(err error, pkgNameOrEmpty, installableOrEmpty string)
| 169 | } |
| 170 | |
| 171 | func IsExitErrorInsecurePackage(err error, pkgNameOrEmpty, installableOrEmpty string) (bool, error) { |
| 172 | var exitErr *exec.ExitError |
| 173 | if errors.As(err, &exitErr) && exitErr.ExitCode() == 1 { |
| 174 | if strings.Contains(string(exitErr.Stderr), "is marked as insecure") { |
| 175 | packageRegex := regexp.MustCompile(`Package ([^ ]+)`) |
| 176 | packageMatch := packageRegex.FindStringSubmatch(string(exitErr.Stderr)) |
| 177 | |
| 178 | knownVulnerabilities := []string{} |
| 179 | if installableOrEmpty != "" { |
| 180 | knownVulnerabilities = PackageKnownVulnerabilities(installableOrEmpty) |
| 181 | } |
| 182 | |
| 183 | insecurePackages := parseInsecurePackagesFromExitError(string(exitErr.Stderr)) |
| 184 | |
| 185 | // Construct the error message. |
| 186 | errMessages := []string{} |
| 187 | errMessages = append(errMessages, fmt.Sprintf("Package %s is insecure.", packageMatch[1])) |
| 188 | if len(knownVulnerabilities) > 0 { |
| 189 | errMessages = append(errMessages, |
| 190 | fmt.Sprintf("Known vulnerabilities:\n%s", strings.Join(knownVulnerabilities, "\n"))) |
| 191 | } |
| 192 | pkgName := pkgNameOrEmpty |
| 193 | if pkgName == "" { |
| 194 | pkgName = "<pkg>" |
| 195 | } |
| 196 | errMessages = append(errMessages, |
| 197 | fmt.Sprintf("To override, use `devbox add %s --allow-insecure=%s`", pkgName, strings.Join(insecurePackages, ", "))) |
| 198 | |
| 199 | return true, usererr.New("%s", strings.Join(errMessages, "\n\n")) |
| 200 | } |
| 201 | } |
| 202 | return false, nil |
| 203 | } |
| 204 | |
| 205 | func parseInsecurePackagesFromExitError(errorMsg string) []string { |
| 206 | insecurePackages := []string{} |
no test coverage detected