Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle package not found in package registries #3363

Merged
merged 3 commits into from
May 20, 2024
Merged

Handle package not found in package registries #3363

merged 3 commits into from
May 20, 2024

Conversation

jhrozek
Copy link
Contributor

@jhrozek jhrozek commented May 18, 2024
edited by rdimitrov
Loading

Summary

If we don't find a package in the configured package registry, we would
have errored out. Let's instead reply inline that there is a
vulnerability but that we can't find information about the package.

Fixes: #3368

Change Type

  • Bug fix (resolves an issue without affecting existing features)
  • Feature (adds new functionality without breaking changes)
  • Breaking change (may impact existing functionalities or require documentation updates)
  • Documentation (updates or additions to documentation)
  • Refactoring or test improvements (no bug fixes or new functionality)

Testing

Manual testing, see e.g. jakubtestorg/demo-repo-js#4

Review Checklist:

  • Reviewed my own code for quality and clarity.
  • Added comments to complex or tricky code sections.
  • Updated any affected documentation.
  • Included tests that validate the fix or feature.
  • Checked that related changes are merged.

@jhrozek jhrozek requested a review from a team as a code owner May 18, 2024 18:37
stacklokbot
stacklokbot reviewed May 18, 2024
View reviewed changes
Copy link
Contributor

@stacklokbot stacklokbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ No Invisible Unicode Characters Detected.

@jhrozek jhrozek marked this pull request as draft May 18, 2024 18:37
@jhrozek
Copy link
Contributor Author

jhrozek commented May 18, 2024

This is a draft because a) there are no tests and b) I think there is room for improvement (see inline comments)

@coveralls
Copy link

coveralls commented May 18, 2024
edited
Loading

Coverage Status

coverage: 50.265% (-0.1%) from 50.388%
when pulling 916b690 on jhrozek:pkg_not_found
into df58820 on stacklok:main.

stacklokbot
stacklokbot reviewed May 19, 2024
View reviewed changes
Copy link
Contributor

@stacklokbot stacklokbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ No Invisible Unicode Characters Detected.

stacklokbot
stacklokbot reviewed May 19, 2024
View reviewed changes
Copy link
Contributor

@stacklokbot stacklokbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ No Mixed Scripts Detected.

@jhrozek
Handle package not found in package registries
90f3a2a 
If we don't find a package in the configured package registry, we would
have errored out. Let's instead reply inline that there is a
vulnerability but that we can't find information about the package.
stacklokbot
stacklokbot reviewed May 20, 2024
View reviewed changes
Copy link
Contributor

@stacklokbot stacklokbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ No Invisible Unicode Characters Detected.

stacklokbot
stacklokbot reviewed May 20, 2024
View reviewed changes
Copy link
Contributor

@stacklokbot stacklokbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ No Mixed Scripts Detected.

@jhrozek jhrozek marked this pull request as ready for review May 20, 2024 08:07
JAORMX
JAORMX previously approved these changes May 20, 2024
View reviewed changes
internal/engine/eval/vulncheck/pkgdb_test.go Outdated
@@ -386,6 +393,9 @@ func TestPyPiPkgDb(t *testing.T) {
}
reply, err := repo.SendRecvRequest(context.Background(), dep, tt.patchedVersion, latest)
if tt.expectError {
if tt.errorToExpect != nil {
assert.Equal(t, tt.errorToExpect, err, "Expected error")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not use assert.ErrorIs?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because I'm dumb :-) let me fix it

@rdimitrov rdimitrov merged commit eddc285 into mindersec:main May 20, 2024
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stacklokbot stacklokbot stacklokbot left review comments

@rdimitrov rdimitrov rdimitrov approved these changes

@JAORMX JAORMX JAORMX left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Minder errors out when a package is not found in NPM while evaluating a PR
5 participants
@jhrozek @coveralls @JAORMX @rdimitrov @stacklokbot