Skip to content

Commit 782570e

Browse files
Harminder84Harminder84
authored
Fixing errors from secret scanning API (#2501)
* adding error handling * adding error hadnling for other security tasks * adding unit test * updating error message
1 parent c352270 commit 782570e

6 files changed

+198
-8
lines changed

src/sync/code-scanning-alerts.test.ts

+66
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,72 @@ describe("sync/code-scanning-alerts", () => {
7878
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
7979
await verifyMessageSent(data);
8080
});
81+
82+
it("should handle code scanning disabled error", async () => {
83+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
84+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
85+
githubNock
86+
.get("/repos/integrations/test-repo-name/code-scanning/alerts?per_page=20&page=1&sort=created&direction=desc")
87+
.reply(403, { message: "Code scanning is not enabled for this repository" });
88+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
89+
// No Jira Nock
90+
91+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
92+
await verifyMessageSent(data);
93+
});
94+
95+
it("should handle GH advanced security disabled error", async () => {
96+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
97+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
98+
githubNock
99+
.get("/repos/integrations/test-repo-name/code-scanning/alerts?per_page=20&page=1&sort=created&direction=desc")
100+
.reply(403, { message: "Advanced Security must be enabled for this repository to use code scanning" });
101+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
102+
// No Jira Nock
103+
104+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
105+
await verifyMessageSent(data);
106+
});
107+
108+
it("should handle no analysis error", async () => {
109+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
110+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
111+
githubNock
112+
.get("/repos/integrations/test-repo-name/code-scanning/alerts?per_page=20&page=1&sort=created&direction=desc")
113+
.reply(404, { message: "Ano analysis found" });
114+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
115+
// No Jira Nock
116+
117+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
118+
await verifyMessageSent(data);
119+
});
120+
121+
it("should handle 404 error", async () => {
122+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
123+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
124+
githubNock
125+
.get("/repos/integrations/test-repo-name/code-scanning/alerts?per_page=20&page=1&sort=created&direction=desc")
126+
.reply(404);
127+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
128+
// No Jira Nock
129+
130+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
131+
await verifyMessageSent(data);
132+
});
133+
134+
it("should handle 451 error", async () => {
135+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
136+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
137+
githubNock
138+
.get("/repos/integrations/test-repo-name/code-scanning/alerts?per_page=20&page=1&sort=created&direction=desc")
139+
.reply(451);
140+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
141+
// No Jira Nock
142+
143+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
144+
await verifyMessageSent(data);
145+
});
146+
81147
});
82148

83149
describe("server", () => {

src/sync/code-scanning-alerts.ts

+15-5
Original file line numberDiff line numberDiff line change
@@ -42,27 +42,37 @@ export const getCodeScanningAlertTask = async (
4242
});
4343
codeScanningAlerts = response.data;
4444
} catch (e: unknown) {
45-
const err = e as { cause?: { response?: { status?: number, data?: { message?: string } } } };
45+
const err = e as { cause?: { response?: { status?: number, statusText?: string, data?: { message?: string } } } };
4646
if (err.cause?.response?.status == 403 && err.cause?.response?.data?.message?.includes("Advanced Security must be enabled for this repository to use code scanning")) {
4747
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Advanced Security disabled, so marking code scanning backfill task complete");
4848
return {
4949
edges: [],
5050
jiraPayload: undefined
5151
};
52-
}
53-
if (err.cause?.response?.status == 403 && err.cause?.response?.data?.message?.includes("Code scanning is not enabled for this repository")) {
52+
} else if (err.cause?.response?.status == 403 && err.cause?.response?.data?.message?.includes("Code scanning is not enabled for this repository")) {
5453
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Code scanning is not configured, so marking backfill task complete");
5554
return {
5655
edges: [],
5756
jiraPayload: undefined
5857
};
59-
}
60-
if (err.cause?.response?.status == 404 && err.cause?.response?.data?.message?.includes("no analysis found")) {
58+
} else if (err.cause?.response?.status == 404 && err.cause?.response?.data?.message?.includes("no analysis found")) {
6159
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Code scanning is not configured, so marking backfill task complete");
6260
return {
6361
edges: [],
6462
jiraPayload: undefined
6563
};
64+
} else if (err.cause?.response?.status == 404) {
65+
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Repo not found, so marking backfill task complete");
66+
return {
67+
edges: [],
68+
jiraPayload: undefined
69+
};
70+
} else if (err.cause?.response?.status == 451) {
71+
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Code scanning not available due to legal reasons, so marking backfill task complete");
72+
return {
73+
edges: [],
74+
jiraPayload: undefined
75+
};
6676
}
6777
logger.error({ err, reason: err.cause?.response?.data }, "Code Scanning backfill failed");
6878
throw err;

src/sync/dependabot-alerts.test.ts

+52
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,58 @@ describe("sync/dependabot-alerts", () => {
8484
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
8585
await verifyMessageSent(data);
8686
});
87+
88+
it("should handle dependabot scanning disabled error", async () => {
89+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
90+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
91+
githubNock
92+
.get("/repos/integrations/test-repo-name/dependabot/alerts?per_page=20&page=1&sort=created&direction=desc")
93+
.reply(403, { message: "Dependabot alerts are disabled for this repository" });
94+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
95+
// No Jira Nock
96+
97+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
98+
await verifyMessageSent(data);
99+
});
100+
101+
it("should handle archived repo error", async () => {
102+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
103+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
104+
githubNock
105+
.get("/repos/integrations/test-repo-name/dependabot/alerts?per_page=20&page=1&sort=created&direction=desc")
106+
.reply(403, { message: "Dependabot alerts are not available for archived repositories" });
107+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
108+
// No Jira Nock
109+
110+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
111+
await verifyMessageSent(data);
112+
});
113+
114+
it("should handle 404 error", async () => {
115+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
116+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
117+
githubNock
118+
.get("/repos/integrations/test-repo-name/dependabot/alerts?per_page=20&page=1&sort=created&direction=desc")
119+
.reply(404);
120+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
121+
// No Jira Nock
122+
123+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
124+
await verifyMessageSent(data);
125+
});
126+
127+
it("should handle 451 error", async () => {
128+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
129+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
130+
githubNock
131+
.get("/repos/integrations/test-repo-name/dependabot/alerts?per_page=20&page=1&sort=created&direction=desc")
132+
.reply(451);
133+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
134+
// No Jira Nock
135+
136+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
137+
await verifyMessageSent(data);
138+
});
87139
});
88140

89141
describe("server", () => {

src/sync/dependabot-alerts.ts

+14-2
Original file line numberDiff line numberDiff line change
@@ -40,15 +40,27 @@ export const getDependabotAlertTask = async (
4040
});
4141
dependabotAlerts = response.data;
4242
} catch (e: unknown) {
43-
const err = e as { cause?: { response?: { status?: number, data?: { message?: string } } } };
43+
const err = e as { cause?: { response?: { status?: number, statusText?: string, data?: { message?: string } } } };
4444
if (err.cause?.response?.status == 403 && err.cause?.response?.data?.message?.includes("Dependabot alerts are disabled for this repository")) {
4545
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Dependabot alerts disabled, so marking backfill task complete");
4646
return {
4747
edges: [],
4848
jiraPayload: undefined
4949
};
5050
} else if (err.cause?.response?.status == 403 && err.cause?.response?.data?.message?.includes("Dependabot alerts are not available for archived repositories")) {
51-
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Archived repository, backfill task complete");
51+
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Archived repository, so marking backfill task complete");
52+
return {
53+
edges: [],
54+
jiraPayload: undefined
55+
};
56+
} else if (err.cause?.response?.status == 404) {
57+
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Repo not found, so marking backfill task complete");
58+
return {
59+
edges: [],
60+
jiraPayload: undefined
61+
};
62+
} else if (err.cause?.response?.status == 451) {
63+
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Repo not available due to legal reasons, so marking backfill task complete");
5264
return {
5365
edges: [],
5466
jiraPayload: undefined

src/sync/secret-scanning-alerts.test.ts

+38
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,44 @@ describe("sync/secret-scanning-alerts", () => {
7979
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
8080
await verifyMessageSent(data);
8181
});
82+
83+
it("should handle secret scanning disabled error", async () => {
84+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
85+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
86+
githubNock
87+
.get("/repos/integrations/test-repo-name/secret-scanning/alerts?per_page=20&page=1&sort=created&direction=desc")
88+
.reply(404, { message: "Secret scanning is disabled on this repository" });
89+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
90+
// No Jira Nock
91+
92+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
93+
await verifyMessageSent(data);
94+
});
95+
96+
it("should handle 404 error", async () => {
97+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
98+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
99+
githubNock
100+
.get("/repos/integrations/test-repo-name/secret-scanning/alerts?per_page=20&page=1&sort=created&direction=desc")
101+
.reply(404);
102+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
103+
// No Jira Nock
104+
105+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
106+
await verifyMessageSent(data);
107+
});
108+
it("should handle 451 error", async () => {
109+
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
110+
const data = { installationId: DatabaseStateCreator.GITHUB_INSTALLATION_ID, jiraHost };
111+
githubNock
112+
.get("/repos/integrations/test-repo-name/secret-scanning/alerts?per_page=20&page=1&sort=created&direction=desc")
113+
.reply(451, { message: "Not Found" });
114+
githubUserTokenNock(DatabaseStateCreator.GITHUB_INSTALLATION_ID);
115+
// No Jira Nock
116+
117+
await expect(processInstallation(mockBackfillQueueSendMessage)(data, sentry, getLogger("test"))).toResolve();
118+
await verifyMessageSent(data);
119+
});
82120
});
83121

84122
describe("server", () => {

src/sync/secret-scanning-alerts.ts

+13-1
Original file line numberDiff line numberDiff line change
@@ -36,13 +36,25 @@ export const getSecretScanningAlertTask = async (
3636
});
3737
secretScanningAlerts = response.data;
3838
} catch (e: unknown) {
39-
const err = e as { cause?: { response?: { status?: number, data?: { message?: string } } } };
39+
const err = e as { cause?: { response?: { status?: number, statusText?: string, data?: { message?: string } } } };
4040
if (err.cause?.response?.status == 404 && err.cause?.response?.data?.message?.includes("Secret scanning is disabled on this repository")) {
4141
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Secret scanning disabled, so marking backfill task complete");
4242
return {
4343
edges: [],
4444
jiraPayload: undefined
4545
};
46+
} else if (err.cause?.response?.status == 404) {
47+
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Repo not found, so marking backfill task complete");
48+
return {
49+
edges: [],
50+
jiraPayload: undefined
51+
};
52+
} else if (err.cause?.response?.status == 451) {
53+
logger.info({ err, githubInstallationId: gitHubClient.githubInstallationId }, "Repo not available due to legal reasons, so marking backfill task complete");
54+
return {
55+
edges: [],
56+
jiraPayload: undefined
57+
};
4658
}
4759
logger.error({ err, reason: err.cause?.response?.data }, "Secret scanning backfill failed");
4860
throw err;

0 commit comments

Comments
 (0)