Properly handle case where the client is unable to fetch advisories (#4275)

Author: szakarias

lib/src/source/hosted.dart

@@ -594,10 +594,23 @@ class HostedSource extends CachedSource {
       result = _extractAdvisoryDetailsForPackage(decoded, ref.name);
     } on FormatException catch (error, stackTrace) {
       log.warning(
-          'Failed to fetch advisories for $packageName from $hostedUrl.\n'
+          'Failed to decode advisories for $packageName from $hostedUrl.\n'
           '$error\n'
           '${Chain.forTrace(stackTrace)}');
       return null;
+    } on PubHttpResponseException catch (error, stackTrace) {
+      if (isPubDevUrl(hostedUrl)) {
+        fail(
+          'Failed to fetch advisories for "$packageName" from "$hostedUrl".\n',
+          error,
+          stackTrace,
+        );
+      } else {
+        log.warning(
+          'Warning: Unable to fetch advisories for "$packageName" from "$hostedUrl".\n',
+        );
+      }
+      return null;
     }
 
     // Cache the response on disk.

test/get/hosted/advisory_test.dart

@@ -2,6 +2,8 @@
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
+import 'package:shelf/shelf.dart';
+
 import '../../descriptor.dart' as d;
 import '../../golden_file.dart';
 import '../../package_server.dart';
@@ -284,6 +286,75 @@ Future<void> main() async {
     await ctx.run(['get']);
   });
 
+  testWithGolden('no advisory available from pub.dev', (ctx) async {
+    final server = await servePackages();
+    server
+      ..serve('foo', '1.0.0')
+      ..serve('no_advisory_pkg', '1.0.0');
+
+    await d.dir(appPath, [
+      d.pubspec({
+        'name': 'app',
+        'dependencies': {
+          'foo': '^1.0.0',
+          'no_advisory_pkg': '^1.0.0',
+        },
+      }),
+    ]).create();
+
+    server.addAdvisory(
+      advisoryId: '123',
+      displayUrl: 'https://github.com/advisories/123',
+      affectedPackages: [
+        AffectedPackage(name: 'no_advisory_pkg', versions: ['1.0.0']),
+        AffectedPackage(name: 'foo', versions: ['1.0.0']),
+      ],
+    );
+
+    server.handle(
+      '/api/packages/no_advisory_pkg/advisories',
+      (request) => Response.notFound(null),
+    );
+
+    await ctx.run(
+      ['get'],
+      environment: {'_PUB_TEST_DEFAULT_HOSTED_URL': globalServer.url},
+    );
+  });
+
+  testWithGolden('no advisory available', (ctx) async {
+    final server = await servePackages();
+    server
+      ..serve('foo', '1.0.0')
+      ..serve('no_advisory_pkg', '1.0.0');
+
+    await d.dir(appPath, [
+      d.pubspec({
+        'name': 'app',
+        'dependencies': {
+          'foo': '^1.0.0',
+          'no_advisory_pkg': '^1.0.0',
+        },
+      }),
+    ]).create();
+
+    server.addAdvisory(
+      advisoryId: '123',
+      displayUrl: 'https://github.com/advisories/123',
+      affectedPackages: [
+        AffectedPackage(name: 'no_advisory_pkg', versions: ['1.0.0']),
+        AffectedPackage(name: 'foo', versions: ['1.0.0']),
+      ],
+    );
+
+    server.handle(
+      '/api/packages/no_advisory_pkg/advisories',
+      (request) => Response.notFound(null),
+    );
+
+    await ctx.run(['get']);
+  });
+
   testWithGolden('show id if no display url is present', (ctx) async {
     final server = await servePackages();
     server

test/testdata/goldens/get/hosted/advisory_test/no advisory available from pub.dev.txt

@@ -0,0 +1,9 @@
+# GENERATED BY: test/get/hosted/advisory_test.dart
+
+## Section 0
+$ pub get
+Resolving dependencies...
+Downloading packages...
+[STDERR] Failed to fetch advisories for "no_advisory_pkg" from "http://localhost:$PORT".
+[EXIT CODE] 69
+

test/testdata/goldens/get/hosted/advisory_test/no advisory available.txt

@@ -0,0 +1,13 @@
+# GENERATED BY: test/get/hosted/advisory_test.dart
+
+## Section 0
+$ pub get
+Resolving dependencies...
+Downloading packages...
++ foo 1.0.0 (affected by advisory: [^0])
++ no_advisory_pkg 1.0.0
+Changed 2 dependencies!
+Dependencies are affected by security advisories:
+  [^0]: https://github.com/advisories/123
+[STDERR] Warning: Unable to fetch advisories for "no_advisory_pkg" from "http://localhost:$PORT".
+