From 7962df253919b5dcfddfff8b935b5beb38acd01f Mon Sep 17 00:00:00 2001
From: "S.Sandhu" <167903774+sachin-sandhu@users.noreply.github.com>
Date: Thu, 22 Aug 2024 12:53:01 -0400
Subject: [PATCH] Adds metadata failure 4xx,5xx error captures (#10483)

Adds metadata failure 4xx,5xx error captures
---
 .../file_updater/pnpm_lockfile_updater.rb     | 26 ++++++-
 .../pnpm_lockfile_updater_spec.rb             | 18 +++++
 .../pnpm/invalid_package_manager/package.json | 26 +++++++
 .../invalid_package_manager/pnpm-lock.yaml    | 68 +++++++++++++++++++
 .../pnpm/meta_fetch_fail/package.json         | 13 ++++
 .../pnpm/meta_fetch_fail/pnpm-lock.yaml       | 11 +++
 6 files changed, 161 insertions(+), 1 deletion(-)
 create mode 100644 npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/package.json
 create mode 100644 npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/pnpm-lock.yaml
 create mode 100644 npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/package.json
 create mode 100644 npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/pnpm-lock.yaml

diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb
index 2f0fc89ade1..d5187dc9808 100644
--- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb
+++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb
@@ -48,8 +48,10 @@ def updated_pnpm_lock_content(pnpm_lock)
         # ERR_PNPM_FETCH ERROR CODES
         ERR_PNPM_FETCH_401 = /ERR_PNPM_FETCH_401.*GET (?<dependency_url>.*):  - 401/
         ERR_PNPM_FETCH_403 = /ERR_PNPM_FETCH_403.*GET (?<dependency_url>.*):  - 403/
+        ERR_PNPM_FETCH_404 = /ERR_PNPM_FETCH_404.*GET (?<dependency_url>.*):  - 404/
         ERR_PNPM_FETCH_500 = /ERR_PNPM_FETCH_500.*GET (?<dependency_url>.*):  - 500/
         ERR_PNPM_FETCH_502 = /ERR_PNPM_FETCH_502.*GET (?<dependency_url>.*):  - 502/
+        ERR_PNPM_FETCH_503 = /ERR_PNPM_FETCH_503.*GET (?<dependency_url>.*):  - 503/
 
         # ERR_PNPM_UNSUPPORTED_ENGINE
         ERR_PNPM_UNSUPPORTED_ENGINE = /ERR_PNPM_UNSUPPORTED_ENGINE/
@@ -66,6 +68,11 @@ def updated_pnpm_lock_content(pnpm_lock)
         PLATFORM_VERSION_REQUIREMENT = /wanted {(?<supported_ver>.*)} \(current: (?<detected_ver>.*)\)/
         PLATFORM_PACAKGE_MANAGER = "pnpm"
 
+        INVALID_PACKAGE_SPEC = /Invalid package manager specification/
+
+        # Metadata inconsistent error codes
+        ERR_PNPM_META_FETCH_FAIL = /ERR_PNPM_META_FETCH_FAIL/
+
         def run_pnpm_update(pnpm_lock:)
           SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
             File.write(".npmrc", npmrc_content(pnpm_lock))
@@ -111,6 +118,7 @@ def lockfile_dependencies(lockfile)
 
         # rubocop:disable Metrics/AbcSize
         # rubocop:disable Metrics/PerceivedComplexity
+        # rubocop:disable Metrics/MethodLength
         def handle_pnpm_lock_updater_error(error, pnpm_lock)
           error_message = error.message
 
@@ -131,7 +139,8 @@ def handle_pnpm_lock_updater_error(error, pnpm_lock)
           end
 
           [FORBIDDEN_PACKAGE, MISSING_PACKAGE, UNAUTHORIZED_PACKAGE, ERR_PNPM_FETCH_401,
-           ERR_PNPM_FETCH_403, ERR_PNPM_FETCH_500, ERR_PNPM_FETCH_502].each do |regexp|
+           ERR_PNPM_FETCH_403, ERR_PNPM_FETCH_404, ERR_PNPM_FETCH_500, ERR_PNPM_FETCH_502, ERR_PNPM_FETCH_503]
+            .each do |regexp|
             next unless error_message.match?(regexp)
 
             dependency_url = error_message.match(regexp).named_captures["dependency_url"]
@@ -147,6 +156,20 @@ def handle_pnpm_lock_updater_error(error, pnpm_lock)
             raise Dependabot::DependencyFileNotResolvable, msg
           end
 
+          # TO-DO : investigate "packageManager" allowed regex
+          if error_message.match?(INVALID_PACKAGE_SPEC)
+            dependency_names = dependencies.map(&:name).join(", ")
+
+            msg = "Invalid package manager specification in package.json while resolving \"#{dependency_names}\"."
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
+          if error_message.match?(ERR_PNPM_META_FETCH_FAIL)
+
+            msg = error_message.split(ERR_PNPM_META_FETCH_FAIL).last
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
           raise_patch_dependency_error(error_message) if error_message.match?(ERR_PNPM_PATCH_NOT_APPLIED)
 
           raise_unsupported_engine_error(error_message, pnpm_lock) if error_message.match?(ERR_PNPM_UNSUPPORTED_ENGINE)
@@ -160,6 +183,7 @@ def handle_pnpm_lock_updater_error(error, pnpm_lock)
         end
         # rubocop:enable Metrics/AbcSize
         # rubocop:enable Metrics/PerceivedComplexity
+        # rubocop:enable Metrics/MethodLength
 
         def raise_resolvability_error(error_message, pnpm_lock)
           dependency_names = dependencies.map(&:name).join(", ")
diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater_spec.rb
index ef5bf5b8f1f..eb827c48c38 100644
--- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater_spec.rb
+++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater_spec.rb
@@ -194,6 +194,15 @@
       end
     end
 
+    context "with an invalid package manager requirement in the package.json" do
+      let(:project_name) { "pnpm/invalid_package_manager" }
+
+      it "raises a helpful error" do
+        expect { updated_pnpm_lock_content }
+          .to raise_error(Dependabot::DependencyFileNotResolvable)
+      end
+    end
+
     context "with a registry resolution that returns err_pnpm_tarball_integrity response" do
       let(:dependency_name) { "lodash" }
       let(:version) { "22.2.0" }
@@ -371,6 +380,15 @@
       end
     end
 
+    context "with an err_pnpm_meta_fetch_fail response" do
+      let(:project_name) { "pnpm/meta_fetch_fail" }
+
+      it "raises a helpful error" do
+        expect { updated_pnpm_lock_content }
+          .to raise_error(Dependabot::DependencyFileNotResolvable)
+      end
+    end
+
     context "with a GHPR registry incorrectly configured including the scope" do
       let(:dependency_name) { "@dsp-testing/inner-source-top-secret-npm-2" }
       let(:version) { "1.0.9" }
diff --git a/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/package.json b/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/package.json
new file mode 100644
index 00000000000..8b3601e9832
--- /dev/null
+++ b/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/package.json
@@ -0,0 +1,26 @@
+{
+    "name": "foo",
+    "version": "1.0.0",
+    "description": "",
+    "packageManager": "pnpm@^9",
+    "main": "index.js",
+    "scripts": {
+        "test": "echo \"Error: no test specified\" && exit 1"
+    },
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/waltfy/PROTO_TEST.git"
+    },
+    "author": "",
+    "license": "ISC",
+    "bugs": {
+        "url": "https://github.com/waltfy/PROTO_TEST/issues"
+    },
+    "homepage": "https://github.com/waltfy/PROTO_TEST#readme",
+    "dependencies": {
+      "fetch-factory": "^0.0.1"
+    },
+    "devDependencies": {
+      "etag" : "^2.0.0"
+    }
+}
diff --git a/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/pnpm-lock.yaml b/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/pnpm-lock.yaml
new file mode 100644
index 00000000000..119c549cdc0
--- /dev/null
+++ b/npm_and_yarn/spec/fixtures/projects/pnpm/invalid_package_manager/pnpm-lock.yaml
@@ -0,0 +1,68 @@
+lockfileVersion: '6.0'
+
+dependencies:
+  fetch-factory:
+    specifier: ^0.0.1
+    version: 0.0.1
+
+devDependencies:
+  etag:
+    specifier: ^1.0.0
+    version: 1.7.0
+
+packages:
+
+  /encoding@0.1.12:
+    resolution: {integrity: sha512-bl1LAgiQc4ZWr++pNYUdRe/alecaHFeHxIJ/pNciqGdKXghaTCOwKkbKp6ye7pKZGu/GcaSXFk8PBVhgs+dJdA==}
+    dependencies:
+      iconv-lite: 0.4.15
+    dev: false
+
+  /es6-promise@3.3.1:
+    resolution: {integrity: sha512-SOp9Phqvqn7jtEUxPWdWfWoLmyt2VaJ6MpvP9Comy1MceMXqE6bxvaTu4iaxpYYPzhny28Lc+M87/c2cPK6lDg==}
+    dev: false
+
+  /etag@1.7.0:
+    resolution: {integrity: sha512-Mbv5pNpLNPrm1b4rzZlZlfTRpdDr31oiD43N362sIyvSWVNu5Du33EcJGzvEV4YdYLuENB1HzND907cQkFmXNw==}
+    engines: {node: '>= 0.6'}
+    dev: true
+
+  /fetch-factory@0.0.1:
+    resolution: {integrity: sha512-gexRwqIhwzDJ2pJvL0UYfiZwW06/bdYWxAmswFFts7C87CF8i6liApihTk7TZFYMDcQjvvDIvyHv0q379z0aWA==}
+    dependencies:
+      es6-promise: 3.3.1
+      isomorphic-fetch: 2.2.1
+      lodash: 3.10.1
+    dev: false
+
+  /iconv-lite@0.4.15:
+    resolution: {integrity: sha512-RGR+c9Lm+tLsvU57FTJJtdbv2hQw42Yl2n26tVIBaYmZzLN+EGfroUugN/z9nJf9kOXd49hBmpoGr4FEm+A4pw==}
+    engines: {node: '>=0.10.0'}
+    dev: false
+
+  /is-stream@1.1.0:
+    resolution: {integrity: sha512-uQPm8kcs47jx38atAcWTVxyltQYoPT68y9aWYdV6yWXSyW8mzSat0TL6CiWdZeCdF3KrAvpVtnHbTv4RN+rqdQ==}
+    engines: {node: '>=0.10.0'}
+    dev: false
+
+  /isomorphic-fetch@2.2.1:
+    resolution: {integrity: sha512-9c4TNAKYXM5PRyVcwUZrF3W09nQ+sO7+jydgs4ZGW9dhsLG2VOlISJABombdQqQRXCwuYG3sYV/puGf5rp0qmA==}
+    dependencies:
+      node-fetch: 1.6.3
+      whatwg-fetch: 2.0.2
+    dev: false
+
+  /lodash@3.10.1:
+    resolution: {integrity: sha512-9mDDwqVIma6OZX79ZlDACZl8sBm0TEnkf99zV3iMA4GzkIT/9hiqP5mY0HoT1iNLCrKc/R1HByV+yJfRWVJryQ==}
+    dev: false
+
+  /node-fetch@1.6.3:
+    resolution: {integrity: sha512-BDxbhLHXFFFvilHjh9xihcDyPkXQ+kjblxnl82zAX41xUYSNvuRpFRznmldR9+OKu+p+ULZ7hNoyunlLB5ecUA==}
+    dependencies:
+      encoding: 0.1.12
+      is-stream: 1.1.0
+    dev: false
+
+  /whatwg-fetch@2.0.2:
+    resolution: {integrity: sha512-a5uPeqJ9mpYPZoJQjOf8zxY4+T18X3WsF6Nq0B0P6S82m09Fgmw9uWAqO/iovuhmFstVhBRMk0fZPaWnmCsmNA==}
+    dev: false
diff --git a/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/package.json b/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/package.json
new file mode 100644
index 00000000000..b3aeec34c1e
--- /dev/null
+++ b/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/package.json
@@ -0,0 +1,13 @@
+{
+    "name": "foo",
+    "version": "1.0.0",
+    "description": "",
+    "packageManager": "pnpm@9.0.1",
+    "main": "index.js",
+    "dependencies": {
+      "fetch-factory": "^2.0.1"
+    },
+    "devDependencies": {
+      "etag" : "^2.0.0"
+    }
+}
diff --git a/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/pnpm-lock.yaml b/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/pnpm-lock.yaml
new file mode 100644
index 00000000000..1e14a4e7b6b
--- /dev/null
+++ b/npm_and_yarn/spec/fixtures/projects/pnpm/meta_fetch_fail/pnpm-lock.yaml
@@ -0,0 +1,11 @@
+lockfileVersion: '6.0'
+
+dependencies:
+  fetch-factory:
+    specifier: ^0.0.1
+    version: 0.0.1
+
+devDependencies:
+  etag:
+    specifier: ^1.0.0
+    version: 1.7.0