Skip to content

Commit

Permalink
Fixes ArgumentError: Invalid URI errors (dependabot#10579)
Browse files Browse the repository at this point in the history
* adds exception handlers
  • Loading branch information
sachin-sandhu authored Sep 12, 2024
1 parent 7c89ac8 commit fc2312a
Show file tree
Hide file tree
Showing 6 changed files with 105 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,8 @@ def wants_prerelease?
def available_versions
@available_versions ||=
index_urls.flat_map do |index_url|
validate_index(index_url)

sanitized_url = index_url.gsub(%r{(?<=//).*(?=@)}, "redacted")

index_response = registry_response_for_dependency(index_url)
Expand Down Expand Up @@ -283,6 +285,15 @@ def version_class
def requirement_class
dependency.requirement_class
end

def validate_index(index_url)
sanitized_url = index_url.gsub(%r{(?<=//).*(?=@)}, "redacted")

return if index_url&.match?(URI::DEFAULT_PARSER.regexp[:ABS_URI])

raise Dependabot::DependencyFileNotResolvable,
"Invalid URL: #{sanitized_url}"
end
end
end
end
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ module Python
class UpdateChecker
# This class does version resolution for pyproject.toml files.
class PoetryVersionResolver
extend T::Sig
extend T::Helpers

GIT_REFERENCE_NOT_FOUND_REGEX = /
(Failed to checkout
(?<tag>.+?)
Expand All @@ -38,16 +41,23 @@ class PoetryVersionResolver
\s+check\syour\sgit\sconfiguration
/mx

INCOMPATIBLE_CONSTRAINTS = /Incompatible constraints in requirements of (?<dep>.+?) ((?<ver>.+?)):/

attr_reader :dependency
attr_reader :dependency_files
attr_reader :credentials
attr_reader :repo_contents_path

sig { returns(Dependabot::Python::PoetryErrorHandler) }
attr_reader :error_handler

def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
@dependency = dependency
@dependency_files = dependency_files
@credentials = credentials
@repo_contents_path = repo_contents_path
@error_handler = PoetryErrorHandler.new(dependencies: dependency,
dependency_files: dependency_files)
end

def latest_resolvable_version(requirement: nil)
Expand Down Expand Up @@ -115,6 +125,8 @@ def fetch_version_from_parsed_lockfile(updated_lockfile)

# rubocop:disable Metrics/AbcSize
def handle_poetry_errors(error)
error_handler.handle_poetry_error(error)

if error.message.gsub(/\s/, "").match?(GIT_REFERENCE_NOT_FOUND_REGEX)
message = error.message.gsub(/\s/, "")
match = message.match(GIT_REFERENCE_NOT_FOUND_REGEX)
Expand Down Expand Up @@ -322,5 +334,37 @@ def normalise(name)
end
end
end

class PoetryErrorHandler < UpdateChecker
extend T::Sig

sig do
params(
dependencies: Dependabot::Dependency,
dependency_files: T::Array[Dependabot::DependencyFile]
).void
end
def initialize(dependencies:, dependency_files:)
@dependencies = dependencies
@dependency_files = dependency_files
end

private

sig { returns(Dependabot::Dependency) }
attr_reader :dependencies

sig { returns(T::Array[Dependabot::DependencyFile]) }
attr_reader :dependency_files

public

sig { params(error: Exception).void }
def handle_poetry_error(error)
return true unless (msg = error.message.match(PoetryVersionResolver::INCOMPATIBLE_CONSTRAINTS))

raise DependencyFileNotResolvable, msg
end
end
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,26 @@
end
end
end

context "when the url is invalid (env)" do
let(:requirements_fixture_name) { "custom_index_invalid_env.txt" }

it "raises a helpful error" do
error_class = Dependabot::DependencyFileNotResolvable
expect { latest_version }
.to raise_error(error_class) do |error|
expect(error.message)
.to eq("Invalid URL: $PIP_INDEX_URL/")
end
end
end

context "when the url is valid" do
let(:requirements_fixture_name) { "custom_index_valid.txt" }
let(:dependency_files) { [requirements_file] }

it { is_expected.to eq(Gem::Version.new("2.6.0")) }
end
end

context "when setting in a Pipfile" do
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
repo_contents_path: nil
)
end

let(:credentials) do
[Dependabot::Credential.new({
"type" => "git_source",
Expand Down Expand Up @@ -372,4 +373,27 @@
end
end
end

describe "handles SharedHelpers::HelperSubprocessFailed errors raised by version resolver" do
subject(:poetry_error_handler) { error_handler.handle_poetry_error(exception) }

let(:error_handler) do
Dependabot::Python::PoetryErrorHandler.new(
dependencies: dependency,
dependency_files: dependency_files
)
end
let(:exception) { Exception.new(response) }

context "with incompatible constraints mentioned in requirements" do
let(:response) { "Incompatible constraints in requirements of histolab (0.7.0):" }

it "raises a helpful error" do
expect { poetry_error_handler }.to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
expect(error.message)
.to include("Incompatible constraints in requirements of histolab (0.7.0):")
end
end
end
end
end
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
--index-url $PIP_INDEX_URL
psycopg2==2.6.1
luigi==2.2.0
3 changes: 3 additions & 0 deletions python/spec/fixtures/requirements/custom_index_valid.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
--index-url https://pypi.weasyldev.com/weasyl/source/+simple
psycopg2==2.6.1
luigi==2.2.0

0 comments on commit fc2312a

Please sign in to comment.