Show API errors from insight API

2025-12-10 13:43:01 -06:00 · 2023-01-20 11:09:43 +05:30 · 2023-01-20 11:09:43 +05:30 · 581771be2b
commit 581771be2b
parent a8bcb7a898
7 changed files with 77 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -46,3 +46,8 @@ VET_INSIGHTS_API_KEY=... vet scan
 ### How do I disable the stupid banner?

 Set environment variable `VET_DISABLE_BANNER=1`
+
+## References
+
+* https://github.com/google/osv-scanner
+
--- a/api/insights-v1.yml
+++ b/api/insights-v1.yml
@ -47,6 +47,12 @@ paths:
            application/json:
              schema:
                $ref: '#/components/schemas/PackageVersionInsight'
+        '403':
+          description: Access to the API is denied
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
        '404':
          description: Requested resource was not found
          content:
@ -811,6 +817,9 @@ components:
      properties:
        package_version:
          $ref: '#/components/schemas/PackageVersion'
+        package_current_version:
+          type: string
+          description: The latest version available for the package
        projects:
          type: array
          items:
--- a/gen/insightapi/insights.client.go
+++ b/gen/insightapi/insights.client.go
@ -269,6 +269,7 @@ type GetPackageVersionInsightResponse struct {
 	Body         []byte
 	HTTPResponse *http.Response
 	JSON200      *PackageVersionInsight
+	JSON403      *ApiError
 	JSON404      *ApiError
 	JSON429      *ApiError
 	JSON500      *ApiError
@ -345,6 +346,13 @@ func ParseGetPackageVersionInsightResponse(rsp *http.Response) (*GetPackageVersi
 		}
 		response.JSON200 = &dest

+	case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 403:
+		var dest ApiError
+		if err := json.Unmarshal(bodyBytes, &dest); err != nil {
+			return nil, err
+		}
+		response.JSON403 = &dest
+
 	case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 404:
 		var dest ApiError
 		if err := json.Unmarshal(bodyBytes, &dest); err != nil {
--- a/gen/insightapi/insights.types.go
+++ b/gen/insightapi/insights.types.go
@ -1158,6 +1158,9 @@ type PackageVersionInsight struct {
 	Dependencies *[]PackageDependency `json:"dependencies,omitempty"`
 	Dependents   *PackageDependents   `json:"dependents,omitempty"`
 	Licenses     *[]License           `json:"licenses,omitempty"`
+
+	// The latest version available for the package
+	PackageCurrentVersion *string                 `json:"package_current_version,omitempty"`
 	PackageVersion        *PackageVersion         `json:"package_version,omitempty"`
 	Projects              *[]PackageProjectInfo   `json:"projects,omitempty"`
 	Scorecard             *Scorecard              `json:"scorecard,omitempty"`
--- a/go.mod
+++ b/go.mod
@ -6,6 +6,7 @@ require (
 	github.com/deepmap/oapi-codegen v1.12.4
 	github.com/google/cel-go v0.13.0
 	github.com/google/osv-scanner v1.0.2
+	github.com/safedep/dry v0.0.0-20230118052634-223a5f3eef52
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.6.1
 	github.com/stretchr/testify v1.8.1
@ -18,8 +19,11 @@ require (
 	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
 	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/oklog/ulid/v2 v2.1.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stoewer/go-strcase v1.2.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -13,6 +13,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/deepmap/oapi-codegen v1.12.4 h1:pPmn6qI9MuOtCz82WY2Xaw46EQjgvxednXXrP7g5Q2s=
 github.com/deepmap/oapi-codegen v1.12.4/go.mod h1:3lgHGMu6myQ2vqbbTXH2H1o4eXFTGnFiDaOaKKl5yas=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/cel-go v0.13.0 h1:z+8OBOcmh7IeKyqwT/6IlnMvy621fYUqnTVPEdegGlU=
 github.com/google/cel-go v0.13.0/go.mod h1:K2hpQgEjDp18J76a2DKFRlPBPpgRZgi6EbnpDgIhJ8s=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@ -24,9 +26,16 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
+github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
+github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/safedep/dry v0.0.0-20230118052634-223a5f3eef52 h1:TQNrGUhXbm9ZzQW0u0vGv+AoTQIP4ajEicSb9qpX8dk=
+github.com/safedep/dry v0.0.0-20230118052634-223a5f3eef52/go.mod h1:BDeFh8rfhLz1H0F829C6adC7nkmoU9BfGyKlHE+ccF0=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
@ -59,6 +68,7 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c h1:QgY/XxIAIeccR+Ca/rDdKubLIU9rcJ3xfy1DC/Wd2Oo=
 google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
--- a/pkg/scanner/enrich.go
+++ b/pkg/scanner/enrich.go
@ -6,6 +6,8 @@ import (
 	"net/http"
 	"strings"

+	"github.com/safedep/dry/errors"
+	"github.com/safedep/dry/utils"
 	"github.com/safedep/vet/gen/insightapi"
 	"github.com/safedep/vet/internal/auth"
 	"github.com/safedep/vet/pkg/common/logger"
@ -62,15 +64,21 @@ func (e *insightsBasedPackageEnricher) Enrich(pkg *models.Package,
 	}

 	if res.HTTPResponse.StatusCode != 200 {
-		return fmt.Errorf("bad response: %d: %s", res.HTTPResponse.StatusCode,
-			res.HTTPResponse.Status)
+		return buildApiError(res.HTTPResponse,
+			map[int]*insightapi.ApiError{
+				429: res.JSON429,
+				403: res.JSON403,
+				404: res.JSON404,
+				500: res.JSON500,
+			})
 	}

-	if (res.JSON200 == nil) || (res.JSON200.Dependencies == nil) {
-		return fmt.Errorf("unexpected nil response from Insight API")
+	if res.JSON200 == nil {
+		return fmt.Errorf("unexpected nil response for: %s/%s/%s",
+			pkg.Manifest.Ecosystem, pkg.PackageDetails.Name, pkg.Insights.PackageVersion.Version)
 	}

-	for _, dep := range *res.JSON200.Dependencies {
+	for _, dep := range utils.SafelyGetValue(res.JSON200.Dependencies) {
 		if strings.EqualFold(dep.PackageVersion.Name, pkg.PackageDetails.Name) {
 			// Skip self references in dependency
 			continue
@ -85,10 +93,27 @@ func (e *insightsBasedPackageEnricher) Enrich(pkg *models.Package,
 		})

 		if err != nil {
-			logger.Errorf("Failed to invoke package dependency callback: %v", err)
+			logger.Errorf("package dependency callback failed: %v", err)
 		}
 	}

 	pkg.Insights = res.JSON200
 	return nil
 }
+
+// buildApiError builds an API error based on response code and body
+func buildApiError(res *http.Response, payloads map[int]*insightapi.ApiError) error {
+	if res.StatusCode == http.StatusOK {
+		return nil
+	}
+
+	apiErr := payloads[res.StatusCode]
+	if apiErr == nil {
+		return errors.BuildApiError("500", "Internal Server Error",
+			"internal_server_error")
+	}
+
+	return errors.BuildApiError(utils.SafelyGetValue(apiErr.Code),
+		utils.SafelyGetValue(apiErr.Message),
+		utils.SafelyGetValue(apiErr.Type))
+}