mirror of
https://github.com/safedep/vet.git
synced 2025-12-10 12:07:30 -06:00
Show API errors from insight API
This commit is contained in:
abhisek
parent
a8bcb7a898
commit
581771be2b
@ -46,3 +46,8 @@ VET_INSIGHTS_API_KEY=... vet scan
|
|||||||
### How do I disable the stupid banner?
|
### How do I disable the stupid banner?
|
||||||
|
|
||||||
Set environment variable `VET_DISABLE_BANNER=1`
|
Set environment variable `VET_DISABLE_BANNER=1`
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
* https://github.com/google/osv-scanner
|
||||||
|
|
||||||
|
|||||||
@ -47,6 +47,12 @@ paths:
|
|||||||
application/json:
|
application/json:
|
||||||
schema:
|
schema:
|
||||||
$ref: '#/components/schemas/PackageVersionInsight'
|
$ref: '#/components/schemas/PackageVersionInsight'
|
||||||
|
'403':
|
||||||
|
description: Access to the API is denied
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/ApiError'
|
||||||
'404':
|
'404':
|
||||||
description: Requested resource was not found
|
description: Requested resource was not found
|
||||||
content:
|
content:
|
||||||
@ -811,6 +817,9 @@ components:
|
|||||||
properties:
|
properties:
|
||||||
package_version:
|
package_version:
|
||||||
$ref: '#/components/schemas/PackageVersion'
|
$ref: '#/components/schemas/PackageVersion'
|
||||||
|
package_current_version:
|
||||||
|
type: string
|
||||||
|
description: The latest version available for the package
|
||||||
projects:
|
projects:
|
||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
|
|||||||
@ -269,6 +269,7 @@ type GetPackageVersionInsightResponse struct {
|
|||||||
Body []byte
|
Body []byte
|
||||||
HTTPResponse *http.Response
|
HTTPResponse *http.Response
|
||||||
JSON200 *PackageVersionInsight
|
JSON200 *PackageVersionInsight
|
||||||
|
JSON403 *ApiError
|
||||||
JSON404 *ApiError
|
JSON404 *ApiError
|
||||||
JSON429 *ApiError
|
JSON429 *ApiError
|
||||||
JSON500 *ApiError
|
JSON500 *ApiError
|
||||||
@ -345,6 +346,13 @@ func ParseGetPackageVersionInsightResponse(rsp *http.Response) (*GetPackageVersi
|
|||||||
}
|
}
|
||||||
response.JSON200 = &dest
|
response.JSON200 = &dest
|
||||||
|
|
||||||
|
case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403:
|
||||||
|
var dest ApiError
|
||||||
|
if err := json.Unmarshal(bodyBytes, &dest); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
response.JSON403 = &dest
|
||||||
|
|
||||||
case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404:
|
case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404:
|
||||||
var dest ApiError
|
var dest ApiError
|
||||||
if err := json.Unmarshal(bodyBytes, &dest); err != nil {
|
if err := json.Unmarshal(bodyBytes, &dest); err != nil {
|
||||||
|
|||||||
@ -1155,13 +1155,16 @@ type PackageVersion struct {
|
|||||||
|
|
||||||
// PackageVersionInsight defines model for PackageVersionInsight.
|
// PackageVersionInsight defines model for PackageVersionInsight.
|
||||||
type PackageVersionInsight struct {
|
type PackageVersionInsight struct {
|
||||||
Dependencies *[]PackageDependency `json:"dependencies,omitempty"`
|
Dependencies *[]PackageDependency `json:"dependencies,omitempty"`
|
||||||
Dependents *PackageDependents `json:"dependents,omitempty"`
|
Dependents *PackageDependents `json:"dependents,omitempty"`
|
||||||
Licenses *[]License `json:"licenses,omitempty"`
|
Licenses *[]License `json:"licenses,omitempty"`
|
||||||
PackageVersion *PackageVersion `json:"package_version,omitempty"`
|
|
||||||
Projects *[]PackageProjectInfo `json:"projects,omitempty"`
|
// The latest version available for the package
|
||||||
Scorecard *Scorecard `json:"scorecard,omitempty"`
|
PackageCurrentVersion *string `json:"package_current_version,omitempty"`
|
||||||
Vulnerabilities *[]PackageVulnerability `json:"vulnerabilities,omitempty"`
|
PackageVersion *PackageVersion `json:"package_version,omitempty"`
|
||||||
|
Projects *[]PackageProjectInfo `json:"projects,omitempty"`
|
||||||
|
Scorecard *Scorecard `json:"scorecard,omitempty"`
|
||||||
|
Vulnerabilities *[]PackageVulnerability `json:"vulnerabilities,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Subset of OSV schema required to perform policy
|
// Subset of OSV schema required to perform policy
|
||||||
|
|||||||
4
go.mod
4
go.mod
@ -6,6 +6,7 @@ require (
|
|||||||
github.com/deepmap/oapi-codegen v1.12.4
|
github.com/deepmap/oapi-codegen v1.12.4
|
||||||
github.com/google/cel-go v0.13.0
|
github.com/google/cel-go v0.13.0
|
||||||
github.com/google/osv-scanner v1.0.2
|
github.com/google/osv-scanner v1.0.2
|
||||||
|
github.com/safedep/dry v0.0.0-20230118052634-223a5f3eef52
|
||||||
github.com/sirupsen/logrus v1.9.0
|
github.com/sirupsen/logrus v1.9.0
|
||||||
github.com/spf13/cobra v1.6.1
|
github.com/spf13/cobra v1.6.1
|
||||||
github.com/stretchr/testify v1.8.1
|
github.com/stretchr/testify v1.8.1
|
||||||
@ -18,8 +19,11 @@ require (
|
|||||||
github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
|
github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
|
||||||
github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
|
github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
|
||||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||||
|
github.com/golang/protobuf v1.5.2 // indirect
|
||||||
github.com/google/uuid v1.3.0 // indirect
|
github.com/google/uuid v1.3.0 // indirect
|
||||||
github.com/inconshreveable/mousetrap v1.0.1 // indirect
|
github.com/inconshreveable/mousetrap v1.0.1 // indirect
|
||||||
|
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
||||||
|
github.com/oklog/ulid/v2 v2.1.0 // indirect
|
||||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||||
github.com/spf13/pflag v1.0.5 // indirect
|
github.com/spf13/pflag v1.0.5 // indirect
|
||||||
github.com/stoewer/go-strcase v1.2.0 // indirect
|
github.com/stoewer/go-strcase v1.2.0 // indirect
|
||||||
|
|||||||
10
go.sum
10
go.sum
@ -13,6 +13,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
|
|||||||
github.com/deepmap/oapi-codegen v1.12.4 h1:pPmn6qI9MuOtCz82WY2Xaw46EQjgvxednXXrP7g5Q2s=
|
github.com/deepmap/oapi-codegen v1.12.4 h1:pPmn6qI9MuOtCz82WY2Xaw46EQjgvxednXXrP7g5Q2s=
|
||||||
github.com/deepmap/oapi-codegen v1.12.4/go.mod h1:3lgHGMu6myQ2vqbbTXH2H1o4eXFTGnFiDaOaKKl5yas=
|
github.com/deepmap/oapi-codegen v1.12.4/go.mod h1:3lgHGMu6myQ2vqbbTXH2H1o4eXFTGnFiDaOaKKl5yas=
|
||||||
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
|
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
|
||||||
|
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
|
||||||
|
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
|
||||||
github.com/google/cel-go v0.13.0 h1:z+8OBOcmh7IeKyqwT/6IlnMvy621fYUqnTVPEdegGlU=
|
github.com/google/cel-go v0.13.0 h1:z+8OBOcmh7IeKyqwT/6IlnMvy621fYUqnTVPEdegGlU=
|
||||||
github.com/google/cel-go v0.13.0/go.mod h1:K2hpQgEjDp18J76a2DKFRlPBPpgRZgi6EbnpDgIhJ8s=
|
github.com/google/cel-go v0.13.0/go.mod h1:K2hpQgEjDp18J76a2DKFRlPBPpgRZgi6EbnpDgIhJ8s=
|
||||||
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||||
@ -24,9 +26,16 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
|
|||||||
github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
|
github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
|
||||||
github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
|
github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
|
||||||
github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
|
github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
|
||||||
|
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
|
||||||
|
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||||
|
github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
|
||||||
|
github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
|
||||||
|
github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||||
|
github.com/safedep/dry v0.0.0-20230118052634-223a5f3eef52 h1:TQNrGUhXbm9ZzQW0u0vGv+AoTQIP4ajEicSb9qpX8dk=
|
||||||
|
github.com/safedep/dry v0.0.0-20230118052634-223a5f3eef52/go.mod h1:BDeFh8rfhLz1H0F829C6adC7nkmoU9BfGyKlHE+ccF0=
|
||||||
github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
|
github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
|
||||||
github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
|
github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
|
||||||
github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
|
github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
|
||||||
@ -59,6 +68,7 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
|
|||||||
google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c h1:QgY/XxIAIeccR+Ca/rDdKubLIU9rcJ3xfy1DC/Wd2Oo=
|
google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c h1:QgY/XxIAIeccR+Ca/rDdKubLIU9rcJ3xfy1DC/Wd2Oo=
|
||||||
google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo=
|
google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo=
|
||||||
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
|
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
|
||||||
|
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
|
||||||
google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
|
google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
|
||||||
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||||
|
|||||||
@ -6,6 +6,8 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/safedep/dry/errors"
|
||||||
|
"github.com/safedep/dry/utils"
|
||||||
"github.com/safedep/vet/gen/insightapi"
|
"github.com/safedep/vet/gen/insightapi"
|
||||||
"github.com/safedep/vet/internal/auth"
|
"github.com/safedep/vet/internal/auth"
|
||||||
"github.com/safedep/vet/pkg/common/logger"
|
"github.com/safedep/vet/pkg/common/logger"
|
||||||
@ -62,15 +64,21 @@ func (e *insightsBasedPackageEnricher) Enrich(pkg *models.Package,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if res.HTTPResponse.StatusCode != 200 {
|
if res.HTTPResponse.StatusCode != 200 {
|
||||||
return fmt.Errorf("bad response: %d: %s", res.HTTPResponse.StatusCode,
|
return buildApiError(res.HTTPResponse,
|
||||||
res.HTTPResponse.Status)
|
map[int]*insightapi.ApiError{
|
||||||
|
429: res.JSON429,
|
||||||
|
403: res.JSON403,
|
||||||
|
404: res.JSON404,
|
||||||
|
500: res.JSON500,
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
if (res.JSON200 == nil) || (res.JSON200.Dependencies == nil) {
|
if res.JSON200 == nil {
|
||||||
return fmt.Errorf("unexpected nil response from Insight API")
|
return fmt.Errorf("unexpected nil response for: %s/%s/%s",
|
||||||
|
pkg.Manifest.Ecosystem, pkg.PackageDetails.Name, pkg.Insights.PackageVersion.Version)
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, dep := range *res.JSON200.Dependencies {
|
for _, dep := range utils.SafelyGetValue(res.JSON200.Dependencies) {
|
||||||
if strings.EqualFold(dep.PackageVersion.Name, pkg.PackageDetails.Name) {
|
if strings.EqualFold(dep.PackageVersion.Name, pkg.PackageDetails.Name) {
|
||||||
// Skip self references in dependency
|
// Skip self references in dependency
|
||||||
continue
|
continue
|
||||||
@ -85,10 +93,27 @@ func (e *insightsBasedPackageEnricher) Enrich(pkg *models.Package,
|
|||||||
})
|
})
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Errorf("Failed to invoke package dependency callback: %v", err)
|
logger.Errorf("package dependency callback failed: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg.Insights = res.JSON200
|
pkg.Insights = res.JSON200
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// buildApiError builds an API error based on response code and body
|
||||||
|
func buildApiError(res *http.Response, payloads map[int]*insightapi.ApiError) error {
|
||||||
|
if res.StatusCode == http.StatusOK {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
apiErr := payloads[res.StatusCode]
|
||||||
|
if apiErr == nil {
|
||||||
|
return errors.BuildApiError("500", "Internal Server Error",
|
||||||
|
"internal_server_error")
|
||||||
|
}
|
||||||
|
|
||||||
|
return errors.BuildApiError(utils.SafelyGetValue(apiErr.Code),
|
||||||
|
utils.SafelyGetValue(apiErr.Message),
|
||||||
|
utils.SafelyGetValue(apiErr.Type))
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user