fix: handle all tarfile extract errors (#1206)

Now handle the base tarfile error class to catch all errors with extracting tarfiles when downloading source code.

Signed-off-by: Carl Flottmann <[email protected]>

Author: art1f1c3R

src/macaron/slsa_analyzer/checks/detect_malicious_metadata_check.py

@@ -157,9 +157,8 @@ def analyze_source(
                 return {analyzer.heuristic: result}, detail_info
 
         except SourceCodeError as error:
-            error_msg = f"Unable to perform source code analysis: {error}"
-            logger.debug(error_msg)
-            raise HeuristicAnalyzerValueError(error_msg) from error
+            logger.debug("Unable to perform source code analysis: %s", error)
+            return {analyzer.heuristic: HeuristicResult.SKIP}, {}
 
     def evaluate_heuristic_results(
         self, heuristic_results: dict[Heuristics, HeuristicResult]

src/macaron/slsa_analyzer/package_registry/pypi_registry.py

@@ -268,8 +268,10 @@ def download_package_sourcecode(self, url: str) -> str:
         try:
             with tarfile.open(source_file, "r:gz") as sourcecode_tar:
                 sourcecode_tar.extractall(temp_dir, filter="data")
-        except tarfile.ReadError as read_error:
-            self.cleanup_sourcecode_directory(temp_dir, f"Error reading source code tar file: {read_error}", read_error)
+        except tarfile.TarError as tar_error:
+            self.cleanup_sourcecode_directory(
+                temp_dir, f"Error extracting source code tar file: {tar_error}", tar_error
+            )
 
         os.remove(source_file)