From 2aa04856ee0c847892991d2d8fcc390c8961a344 Mon Sep 17 00:00:00 2001 From: Hariharan Thavachelvam <164553783+thavaahariharangit@users.noreply.github.com> Date: Wed, 11 Dec 2024 20:08:56 +0000 Subject: [PATCH] Throwing an appropriate error, when private registry response with 200 status and empty array response (#11095) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Added check for Hash, unless not to proceed. * Adding Rspec test and Sorbet Check. * Adding Rspec test and Sorbet Check. * Adding Rspec test. * rubocop error fixes * rubocop fixes added. * As per the standup discussion decided to throw git_dependencies_not_reachable --------- Co-authored-by: “Thavachelvam <“thavaahariharangit@git.com”> --- .../update_checker/latest_version_finder.rb | 11 ++++++++--- .../update_checker/latest_version_finder_spec.rb | 13 +++++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/composer/lib/dependabot/composer/update_checker/latest_version_finder.rb b/composer/lib/dependabot/composer/update_checker/latest_version_finder.rb index 6a5b4eaf08..2d4fbe1579 100644 --- a/composer/lib/dependabot/composer/update_checker/latest_version_finder.rb +++ b/composer/lib/dependabot/composer/update_checker/latest_version_finder.rb @@ -144,9 +144,17 @@ def parse_registry_response(response, url) listing = JSON.parse(response.body) return [] if listing.nil? + return [] unless listing.is_a?(Hash) return [] if listing.fetch("packages", []) == [] return [] unless listing.dig("packages", dependency.name.downcase) + extract_versions(listing) + rescue JSON::ParserError + msg = "'#{url}' does not contain valid JSON" + raise DependencyFileNotResolvable, msg + end + + def extract_versions(listing) # Packagist's Metadata API format: # v1: "packages": {: {: {hash of metadata for a particular release version}}} # v2: "packages": {: [{hash of metadata for a particular release version}]} @@ -164,9 +172,6 @@ def parse_registry_response(response, url) else [] end - rescue JSON::ParserError - msg = "'#{url}' does not contain valid JSON" - raise DependencyFileNotResolvable, msg end def registry_credentials diff --git a/composer/spec/dependabot/composer/update_checker/latest_version_finder_spec.rb b/composer/spec/dependabot/composer/update_checker/latest_version_finder_spec.rb index 4dea901b04..c38ae4350e 100644 --- a/composer/spec/dependabot/composer/update_checker/latest_version_finder_spec.rb +++ b/composer/spec/dependabot/composer/update_checker/latest_version_finder_spec.rb @@ -394,4 +394,17 @@ it { is_expected.to eq(Gem::Version.new("1.12.0")) } end + + context "when the response status is 200 && the body is an empty array" do + let(:url) { "https://example.com/packages.json" } + let(:response) { instance_double(Excon::Response, status: 200, body: "[]") } + + before do + allow(Dependabot::RegistryClient).to receive(:get).and_return(response) + end + + it "returns an empty array" do + expect(finder.send(:fetch_registry_versions_from_url, url)).to eq([]) + end + end end