adds handler for pip updater

dependabot · Jan 15, 2025 · 81f8c9c · 81f8c9c
1 parent 83b0751
commit 81f8c9c
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/python/lib/dependabot/python/file_updater/requirement_replacer.rb b/python/lib/dependabot/python/file_updater/requirement_replacer.rb
@@ -14,6 +14,8 @@ class FileUpdater
       class RequirementReplacer
         PACKAGE_NOT_FOUND_ERROR = "PackageNotFoundError"
 
+        CERTIFICATE_VERIFY_FAILED = /CERTIFICATE_VERIFY_FAILED/
+
         def initialize(content:, dependency_name:, old_requirement:,
                        new_requirement:, new_hash_version: nil, index_urls: nil)
           @content          = content
@@ -153,6 +155,8 @@ def package_hashes_for(name:, version:, algorithm:)
                 args: args
               )
             rescue SharedHelpers::HelperSubprocessFailed => e
+              requirement_error_handler(e)
+
               raise unless e.message.include?("PackageNotFoundError")
 
               next
@@ -193,6 +197,17 @@ def requirements_match(req1, req2)
           req1&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort ==
             req2&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort
         end
+
+        public
+
+        def requirement_error_handler(error)
+          Dependabot.logger.warn(error.message)
+
+          return unless error.message.match?(CERTIFICATE_VERIFY_FAILED)
+
+          msg = "Error resolving dependency."
+          raise DependencyFileNotResolvable, msg
+        end
       end
     end
   end

diff --git a/python/spec/dependabot/python/file_updater/requirement_replacer_spec.rb b/python/spec/dependabot/python/file_updater/requirement_replacer_spec.rb
@@ -89,6 +89,20 @@
         it { is_expected.to include("Flask-SQLAlchemy\n") }
         it { is_expected.to include("zope.SQLAlchemy\n") }
       end
+
+      context "when requirement check returns unexpected exception" do
+        subject(:req_replacer) { replacer.requirement_error_handler(exception) }
+
+        let(:exception) { Exception.new(response) }
+
+        context "with a registry that results in failed certificate error" do
+          let(:response) { "CERTIFICATE_VERIFY_FAILED" }
+
+          it "raises a helpful error" do
+            expect { req_replacer }.to raise_error(Dependabot::DependencyFileNotResolvable)
+          end
+        end
+      end
     end
   end
 end