Handle Dependabot::DependabotError in pub/lib/dependabot/pub/helpers.…

…rb (#11333) * Handle exceptions from shell commands in pub ecosystem * Update helpers.rb * Clean up mocking to improve readability * Fix flaky devcontainer tests
dependabot · Jan 22, 2025 · 4b14c18 · 4b14c18
1 parent 83b4d5d
commit 4b14c18
Show file tree

Hide file tree

Showing 4 changed files with 79 additions and 2 deletions.
diff --git a/common/lib/dependabot/errors.rb b/common/lib/dependabot/errors.rb
@@ -220,6 +220,14 @@ def self.updater_error_details(error)
         "error-type": "git_dependencies_not_reachable",
         "error-detail": { "dependency-urls": error.dependency_urls }
       }
+    when Dependabot::DependencyFileNotFound
+      {
+        "error-type": "dependency_file_not_found",
+        "error-detail": {
+          message: error.message,
+          "file-path": error.file_path
+        }
+      }
     when Dependabot::ToolVersionNotSupported
       {
         "error-type": "tool_version_not_supported",

diff --git a/devcontainers/spec/dependabot/devcontainers/file_parser_spec.rb b/devcontainers/spec/dependabot/devcontainers/file_parser_spec.rb
@@ -244,7 +244,7 @@
       it "returns the correct language" do
         expect(language.name).to eq "node"
         expect(language.requirement).to be_nil
-        expect(language.version.to_s).to eq "18.20.5"
+        expect(language.version.to_s).to eq "18.20.6"
       end
     end
   end

diff --git a/pub/lib/dependabot/pub/helpers.rb b/pub/lib/dependabot/pub/helpers.rb
@@ -244,14 +244,28 @@ def run_dependency_services(command, stdin_data: nil)
               stdin_data: stdin_data,
               chdir: command_dir
             )
-            raise Dependabot::DependabotError, "dependency_services failed: #{stderr}" unless status.success?
+            raise_error(stderr) unless status.success?
             return stdout unless block_given?
 
             yield command_dir
           end
         end
       end
 
+      def raise_error(stderr)
+        if stderr.include?("Failed parsing lock file") || stderr.include?("Unsupported operation")
+          raise DependencyFileNotEvaluatable, "dependency_services failed: #{stderr}"
+        elsif stderr.include?("Git error")
+          raise Dependabot::InvalidGitAuthToken, "dependency_services failed: #{stderr}"
+        elsif stderr.include?("version solving failed")
+          raise Dependabot::DependencyFileNotResolvable, "dependency_services failed: #{stderr}"
+        elsif stderr.include?("Could not find a file named \"pubspec.yaml\"")
+          raise Dependabot::DependencyFileNotFound.new("pubspec.yaml", "dependency_services failed: #{stderr}")
+        else
+          raise Dependabot::DependabotError, "dependency_services failed: #{stderr}"
+        end
+      end
+
       # Parses a dependency as listed by `dependency_services list`.
       def parse_listed_dependency(json)
         params = {

diff --git a/pub/spec/dependabot/pub/update_checker_spec.rb b/pub/spec/dependabot/pub/update_checker_spec.rb
@@ -716,6 +716,61 @@
     end
   end
 
+  context "when there is an error while running a subshell command" do
+    let(:status) { instance_double(Process::Status, success?: false) }
+
+    before do
+      allow(Open3).to receive(:capture3).and_call_original
+      allow(Open3).to receive(:capture3).with(Hash, String, "report", Hash).and_return(["", stderr, status])
+    end
+
+    context "with a git error" do
+      let(:stderr) { "Git error. Command: `git clone --mirror https://github.com/***`" }
+
+      it "raises the correct error" do
+        expect { checker.latest_version }.to raise_error(Dependabot::InvalidGitAuthToken)
+      end
+    end
+
+    context "when parsing the lockfile fails" do
+      let(:stderr) { "Failed parsing lock file" }
+
+      it "raises the correct error" do
+        expect { checker.latest_version }.to raise_error(Dependabot::DependencyFileNotEvaluatable)
+      end
+    end
+
+    context "when version resolution fails" do
+      let(:stderr) do
+        "Because care_share_nepal depends on both freezed ^3.0.0-0.0.dev and freezed ^2.3.5, version solving failed."
+      end
+
+      it "raises the correct error" do
+        expect { checker.latest_version }.to raise_error(Dependabot::DependencyFileNotResolvable)
+      end
+    end
+
+    context "when pubspec.yaml is missing" do
+      let(:stderr) do
+        "Could not find a file named \"pubspec.yaml\" in https://github.com/Iconica-Development"
+      end
+
+      it "raises the correct error" do
+        expect { checker.latest_version }.to raise_error(Dependabot::DependencyFileNotFound)
+      end
+    end
+
+    context "when dependency file has unsupported syntax" do
+      let(:stderr) do
+        "Unsupported operation: Encountered an alias node along [dependencies, isar, version]!"
+      end
+
+      it "raises the correct error" do
+        expect { checker.latest_version }.to raise_error(Dependabot::DependencyFileNotEvaluatable)
+      end
+    end
+  end
+
   context "with a git dependency" do
     include_context "with temp dir"