Google Git
Sign in
dart/pub/refs/heads/cherry_pick_advisory_fix^!/.
commit
815d0777097de0c2dc6ce471699b594c9662dafe
[log]
author
Sarah Zakarias <zarah@google.com>
Thu May 23 10:52:04 2024 +0200
committer
Sigurd Meldgaard <sigurdm@google.com>
Tue Jun 11 09:51:56 2024 +0000
tree
2359bfa340b0f7cbe43149b2c8c1748f53571027
parent
9d1025414395db2dac9d590d2e567c27064783d2 [diff]
Properly handle case where the client is unable to fetch advisories  (#4275)


diff --git a/lib/src/source/hosted.dart b/lib/src/source/hosted.dart
index b51baa9..397e7d8 100644
--- a/lib/src/source/hosted.dart
+++ b/lib/src/source/hosted.dart

@@ -589,10 +589,23 @@
       result = _extractAdvisoryDetailsForPackage(decoded, ref.name);
     } on FormatException catch (error, stackTrace) {
       log.warning(
-          'Failed to fetch advisories for $packageName from $hostedUrl.\n'
+          'Failed to decode advisories for $packageName from $hostedUrl.\n'
           '$error\n'
           '${Chain.forTrace(stackTrace)}');
       return null;
+    } on PubHttpResponseException catch (error, stackTrace) {
+      if (isPubDevUrl(hostedUrl)) {
+        fail(
+          'Failed to fetch advisories for "$packageName" from "$hostedUrl".\n',
+          error,
+          stackTrace,
+        );
+      } else {
+        log.warning(
+          'Warning: Unable to fetch advisories for "$packageName" from "$hostedUrl".\n',
+        );
+      }
+      return null;
     }
 
     // Cache the response on disk.

diff --git a/test/get/hosted/advisory_test.dart b/test/get/hosted/advisory_test.dart
index 84bdb41..00782e8 100644
--- a/test/get/hosted/advisory_test.dart
+++ b/test/get/hosted/advisory_test.dart

@@ -2,6 +2,8 @@
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
+import 'package:shelf/shelf.dart';
+
 import '../../descriptor.dart' as d;
 import '../../golden_file.dart';
 import '../../package_server.dart';
@@ -284,6 +286,75 @@
     await ctx.run(['get']);
   });
 
+  testWithGolden('no advisory available from pub.dev', (ctx) async {
+    final server = await servePackages();
+    server
+      ..serve('foo', '1.0.0')
+      ..serve('no_advisory_pkg', '1.0.0');
+
+    await d.dir(appPath, [
+      d.pubspec({
+        'name': 'app',
+        'dependencies': {
+          'foo': '^1.0.0',
+          'no_advisory_pkg': '^1.0.0',
+        },
+      }),
+    ]).create();
+
+    server.addAdvisory(
+      advisoryId: '123',
+      displayUrl: 'https://github.com/advisories/123',
+      affectedPackages: [
+        AffectedPackage(name: 'no_advisory_pkg', versions: ['1.0.0']),
+        AffectedPackage(name: 'foo', versions: ['1.0.0']),
+      ],
+    );
+
+    server.handle(
+      '/api/packages/no_advisory_pkg/advisories',
+      (request) => Response.notFound(null),
+    );
+
+    await ctx.run(
+      ['get'],
+      environment: {'_PUB_TEST_DEFAULT_HOSTED_URL': globalServer.url},
+    );
+  });
+
+  testWithGolden('no advisory available', (ctx) async {
+    final server = await servePackages();
+    server
+      ..serve('foo', '1.0.0')
+      ..serve('no_advisory_pkg', '1.0.0');
+
+    await d.dir(appPath, [
+      d.pubspec({
+        'name': 'app',
+        'dependencies': {
+          'foo': '^1.0.0',
+          'no_advisory_pkg': '^1.0.0',
+        },
+      }),
+    ]).create();
+
+    server.addAdvisory(
+      advisoryId: '123',
+      displayUrl: 'https://github.com/advisories/123',
+      affectedPackages: [
+        AffectedPackage(name: 'no_advisory_pkg', versions: ['1.0.0']),
+        AffectedPackage(name: 'foo', versions: ['1.0.0']),
+      ],
+    );
+
+    server.handle(
+      '/api/packages/no_advisory_pkg/advisories',
+      (request) => Response.notFound(null),
+    );
+
+    await ctx.run(['get']);
+  });
+
   testWithGolden('show id if no display url is present', (ctx) async {
     final server = await servePackages();
     server

diff --git a/test/testdata/goldens/get/hosted/advisory_test/no advisory available from pub.dev.txt b/test/testdata/goldens/get/hosted/advisory_test/no advisory available from pub.dev.txt
new file mode 100644
index 0000000..6349e10
--- /dev/null
+++ b/test/testdata/goldens/get/hosted/advisory_test/no advisory available from pub.dev.txt

@@ -0,0 +1,9 @@
+# GENERATED BY: test/get/hosted/advisory_test.dart
+
+## Section 0
+$ pub get
+Resolving dependencies...
+Downloading packages...
+[STDERR] Failed to fetch advisories for "no_advisory_pkg" from "http://localhost:$PORT".
+[EXIT CODE] 69
+

diff --git a/test/testdata/goldens/get/hosted/advisory_test/no advisory available.txt b/test/testdata/goldens/get/hosted/advisory_test/no advisory available.txt
new file mode 100644
index 0000000..0a4e3e5
--- /dev/null
+++ b/test/testdata/goldens/get/hosted/advisory_test/no advisory available.txt

@@ -0,0 +1,13 @@
+# GENERATED BY: test/get/hosted/advisory_test.dart
+
+## Section 0
+$ pub get
+Resolving dependencies...
+Downloading packages...
++ foo 1.0.0 (affected by advisory: [^0])
++ no_advisory_pkg 1.0.0
+Changed 2 dependencies!
+Dependencies are affected by security advisories:
+  [^0]: https://github.com/advisories/123
+[STDERR] Warning: Unable to fetch advisories for "no_advisory_pkg" from "http://localhost:$PORT".
+