Fixed #503 - Better handling of invalid API URL

chinyeungli · chinyeungli · commit 5496dfab2012 · 2022-03-21T12:36:05.000+08:00
Signed-off-by: Chin Yeung Li &lt;tli@nexb.com&gt;
diff --git a/src/attributecode/api.py b/src/attributecode/api.py
@@ -64,13 +64,15 @@ def request_license_data(api_url, api_key, license_key):
             msg = u"Invalid 'license': %s" % license_key
             errors.append(Error(ERROR, msg))
     except HTTPError as http_e:
-        # some auth problem
-        #if http_e.code == 403:
         msg = (u"Authorization denied. Invalid '--api_key'. "
                u"License generation is skipped.")
         errors.append(Error(ERROR, msg))
     except Exception as e:
-        errors.append(Error(ERROR, str(e)))
+        # Already checked the authorization and accessible of the URL.
+        # The only exception left is URL is accessible, but it's not a valid API URL
+        msg = (u"Invalid '--api_url'. "
+               u"License generation is skipped.")
+        errors.append(Error(ERROR, msg))
 
     finally:
         if license_data.get('count') == 1:
diff --git a/src/attributecode/model.py b/src/attributecode/model.py
@@ -1704,6 +1704,12 @@ def pre_process_and_fetch_license_dict(abouts, api_url=None, api_key=None, scanc
                         captured_license.append(lic_key)
                         if api_key:
                             license_data, errs = api.get_license_details_from_api(url, api_key, lic_key)
+                            # Catch incorrect API URL
+                            if errs:
+                                _, msg = errs[0]
+                                if msg == "Invalid '--api_url'. License generation is skipped.":
+                                    errors.extend(errs)
+                                    return key_text_dict, errors
                             for severity, message in errs: 
                                 msg = (about.about_file_path + ": " + message)
                                 errors.append(Error(severity, msg))
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -71,3 +71,13 @@ def test_api_request_license_data_without_result(self, mock_data):
             api_url='http://fake.url/', api_key='api_key', license_key='apache-2.0')
         expected = ({}, [Error(ERROR, "Invalid 'license': apache-2.0")])
         assert expected == license_data
+
+    @mock.patch.object(api, 'urlopen')
+    def test_api_request_license_data_with_incorrect_url(self, mock_data):
+        # Some URL that is accessible but not a correct API URL
+        response_content = b'<html></html>'
+        mock_data.return_value = FakeResponse(response_content)
+        license_data = api.request_license_data(
+            api_url='http://fake.url/', api_key='api_key', license_key='apache-2.0')
+        expected = ({}, [Error(ERROR, "Invalid '--api_url'. License generation is skipped.")])
+        assert expected == license_data
