From 80e4193c5f96e1ecd34d3470489d7cf40108ffa8 Mon Sep 17 00:00:00 2001 From: Thomas Meire Date: Thu, 12 Jun 2025 23:05:07 +0200 Subject: [PATCH 1/2] catch failure HTTP responses on calls to the npm registry & add a more descriptive error message --- lib/importmap/npm.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/importmap/npm.rb b/lib/importmap/npm.rb index 4a54f85..ff24aba 100644 --- a/lib/importmap/npm.rb +++ b/lib/importmap/npm.rb @@ -80,6 +80,10 @@ def get_json(uri) http.request(request) } + unless response.kind_of? Net::HTTPSuccess + raise HTTPError, "Unexpected error response #{response.code}: #{response.body}" + end + response.body rescue => error raise HTTPError, "Unexpected transport error (#{error.class}: #{error.message})" @@ -111,6 +115,9 @@ def get_audit return {} if body.empty? response = post_json(uri, body) + unless response.kind_of? Net::HTTPSuccess + raise HTTPError, "Unexpected error response #{response.code}: #{response.body}" + end JSON.parse(response.body) end From 8e12aaff08b2705eb1478147a9b2c8d1345d807d Mon Sep 17 00:00:00 2001 From: Thomas Meire Date: Thu, 12 Jun 2025 23:58:59 +0200 Subject: [PATCH 2/2] Add an additional test, improve the error check to fix the tests --- lib/importmap/npm.rb | 18 +++++++++++------- test/npm_test.rb | 40 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 50 insertions(+), 8 deletions(-) diff --git a/lib/importmap/npm.rb b/lib/importmap/npm.rb index ff24aba..5a2c1e5 100644 --- a/lib/importmap/npm.rb +++ b/lib/importmap/npm.rb @@ -76,17 +76,19 @@ def get_json(uri) request = Net::HTTP::Get.new(uri) request["Content-Type"] = "application/json" - response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| - http.request(request) - } + response = begin + Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| + http.request(request) + } + rescue => error + raise HTTPError, "Unexpected transport error (#{error.class}: #{error.message})" + end - unless response.kind_of? Net::HTTPSuccess + unless response.code.to_i < 300 raise HTTPError, "Unexpected error response #{response.code}: #{response.body}" end response.body - rescue => error - raise HTTPError, "Unexpected transport error (#{error.class}: #{error.message})" end def find_latest_version(response) @@ -115,9 +117,11 @@ def get_audit return {} if body.empty? response = post_json(uri, body) - unless response.kind_of? Net::HTTPSuccess + + unless response.code.to_i < 300 raise HTTPError, "Unexpected error response #{response.code}: #{response.body}" end + JSON.parse(response.body) end diff --git a/test/npm_test.rb b/test/npm_test.rb index a53f8b0..fff3a4b 100644 --- a/test/npm_test.rb +++ b/test/npm_test.rb @@ -59,7 +59,7 @@ class Importmap::NpmTest < ActiveSupport::TestCase end end - test "failed outdated packages request with mock" do + test "failed outdated packages request with exception" do Net::HTTP.stub(:start, proc { raise "Unexpected Error" }) do assert_raises(Importmap::Npm::HTTPError) do @npm.outdated_packages @@ -67,6 +67,44 @@ class Importmap::NpmTest < ActiveSupport::TestCase end end + test "failed outdated packages request with error response" do + client = Minitest::Mock.new + response = Class.new do + def body + { "message" => "Service unavailable" }.to_json + end + + def code() "500" end + end.new + + client.expect(:request, nil, [Net::HTTP::Get]) + + Net::HTTP.stub(:start, response, client) do + e = assert_raises(Importmap::Npm::HTTPError) do + @npm.outdated_packages + end + + assert_equal "Unexpected error response 500: {\"message\":\"Service unavailable\"}", e.message + end + end + + test "failed vulnerable packages with mock" do + response = Class.new do + def body + { "message" => "Service unavailable" }.to_json + end + + def code() "500" end + end.new + + @npm.stub(:post_json, response) do + e = assert_raises(Importmap::Npm::HTTPError) do + @npm.vulnerable_packages + end + assert_equal "Unexpected error response 500: {\"message\":\"Service unavailable\"}", e.message + end + end + test "successful vulnerable packages with mock" do response = Class.new do def body