Better error handling (#45)

ctcampbell · some-natalie · web-flow · commit c5bf8ec38833 · 2023-06-27T08:05:02.000-06:00
* Raise exceptions when API response is not ok

* Config for local super-linter, fix lint grumbles

* Fix action ref

* Add error handling to more files

* Fix lint grumbles AGAIN

---------

Co-authored-by: Natalie Somersall &lt;some-natalie@github.com&gt;
diff --git a/.github/linters/super-linter.env b/.github/linters/super-linter.env
@@ -0,0 +1,6 @@
+VALIDATE_ALL_CODEBASE=false
+VALIDATE_DOCKERFILE_HADOLINT=true
+VALIDATE_GITHUB_ACTIONS=true
+VALIDATE_MARKDOWN=true
+MARKDOWN_CONFIG_FILE=.markdownlint.json
+VALIDATE_PYTHON_BLACK=true
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -30,6 +30,14 @@ jobs:
     # Set the agent to run on
     runs-on: ubuntu-latest
 
+    ############################################
+    # Grant status permission for MULTI_STATUS #
+    ############################################
+    permissions:
+      contents: read
+      packages: read
+      statuses: write
+
     ##################
     # Load all steps #
     ##################
@@ -43,17 +51,14 @@ jobs:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
 
+      - name: Setup env
+        run: cat .github/linters/super-linter.env >> "$GITHUB_ENV"
+
       ################################
       # Run Linter against code base #
       ################################
       - name: Lint Code Base
         uses: super-linter/super-linter/slim@v5
         env:
-          VALIDATE_ALL_CODEBASE: false
-          DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          VALIDATE_DOCKERFILE_HADOLINT: true
-          VALIDATE_GITHUB_ACTIONS: true
-          VALIDATE_MARKDOWN: true
-          MARKDOWN_CONFIG_FILE: .markdownlint.json
-          VALIDATE_PYTHON_BLACK: true
+          DEFAULT_BRANCH: main
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,28 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Python: Current File",
+            "type": "python",
+            "request": "launch",
+            "program": "${file}",
+            "console": "integratedTerminal",
+            "justMyCode": true,
+            "env": {
+                "GITHUB_PAT": "${input:gh_pat}",
+                "SCOPE_NAME": "ctcampbell/webgoat"
+            }
+        }
+    ],
+    "inputs": [
+        {
+          "id": "gh_pat",
+          "type": "promptString",
+          "description": "Enter your GitHub PAT",
+          "password": true
+        }
+    ]
+}
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -0,0 +1,17 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "super-linter",
+            "command": "docker",
+            "args": [
+                "run",
+                "--rm",
+                "-e", "RUN_LOCAL=true",
+                "--env-file", ".github/linters/super-linter.env",
+                "-v", "${workspaceFolder}:/tmp/lint",
+                "github/super-linter:slim-v5"
+            ]
+        }
+    ]
+}
diff --git a/src/code_scanning.py b/src/code_scanning.py
@@ -31,6 +31,10 @@ def list_repo_code_scanning_alerts(api_endpoint, github_pat, repo_name):
         return "need permission to access,{}".format(repo_name)  # don't have permission
     if response.status_code == 403:
         return "need to enable GHAS,{}".format(repo_name)  # no GHAS
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(repo_name, response.status_code, response.text)
+        )
     response_json = response.json()
     while "next" in response.links.keys():
         response = requests.get(response.links["next"]["url"], headers=headers)
@@ -132,6 +136,10 @@ def list_org_code_scanning_alerts(api_endpoint, github_pat, org_name):
         "Accept": "application/vnd.github.v3+json",
     }
     response = requests.get(url, headers=headers)
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(org_name, response.status_code, response.text)
+        )
     response_json = response.json()
     while "next" in response.links.keys():
         response = requests.get(response.links["next"]["url"], headers=headers)
@@ -359,6 +367,12 @@ def list_enterprise_cloud_code_scanning_alerts(
         "Accept": "application/vnd.github.v3+json",
     }
     response = requests.get(url, headers=headers)
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(
+                enterprise_slug, response.status_code, response.text
+            )
+        )
     response_json = response.json()
     while "next" in response.links.keys():
         response = requests.get(response.links["next"]["url"], headers=headers)
diff --git a/src/dependabot.py b/src/dependabot.py
@@ -29,6 +29,10 @@ def list_repo_dependabot_alerts(api_endpoint, github_pat, repo_name):
             "Accept": "application/vnd.github+json",
         },
     )
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(repo_name, response.status_code, response.text)
+        )
     response_json = response.json()
     while "next" in response.links.keys():
         response = requests.get(
@@ -133,6 +137,10 @@ def list_org_dependabot_alerts(api_endpoint, github_pat, org_name):
             "Accept": "application/vnd.github+json",
         },
     )
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(org_name, response.status_code, response.text)
+        )
     response_json = response.json()
     while "next" in response.links.keys():
         response = requests.get(
@@ -172,6 +180,12 @@ def list_enterprise_dependabot_alerts(api_endpoint, github_pat, enterprise_slug)
             "Accept": "application/vnd.github+json",
         },
     )
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(
+                enterprise_slug, response.status_code, response.text
+            )
+        )
     response_json = response.json()
     while "next" in response.links.keys():
         response = requests.get(
diff --git a/src/enterprise.py b/src/enterprise.py
@@ -18,6 +18,12 @@ def get_enterprise_version(api_endpoint):
     if api_endpoint != "https://api.github.com":
         url = "{}/meta".format(api_endpoint)
         response = requests.get(url)
+        if not response.ok:
+            raise Exception(
+                "API error,{},{},{}".format(
+                    api_endpoint, response.status_code, response.text
+                )
+            )
         if "installed_version" in response.json():
             return response.json()["installed_version"]
         else:
@@ -36,6 +42,10 @@ def get_repo_report(url, github_pat):
     }
     url = "{}/stafftools/reports/all_repositories.csv".format(url)
     response = requests.get(url, headers=headers)
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(url, response.status_code, response.text)
+        )
     if response.status_code == 202:  # report needs to be generated
         while response.status_code == 202:
             print("Waiting a minute for the report to be generated ...")
diff --git a/src/secret_scanning.py b/src/secret_scanning.py
@@ -29,11 +29,15 @@ def get_repo_secret_scanning_alerts(api_endpoint, github_pat, repo_name):
             "Accept": "application/vnd.github.v3+json",
         },
     )
-    response_json = response.json()
     # The secret scanning API returns a code of 404 if there are no alerts,
     # secret scanning is disabled, or the repository is public.
     if response.status_code == 404:
         return ["not found"]
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(repo_name, response.status_code, response.text)
+        )
+    response_json = response.json()
     while "next" in response.links.keys():
         response = requests.get(
             response.links["next"]["url"],
@@ -132,11 +136,15 @@ def get_org_secret_scanning_alerts(api_endpoint, github_pat, org_name):
             "Accept": "application/vnd.github.v3+json",
         },
     )
-    response_json = response.json()
     # The secret scanning API returns a code of 404 if there are no alerts,
     # secret scanning is disabled, or the repository is public.
     if response.status_code == 404:
         return ["not found"]
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(org_name, response.status_code, response.text)
+        )
+    response_json = response.json()
     while "next" in response.links.keys():
         response = requests.get(
             response.links["next"]["url"],
@@ -250,11 +258,17 @@ def get_enterprise_secret_scanning_alerts(api_endpoint, github_pat, enterprise_s
             "Accept": "application/vnd.github.v3+json",
         },
     )
-    response_json = response.json()
     # The secret scanning API returns a code of 404 if there are no alerts,
     # secret scanning is disabled, or the repository is public.
     if response.status_code == 404:
         return ["not found"]
+    if not response.ok:
+        raise Exception(
+            "API error,{},{},{}".format(
+                enterprise_slug, response.status_code, response.text
+            )
+        )
+    response_json = response.json()
     while "next" in response.links.keys():
         response = requests.get(
             response.links["next"]["url"],
