From 74f3942c7d2341798c12ee6c7018b83de5cf04e6 Mon Sep 17 00:00:00 2001
From: Jeff Widman <jeff@jeffwidman.com>
Date: Sat, 26 Mar 2022 01:27:41 -0700
Subject: [PATCH] Add defensive checks to prevent inscrutable error messages

Part of the reason
https://github.com/dependabot/dependabot-core/issues/4625 was so
difficult to debug was the original error messages were a total red
herring. They appeared to be related to IPs, but digging deeper realized
they were actually due to errors happening earlier in the processing
pipeline but not caught until several steps down the line.

So this adds some defensive checks so that if there's an upstream error,
we catch it sooner and report the proper error message(s).
---
 .../dependabot/go_modules/resolvability_errors.rb    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/go_modules/lib/dependabot/go_modules/resolvability_errors.rb b/go_modules/lib/dependabot/go_modules/resolvability_errors.rb
index 46c3b6e4f2..c01c2f775b 100644
--- a/go_modules/lib/dependabot/go_modules/resolvability_errors.rb
+++ b/go_modules/lib/dependabot/go_modules/resolvability_errors.rb
@@ -7,7 +7,19 @@ module ResolvabilityErrors
       GITHUB_REPO_REGEX = %r{github.com/[^:@]*}
 
       def self.handle(message, goprivate:)
+        # TODO: currently this matches last. Instead, if more than one match, and they
+        # aren't identical, then don't try to be clever with GitDependenciesNotReachable
+        # but instead raise DependencyFileNotResolvable and report the whole error.
+        # This would have resulted in a more obvious error message for #4625
         mod_path = message.scan(GITHUB_REPO_REGEX).last
+        if mod_path
+        # TODO: if mod_path doesn't look like a URL, don't continue, but instead raise
+        # DependencyFileNotResolvable and report the whole error.
+        # This would have resulted in a more obvious error message for #4625
+        # How to implement this though?
+        # * Ruby has no built-in URL parsing, and no great alternatives in https://stackoverflow.com/q/1805761/770425...
+        # Not sure what Dependabot team policy is on using 3rd-party gems?
+        # Alternatively a basic sanity check of "it should not contain whitespace" may suffice for now... ??
         raise Dependabot::DependencyFileNotResolvable, message unless mod_path
 
         # Module not found on github.com - query for _any_ version to know if it