chore: address PR feedback

Signed-off-by: behnazh-w <[email protected]>

Author: behnazh-w

src/macaron/config/defaults.ini

@@ -543,7 +543,7 @@ inspector_url_scheme = https
 [deps_dev]
 url_netloc = api.deps.dev
 url_scheme = https
-v3alpha_purl_endpoint = v3alpha/purl
+purl_endpoint = v3alpha/purl
 
 # Configuration options for selecting the checks to run.
 # Both the exclude and include are defined as list of strings:

src/macaron/errors.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This module contains error classes for Macaron."""
@@ -56,6 +56,17 @@ class InvalidHTTPResponseError(MacaronError):
     """Happens when the HTTP response is invalid or unexpected."""
 
 
+class APIAccessError(MacaronError):
+    """Happens when a service API cannot be accessed.
+
+    Reasons can include:
+        * misconfiguration issues
+        * invalid API request
+        * network errors
+        * unexpected response returned by the API
+    """
+
+
 class CheckRegistryError(MacaronError):
     """The Check Registry Error class."""
 

src/macaron/slsa_analyzer/checks/detect_malicious_metadata_check.py

@@ -11,7 +11,7 @@
 
 from macaron.database.db_custom_types import DBJsonDict
 from macaron.database.table_definitions import CheckFacts
-from macaron.errors import HeuristicAnalyzerValueError, InvalidHTTPResponseError
+from macaron.errors import HeuristicAnalyzerValueError
 from macaron.json_tools import JsonType, json_extract
 from macaron.malware_analyzer.pypi_heuristics.base_analyzer import BaseHeuristicAnalyzer
 from macaron.malware_analyzer.pypi_heuristics.heuristics import HeuristicResult, Heuristics
@@ -28,7 +28,7 @@
 from macaron.slsa_analyzer.build_tool.poetry import Poetry
 from macaron.slsa_analyzer.checks.base_check import BaseCheck
 from macaron.slsa_analyzer.checks.check_result import CheckResultData, CheckResultType, Confidence, JustificationType
-from macaron.slsa_analyzer.package_registry.deps_dev import DepsDevService
+from macaron.slsa_analyzer.package_registry.deps_dev import APIAccessError, DepsDevService
 from macaron.slsa_analyzer.package_registry.pypi_registry import PyPIPackageJsonAsset, PyPIRegistry
 from macaron.slsa_analyzer.registry import registry
 from macaron.slsa_analyzer.specs.package_registry_spec import PackageRegistryInfo
@@ -270,7 +270,7 @@ def run_check(self, ctx: AnalyzeContext) -> CheckResultData:
 
         try:
             package_exists = bool(DepsDevService.get_package_info(ctx.component.purl))
-        except InvalidHTTPResponseError as error:
+        except APIAccessError as error:
             logger.debug(error)
 
         # Known malicious packages must have been removed.

src/macaron/slsa_analyzer/package_registry/deps_dev.py

@@ -10,7 +10,7 @@
 from urllib.parse import quote as encode
 
 from macaron.config.defaults import defaults
-from macaron.errors import ConfigurationError, InvalidHTTPResponseError
+from macaron.errors import APIAccessError
 from macaron.util import send_get_http_raw
 
 logger: logging.Logger = logging.getLogger(__name__)
@@ -35,8 +35,9 @@ def get_package_info(purl: str) -> dict | None:
 
         Raises
         ------
-        InvalidHTTPResponseError
-            If a network error happens or unexpected response is returned by the API.
+        APIAccessError
+            If the service is misconfigured, the API is invalid, a network error happens,
+            or unexpected response is returned by the API.
         """
         section_name = "deps_dev"
         if not defaults.has_section(section_name):
@@ -45,17 +46,17 @@ def get_package_info(purl: str) -> dict | None:
 
         url_netloc = section.get("url_netloc")
         if not url_netloc:
-            raise ConfigurationError(
+            raise APIAccessError(
                 f'The "url_netloc" key is missing in section [{section_name}] of the .ini configuration file.'
             )
         url_scheme = section.get("url_scheme", "https")
-        v3alpha_purl_endpoint = section.get("v3alpha_purl_endpoint")
-        if not v3alpha_purl_endpoint:
-            raise ConfigurationError(
-                f'The "v3alpha_purl_endpoint" key is missing in section [{section_name}] of the .ini configuration file.'
+        purl_endpoint = section.get("purl_endpoint")
+        if not purl_endpoint:
+            raise APIAccessError(
+                f'The "purl_endpoint" key is missing in section [{section_name}] of the .ini configuration file.'
             )
 
-        path_params = "/".join([v3alpha_purl_endpoint, encode(purl, safe="")])
+        path_params = "/".join([purl_endpoint, encode(purl, safe="")])
         try:
             url = urllib.parse.urlunsplit(
                 urllib.parse.SplitResult(
@@ -67,16 +68,16 @@ def get_package_info(purl: str) -> dict | None:
                 )
             )
         except ValueError as error:
-            raise InvalidHTTPResponseError("Failed to construct the API URL.") from error
+            raise APIAccessError("Failed to construct the API URL.") from error
 
         response = send_get_http_raw(url)
         if response and response.text:
             try:
                 metadata: dict = json.loads(response.text)
             except JSONDecodeError as error:
-                raise InvalidHTTPResponseError(f"Failed to process response from deps.dev for {url}.") from error
+                raise APIAccessError(f"Failed to process response from deps.dev for {url}.") from error
             if not metadata:
-                raise InvalidHTTPResponseError(f"Empty response returned by {url} .")
+                raise APIAccessError(f"Empty response returned by {url} .")
             return metadata
 
         return None

src/macaron/slsa_analyzer/package_registry/package_registry.py

@@ -10,7 +10,7 @@
 from macaron.errors import InvalidHTTPResponseError
 from macaron.json_tools import json_extract
 from macaron.slsa_analyzer.build_tool.base_build_tool import BaseBuildTool
-from macaron.slsa_analyzer.package_registry.deps_dev import DepsDevService
+from macaron.slsa_analyzer.package_registry.deps_dev import APIAccessError, DepsDevService
 
 logger: logging.Logger = logging.getLogger(__name__)
 
@@ -81,7 +81,7 @@ def find_publish_timestamp(self, purl: str) -> datetime:
         # is available for subsequent processing.
         try:
             metadata = DepsDevService.get_package_info(purl)
-        except InvalidHTTPResponseError as error:
+        except APIAccessError as error:
             raise InvalidHTTPResponseError(f"Invalid response from deps.dev for {purl}.") from error
         if metadata:
             timestamp = json_extract(metadata, ["version", "publishedAt"], str)

tests/slsa_analyzer/package_registry/test_deps_dev.py

@@ -12,8 +12,7 @@
 from werkzeug import Response
 
 from macaron.config.defaults import load_defaults
-from macaron.errors import InvalidHTTPResponseError
-from macaron.slsa_analyzer.package_registry.deps_dev import DepsDevService
+from macaron.slsa_analyzer.package_registry.deps_dev import APIAccessError, DepsDevService
 
 
 @pytest.mark.parametrize(
@@ -65,5 +64,5 @@ def test_get_package_info_exception(httpserver: HTTPServer, tmp_path: Path) -> N
     purl = "pkg%3Apypi%2Fexample"
     httpserver.expect_request(f"/v3alpha/purl/{purl}").respond_with_data("Not Valid")
 
-    with pytest.raises(InvalidHTTPResponseError):
+    with pytest.raises(APIAccessError):
         DepsDevService.get_package_info(purl)