Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Go modules: raise GitDependenciesNotReachable #2780

Merged
merged 1 commit into from
Nov 25, 2020
Merged

Go modules: raise GitDependenciesNotReachable #2780

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 23 additions & 2 deletions go_modules/lib/dependabot/go_modules/file_parser.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,8 +139,9 @@ def go_mod_content
def handle_parser_error(path, stderr)
case stderr
when /go: .*: unknown revision/m
line = stderr.lines.grep(/unknown revision/).first
raise Dependabot::DependencyFileNotResolvable, line.strip
line = stderr.lines.grep(/unknown revision/).first.strip
handle_github_unknown_revision(line) if line.start_with?("go: github.com/")
raise Dependabot::DependencyFileNotResolvable, line
when /go: .*: unrecognized import path/m
line = stderr.lines.grep(/unrecognized import/).first
raise Dependabot::DependencyFileNotResolvable, line.strip
Expand All @@ -156,6 +157,26 @@ def handle_parser_error(path, stderr)
end
end

GITHUB_REPO_REGEX = %r{github.com/[^@]*}.freeze
def handle_github_unknown_revision(line)
repo_path = line.scan(GITHUB_REPO_REGEX).first
return unless repo_path

# Query for _any_ version of this module, to know if it doesn't exist (or is private)
# or we were just given a bad revision by this manifest
SharedHelpers.in_a_temporary_directory do
SharedHelpers.with_git_configured(credentials: credentials) do
File.write("go.mod", "module dummy\n")

env = { "GOPRIVATE" => "*" }
_, _, status = Open3.capture3(env, SharedHelpers.escape_command("go get #{repo_path}"))
raise Dependabot::DependencyFileNotResolvable, line if status.success?

raise Dependabot::GitDependenciesNotReachable, [repo_path]
end
end
end

def rev_identifier?(dep)
dep["Version"]&.match?(GIT_VERSION_REGEX)
end
Expand Down
27 changes: 27 additions & 0 deletions go_modules/spec/dependabot/go_modules/file_parser_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,33 @@
end
end

describe "a non-existent github.com repository" do
let(:invalid_repo) { "github.com/dependabot-fixtures/must-never-exist" }
let(:go_mod_content) do
go_mod = fixture("go_mods", go_mod_fixture_name)
go_mod.sub("rsc.io/quote", invalid_repo)
end

it "raises the correct error" do
expect { parser.parse }.
to raise_error(Dependabot::GitDependenciesNotReachable) do |error|
expect(error.dependency_urls).to contain_exactly(invalid_repo)
end
end
end

describe "a non-existent github.com revision" do
let(:go_mod_content) do
go_mod = fixture("go_mods", go_mod_fixture_name)
go_mod.sub("github.com/mattn/go-colorable v0.0.9", "github.com/mattn/go-colorable v0.1234.4321")
end

it "raises the correct error" do
expect { parser.parse }.
to raise_error(Dependabot::DependencyFileNotResolvable)
end
end

describe "a non-existing transitive dependency" do
# go.mod references repo with bad go.mod, a broken transitive dependency
let(:go_mod_fixture_name) { "parent_module.mod" }
Expand Down