refactor(package-list-parser): Make invalid packages log warning instead of throwing error (#1415)

* fixes #1414 

* refactor(package-list-parser): Invalid packages will throw warning instead of error

* feat(package-list-parser): Make sure the scanned file is .txt

* test(package-list-parser): error to warning

Author: BreadGenie

cve_bin_tool/package_list_parser/__init__.py

@@ -182,6 +182,12 @@ def check_file(self):
             with ErrorHandler(mode=error_mode):
                 raise EmptyTxtError(input_file)
 
+        if not input_file.endswith(".txt"):
+            with ErrorHandler(mode=error_mode):
+                raise InvalidListError(
+                    "Invalid Package list file format (should be .txt)"
+                )
+
         if not input_file.endswith("requirements.txt"):
             if distro.id() not in SUPPORTED_DISTROS:
                 LOGGER.warning(
@@ -201,10 +207,13 @@ def check_file(self):
                 )
 
                 if output.returncode != 0:
-                    with ErrorHandler(mode=error_mode):
-                        raise InvalidListError(
-                            f"Invalid Package list\n{output.stderr.decode('utf-8')}"
-                        )
+                    invalid_packages = re.findall(
+                        r"E: Unable to locate package (.+)",
+                        output.stderr.decode("utf-8"),
+                    )
+                    LOGGER.warning(
+                        f"Invalid Package found: {','.join(invalid_packages)}"
+                    )
             elif distro.id() in RPM_DISTROS:
                 output = run(
                     ["xargs", "-a", input_file, "rpm", "-qi"],
@@ -216,10 +225,9 @@ def check_file(self):
                     r"package (.+) is not installed", output.stdout.decode("utf-8")
                 )
                 if not_installed_packages:
-                    with ErrorHandler(mode=error_mode):
-                        raise InvalidListError(
-                            f"The packages {','.join(not_installed_packages)} seems to be not installed.\nIt is either an invalid package or not installed.\nUse `sudo yum install $(cat package-list)` to install all packages"
-                        )
+                    LOGGER.warning(
+                        f"The packages {','.join(not_installed_packages)} seems to be not installed.\nIt is either an invalid package or not installed.\nUse `sudo yum install $(cat package-list)` to install all packages"
+                    )
             elif distro.id() in PACMAN_DISTROS:
                 output = run(
                     ["xargs", "-a", input_file, "pacman", "-Qk"],
@@ -233,10 +241,9 @@ def check_file(self):
                 )
 
                 if not_installed_packages:
-                    with ErrorHandler(mode=error_mode):
-                        raise InvalidListError(
-                            f"The packages {','.join(not_installed_packages)} seems to be not installed.\nIt is either an invalid package or not installed.\nUse `sudo pacman -S $(cat package-list)` to install all packages"
-                        )
+                    LOGGER.warning(
+                        f"The packages {','.join(not_installed_packages)} seems to be not installed.\nIt is either an invalid package or not installed.\nUse `sudo pacman -S $(cat package-list)` to install all packages"
+                    )
             else:
                 # TODO: Replace below error handling with a proper pip install dry run
                 # See: https://github.com/pypa/pip/issues/53

test/test_package_list_parser.py

@@ -92,13 +92,15 @@ def test_valid_requirements(self, filepath, parsed_data):
         reason=f"Test for {','.join(SUPPORTED_DISTROS)} systems",
     )
     @pytest.mark.parametrize(
-        "filepath, exception",
-        [(join(TXT_PATH, "test_broken_linux_list.txt"), InvalidListError)],
+        "filepath",
+        [(join(TXT_PATH, "test_broken_linux_list.txt"))],
     )
-    def test_invalid_linux_list(self, filepath, exception):
+    def test_invalid_linux_list(self, filepath, caplog):
         package_list = PackageListParser(filepath, error_mode=ErrorMode.FullTrace)
-        with pytest.raises(exception):
-            package_list.parse_list()
+        package_list.check_file()
+        expected_output = ["Invalid Package found: br0s"]
+
+        assert expected_output == [rec.message for rec in caplog.records]
 
     @pytest.mark.skipif(
         "ACTIONS" not in environ