Adds metadata failure 4xx,5xx error captures
dependabot · Aug 22, 2024 · 7962df2 · 7962df2
1 parent 66971cb
commit 7962df2
Show file tree

Hide file tree

Showing 6 changed files with 161 additions and 1 deletion.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb
@@ -48,8 +48,10 @@ def updated_pnpm_lock_content(pnpm_lock)
         # ERR_PNPM_FETCH ERROR CODES
         ERR_PNPM_FETCH_401 = /ERR_PNPM_FETCH_401.*GET (?<dependency_url>.*):  - 401/
         ERR_PNPM_FETCH_403 = /ERR_PNPM_FETCH_403.*GET (?<dependency_url>.*):  - 403/
+        ERR_PNPM_FETCH_404 = /ERR_PNPM_FETCH_404.*GET (?<dependency_url>.*):  - 404/
         ERR_PNPM_FETCH_500 = /ERR_PNPM_FETCH_500.*GET (?<dependency_url>.*):  - 500/
         ERR_PNPM_FETCH_502 = /ERR_PNPM_FETCH_502.*GET (?<dependency_url>.*):  - 502/
+        ERR_PNPM_FETCH_503 = /ERR_PNPM_FETCH_503.*GET (?<dependency_url>.*):  - 503/
 
         # ERR_PNPM_UNSUPPORTED_ENGINE
         ERR_PNPM_UNSUPPORTED_ENGINE = /ERR_PNPM_UNSUPPORTED_ENGINE/
@@ -66,6 +68,11 @@ def updated_pnpm_lock_content(pnpm_lock)
         PLATFORM_VERSION_REQUIREMENT = /wanted {(?<supported_ver>.*)} \(current: (?<detected_ver>.*)\)/
         PLATFORM_PACAKGE_MANAGER = "pnpm"
 
+        INVALID_PACKAGE_SPEC = /Invalid package manager specification/
+
+        # Metadata inconsistent error codes
+        ERR_PNPM_META_FETCH_FAIL = /ERR_PNPM_META_FETCH_FAIL/
+
         def run_pnpm_update(pnpm_lock:)
           SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
             File.write(".npmrc", npmrc_content(pnpm_lock))
@@ -111,6 +118,7 @@ def lockfile_dependencies(lockfile)
 
         # rubocop:disable Metrics/AbcSize
         # rubocop:disable Metrics/PerceivedComplexity
+        # rubocop:disable Metrics/MethodLength
         def handle_pnpm_lock_updater_error(error, pnpm_lock)
           error_message = error.message
 
@@ -131,7 +139,8 @@ def handle_pnpm_lock_updater_error(error, pnpm_lock)
           end
 
           [FORBIDDEN_PACKAGE, MISSING_PACKAGE, UNAUTHORIZED_PACKAGE, ERR_PNPM_FETCH_401,
-           ERR_PNPM_FETCH_403, ERR_PNPM_FETCH_500, ERR_PNPM_FETCH_502].each do |regexp|
+           ERR_PNPM_FETCH_403, ERR_PNPM_FETCH_404, ERR_PNPM_FETCH_500, ERR_PNPM_FETCH_502, ERR_PNPM_FETCH_503]
+            .each do |regexp|
             next unless error_message.match?(regexp)
 
             dependency_url = error_message.match(regexp).named_captures["dependency_url"]
@@ -147,6 +156,20 @@ def handle_pnpm_lock_updater_error(error, pnpm_lock)
             raise Dependabot::DependencyFileNotResolvable, msg
           end
 
+          # TO-DO : investigate "packageManager" allowed regex
+          if error_message.match?(INVALID_PACKAGE_SPEC)
+            dependency_names = dependencies.map(&:name).join(", ")
+
+            msg = "Invalid package manager specification in package.json while resolving \"#{dependency_names}\"."
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
+          if error_message.match?(ERR_PNPM_META_FETCH_FAIL)
+
+            msg = error_message.split(ERR_PNPM_META_FETCH_FAIL).last
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
           raise_patch_dependency_error(error_message) if error_message.match?(ERR_PNPM_PATCH_NOT_APPLIED)
 
           raise_unsupported_engine_error(error_message, pnpm_lock) if error_message.match?(ERR_PNPM_UNSUPPORTED_ENGINE)
@@ -160,6 +183,7 @@ def handle_pnpm_lock_updater_error(error, pnpm_lock)
         end
         # rubocop:enable Metrics/AbcSize
         # rubocop:enable Metrics/PerceivedComplexity
+        # rubocop:enable Metrics/MethodLength
 
         def raise_resolvability_error(error_message, pnpm_lock)
           dependency_names = dependencies.map(&:name).join(", ")

diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater_spec.rb
@@ -194,6 +194,15 @@
       end
     end
 
+    context "with an invalid package manager requirement in the package.json" do
+      let(:project_name) { "pnpm/invalid_package_manager" }
+
+      it "raises a helpful error" do
+        expect { updated_pnpm_lock_content }
+          .to raise_error(Dependabot::DependencyFileNotResolvable)
+      end
+    end
+
     context "with a registry resolution that returns err_pnpm_tarball_integrity response" do
       let(:dependency_name) { "lodash" }
       let(:version) { "22.2.0" }
@@ -371,6 +380,15 @@
       end
     end
 
+    context "with an err_pnpm_meta_fetch_fail response" do
+      let(:project_name) { "pnpm/meta_fetch_fail" }
+
+      it "raises a helpful error" do
+        expect { updated_pnpm_lock_content }
+          .to raise_error(Dependabot::DependencyFileNotResolvable)
+      end
+    end
+
     context "with a GHPR registry incorrectly configured including the scope" do
       let(:dependency_name) { "@dsp-testing/inner-source-top-secret-npm-2" }
       let(:version) { "1.0.9" }

diff --git a/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/package.json b/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/package.json
@@ -0,0 +1,26 @@
+{
+    "name": "foo",
+    "version": "1.0.0",
+    "description": "",
+    "packageManager": "pnpm@^9",
+    "main": "index.js",
+    "scripts": {
+        "test": "echo \"Error: no test specified\" && exit 1"
+    },
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/waltfy/PROTO_TEST.git"
+    },
+    "author": "",
+    "license": "ISC",
+    "bugs": {
+        "url": "https://github.com/waltfy/PROTO_TEST/issues"
+    },
+    "homepage": "https://github.com/waltfy/PROTO_TEST#readme",
+    "dependencies": {
+      "fetch-factory": "^0.0.1"
+    },
+    "devDependencies": {
+      "etag" : "^2.0.0"
+    }
+}
diff --git a/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/pnpm-lock.yaml b/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/pnpm-lock.yaml
diff --git a/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/package.json b/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/package.json
@@ -0,0 +1,13 @@
+{
+    "name": "foo",
+    "version": "1.0.0",
+    "description": "",
+    "packageManager": "pnpm@9.0.1",
+    "main": "index.js",
+    "dependencies": {
+      "fetch-factory": "^2.0.1"
+    },
+    "devDependencies": {
+      "etag" : "^2.0.0"
+    }
+}
diff --git a/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/pnpm-lock.yaml b/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/pnpm-lock.yaml