From 8b51076f5b18721b89608558452f83c21faedca6 Mon Sep 17 00:00:00 2001
From: "S.Sandhu" <167903774+sachin-sandhu@users.noreply.github.com>
Date: Tue, 10 Sep 2024 11:36:00 -0400
Subject: [PATCH] adds exception handlers and test cases (#10570)

adds exception handler for issues related with Dependabot::Updater::SubprocessFailed
---
 .../file_updater/npm_lockfile_updater.rb      | 26 ++++++++++++++
 .../file_updater/npm_lockfile_updater_spec.rb | 35 +++++++++++++++++++
 2 files changed, 61 insertions(+)

diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
index 0bce33ba621..85d1bd2ba60 100644
--- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
+++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
@@ -98,6 +98,15 @@ def updated_lockfile_reponse(response)
           /Couldn't find package "(?<pkg>.*)" required by "(?<dep>.*)" on the "(?<regis>.*)" registry./
         ].freeze, T::Array[Regexp])
 
+        # dependency access protocol not supported by packagemanager
+        UNSUPPORTED_PROTOCOL = /EUNSUPPORTEDPROTOCOL\n(.*?)Unsupported URL Type "(?<access_method>.*)"/
+
+        # Internal server error returned from registry
+        SERVER_ERROR_500 = /500 Internal Server Error - GET (?<regis>.*)/
+
+        # issue related when dependency url is not mentioned correctly
+        UNRESOLVED_REFERENCE = /Unable to resolve reference (?<deps>.*)/
+
         # TODO: look into fixing this in npm, seems like a bug in the git
         # downloader introduced in npm 7
         #
@@ -428,6 +437,18 @@ def handle_npm_updater_error(error)
             raise Dependabot::PrivateSourceAuthenticationFailure, url
           end
 
+          if error_message.match?(SERVER_ERROR_500)
+            url = T.must(URI.decode_www_form_component(error_message).split("https://").last).split("/").first
+            msg = "Server error (500) while accessing #{url}."
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
+          if (error_msg = error_message.match(UNRESOLVED_REFERENCE))
+            dep = error_msg.named_captures["deps"]
+            msg = "Unable to resolve reference #{dep}."
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
           if error_message.match?(MISSING_PACKAGE)
             package_name = T.must(error_message.match(MISSING_PACKAGE))
                             .named_captures["package_req"]
@@ -590,6 +611,11 @@ def handle_npm_updater_error(error)
             raise Dependabot::DependencyFileNotResolvable, msg
           end
 
+          if (error_msg = error_message.match(UNSUPPORTED_PROTOCOL))
+            msg = "Unsupported protocol \"#{error_msg.named_captures.fetch('access_method')}\" while accessing dependency." # rubocop:disable Layout/LineLength
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
           raise error
         end
         # rubocop:enable Metrics/AbcSize
diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb
index 63978e0cdc9..6d6979f3353 100644
--- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb
+++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb
@@ -938,6 +938,41 @@
       end
     end
 
+    context "with a response with EUNSUPPORTEDPROTOCOL error" do
+      let(:response) do
+        "npm WARN using --force Recommended protections disabled.
+        npm ERR! code EUNSUPPORTEDPROTOCOL
+        npm ERR! Unsupported URL Type \"link:\": link:dayjs/plugin/relativeTime"
+      end
+
+      it "raises a helpful error" do
+        expect { updated_npm_lock }.to raise_error(Dependabot::DependencyFileNotResolvable)
+      end
+    end
+
+    context "with a response with 500 Internal Server error" do
+      let(:response) do
+        "npm WARN using --force Recommended protections disabled.
+        npm ERR! code E500
+        npm ERR! 500 Internal Server Error - GET https://registry.npmjs.org/get-intrinsic"
+      end
+
+      it "raises a helpful error" do
+        expect { updated_npm_lock }.to raise_error(Dependabot::DependencyFileNotResolvable)
+      end
+    end
+
+    context "with a response with Unable to resolve reference error" do
+      let(:response) do
+        "npm WARN using --force Recommended protections disabled.
+        npm ERR! Unable to resolve reference $eslint"
+      end
+
+      it "raises a helpful error" do
+        expect { updated_npm_lock }.to raise_error(Dependabot::DependencyFileNotResolvable)
+      end
+    end
+
     context "with a registry with access that results in ESOCKETTIMEDOUT error" do
       let(:response) { "https://npm.pkg.github.com/@group%2ffe-release: ESOCKETTIMEDOUT" }