Fixes exception handler for file_not_parseable under file_updater and…

… fixes error handler for package not found error (#10619) * adds exception handler for file not parsebale and corrects use case for package URL
dependabot · Sep 24, 2024 · de37efa · de37efa
1 parent f5645f7
commit de37efa
Show file tree

Hide file tree

Showing 9 changed files with 86 additions and 5 deletions.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn.rb
@@ -362,7 +362,7 @@ def self.sanitize_resolvability_message(error_message, dependencies, yarn_lock)
       {
         patterns: [INVALID_NAME_IN_PACKAGE_JSON],
         handler: lambda { |message, _error, _params|
-          Dependabot::DependencyFileNotParseable.new(message)
+          Dependabot::DependencyFileNotResolvable.new(message)
         },
         in_usage: false,
         matchfn: nil

diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/registry_parser.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/registry_parser.rb
@@ -46,7 +46,10 @@ def dependency_name
                    end
 
         package_name = url_base.gsub("%2F", "/").match(%r{@.*/})
-        "#{T.must(package_name)}#{T.must(url_base.gsub('%2F', '/').split('/').last)}"
+
+        return T.must(url_base.gsub("%2F", "/").split("/").last) unless package_name
+
+        "#{package_name}#{T.must(url_base.gsub('%2F', '/').split('/').last)}"
       end
 
       private

diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater_spec.rb
@@ -144,6 +144,43 @@
       end
     end
 
+    context "when there is a private registry we don't have access to" do
+      let(:project_name) { "pnpm/private_package_access_with_package_name" }
+
+      it "raises a helpful error" do
+        expect { updated_pnpm_lock_content }
+          .to raise_error(Dependabot::PrivateSourceAuthenticationFailure)
+      end
+    end
+
+    context "when there is a private registry we don't have access to and no package name is mentioned" do
+      let(:dependency_name) { "rollup" }
+      let(:version) { "3.29.5" }
+      let(:previous_version) { "^2.79.1" }
+      let(:requirements) do
+        [{
+          file: "package.json",
+          requirement: "3.29.5",
+          groups: ["devDependencies"],
+          source: nil
+        }]
+      end
+      let(:previous_requirements) do
+        [{
+          file: "package.json",
+          requirement: "^2.79.1",
+          groups: ["devDependencies"],
+          source: nil
+        }]
+      end
+      let(:project_name) { "pnpm/private_dep_access_with_no_package_name" }
+
+      it "raises a helpful error" do
+        expect { updated_pnpm_lock_content }
+          .to raise_error(Dependabot::DependencyNotFound)
+      end
+    end
+
     context "when there is a unsupported engine response (pnpm) from registry" do
       let(:dependency_name) { "eslint" }
       let(:version) { "9.9.0" }

diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater_spec.rb
@@ -314,13 +314,13 @@
       end
     end
 
-    context "with a package.json which contains illegal character '@' in the name" do
+    context "with a package.json which contains illegal characters in the name" do
       let(:files) { project_dependency_files("yarn/package_json_contains_illegal_characters_in_name") }
 
       it "raises a helpful error" do
         expect { updated_yarn_lock_content }
-          .to raise_error(Dependabot::DependencyFileNotParseable) do |error|
-          expect(error.message).to eq("package.json: Name contains illegal characters not parseable")
+          .to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
+          expect(error.message).to eq("package.json: Name contains illegal characters")
         end
       end
     end

diff --git a/...and_yarn/spec/fixtures/projects/pnpm/private_dep_access_with_no_package_name/package.json b/...and_yarn/spec/fixtures/projects/pnpm/private_dep_access_with_no_package_name/package.json
@@ -0,0 +1,6 @@
+{
+  "private": true,
+  "devDependencies": {
+    "npm:rollup": "^2.79.1"
+  }
+}
diff --git a/...d_yarn/spec/fixtures/projects/pnpm/private_dep_access_with_no_package_name/pnpm-lock.yaml b/...d_yarn/spec/fixtures/projects/pnpm/private_dep_access_with_no_package_name/pnpm-lock.yaml
diff --git a/npm_and_yarn/spec/fixtures/projects/pnpm/private_package_access_with_package_name/.npmrc b/npm_and_yarn/spec/fixtures/projects/pnpm/private_package_access_with_package_name/.npmrc
@@ -0,0 +1 @@
+@private-pkg:registry=https://npm.pkg.github.com
diff --git a/...nd_yarn/spec/fixtures/projects/pnpm/private_package_access_with_package_name/package.json b/...nd_yarn/spec/fixtures/projects/pnpm/private_package_access_with_package_name/package.json
@@ -0,0 +1,5 @@
+{
+  "dependencies": {
+    "@private-pkg/inner-source-top-secret-npm-2": "1.0.3"
+  }
+}
diff --git a/..._yarn/spec/fixtures/projects/pnpm/private_package_access_with_package_name/pnpm-lock.yaml b/..._yarn/spec/fixtures/projects/pnpm/private_package_access_with_package_name/pnpm-lock.yaml