test: replaced Config error with a warning, and catch it analyze so offline tests can be run

Signed-off-by: Carl Flottmann <[email protected]>

Author: art1f1c3R

src/macaron/malware_analyzer/pypi_heuristics/sourcecode/pypi_sourcecode_analyzer.py

@@ -131,18 +131,18 @@ def _load_defaults(self, resources_path: str) -> tuple[str, str | None, set[str]
             ]
             try:
                 process = subprocess.run(semgrep_commands, check=True, capture_output=True)  # nosec B603
+                if process.returncode != 0:
+                    warning_msg = (
+                        f"Error running semgrep validation on {custom_rule_path} with arguments" f" {process.args}."
+                    )
+                    logger.warning(warning_msg)
+
             except (subprocess.CalledProcessError, subprocess.TimeoutExpired) as semgrep_error:
-                error_msg = (
+                warning_msg = (
                     f"Unable to run semgrep validation on {custom_rule_path} with arguments "
                     f"{semgrep_commands}: {semgrep_error}."
                 )
-                logger.debug(error_msg)
-                raise ConfigurationError(error_msg) from semgrep_error
-
-            if process.returncode != 0:
-                error_msg = f"Error running semgrep validation on {custom_rule_path} with arguments" f" {process.args}."
-                logger.debug(error_msg)
-                raise ConfigurationError(error_msg)
+                logger.warning(warning_msg)
 
             logger.debug("Including custom ruleset from %s.", custom_rule_path)
 

tests/malware_analyzer/pypi/test_pypi_sourcecode_analyzer.py

@@ -91,7 +91,7 @@ def test_nonexistent_rule_path(mock_defaults: MagicMock) -> None:
 
 
 @patch("macaron.malware_analyzer.pypi_heuristics.sourcecode.pypi_sourcecode_analyzer.defaults")
-def test_invalid_custom_rules(mock_defaults: MagicMock) -> None:
+def test_invalid_custom_rules(mock_defaults: MagicMock, pypi_package_json: MagicMock) -> None:
     """Test for when the provided file is not a valid semgrep rule, so error,"""
     # Use this file as an invalid semgrep rule as it is most definitely not a semgrep rule, and does exist.
     defaults = {
@@ -103,8 +103,14 @@ def test_invalid_custom_rules(mock_defaults: MagicMock) -> None:
     mock_defaults.has_section.side_effect = lambda section: section == "heuristic.pypi"
     mock_defaults.__getitem__.side_effect = lambda section: sub_section if section == "heuristic.pypi" else None
 
-    with pytest.raises(ConfigurationError):
-        _ = PyPISourcecodeAnalyzer(resources_path=RESOURCES_PATH)
+    analyzer = PyPISourcecodeAnalyzer(resources_path=RESOURCES_PATH)
+    pypi_package_json.package_sourcecode_path = os.path.join(
+        os.path.dirname(os.path.abspath(__file__)), "resources", "sourcecode_samples"
+    )
+
+    # Semgrep should fail to run when we launch analysis
+    with pytest.raises(HeuristicAnalyzerValueError):
+        _ = analyzer.analyze(pypi_package_json)
 
 
 @patch("macaron.malware_analyzer.pypi_heuristics.sourcecode.pypi_sourcecode_analyzer.defaults")