Add support for "Permission denied" file access in make_codebase_resource #1630

Signed-off-by: tdruez <[email protected]>

Author: tdruez

scanpipe/pipes/__init__.py

@@ -68,8 +68,22 @@ def make_codebase_resource(project, location, save=True, **extra_fields):
     the error raised on save() is not stored in the database and the creation is
     skipped.
     """
+    from scanpipe.pipes import flag
+
     relative_path = Path(location).relative_to(project.codebase_path)
-    resource_data = scancode.get_resource_info(location=str(location))
+    try:
+        resource_data = scancode.get_resource_info(location=str(location))
+    except OSError as error:
+        logger.error(
+            f"Failed to read resource at {location}: "
+            f"Permission denied or file inaccessible."
+        )
+        resource_data = {"status": flag.RESOURCE_READ_ERROR}
+        project.add_error(
+            model=CodebaseResource,
+            details={"resource_path": str(relative_path)},
+            exception=error,
+        )
 
     if extra_fields:
         resource_data.update(**extra_fields)

scanpipe/pipes/flag.py

@@ -34,6 +34,8 @@
 UNKNOWN_LICENSE = "unknown-license"
 NOT_ANALYZED = "not-analyzed"
 
+RESOURCE_READ_ERROR = "resource-read-error"
+
 IGNORED_WHITEOUT = "ignored-whiteout"
 IGNORED_EMPTY_FILE = "ignored-empty-file"
 IGNORED_WHITESPACE_FILE = "ignored-whitespace-file"

scanpipe/tests/pipes/test_pipes.py

@@ -40,6 +40,7 @@
 from scanpipe.pipes.input import copy_input
 from scanpipe.pipes.input import copy_inputs
 from scanpipe.tests import dependency_data1
+from scanpipe.tests import make_project
 from scanpipe.tests import make_resource_file
 from scanpipe.tests import mocked_now
 from scanpipe.tests import package_data1
@@ -305,6 +306,25 @@ def test_scanpipe_pipes_make_codebase_resource(self):
         self.assertEqual(1, p1.codebaseresources.count())
         self.assertEqual(0, p1.projectmessages.count())
 
+    @mock.patch("scanpipe.pipes.scancode.get_resource_info")
+    def test_scanpipe_pipes_make_codebase_resource_permission_denied(
+        self, mock_get_info
+    ):
+        project = make_project()
+        mock_get_info.side_effect = PermissionError("Permission denied")
+        resource_location = str(project.codebase_path / "notice.NOTICE")
+
+        resource = pipes.make_codebase_resource(project, location=resource_location)
+        self.assertTrue(resource.pk)
+        self.assertEqual(flag.RESOURCE_READ_ERROR, resource.status)
+        self.assertEqual("notice.NOTICE", str(resource.path))
+
+        error = project.projectmessages.get()
+        self.assertEqual("error", error.severity)
+        self.assertEqual("Permission denied", error.description)
+        self.assertEqual("CodebaseResource", error.model)
+        self.assertEqual({"resource_path": "notice.NOTICE"}, error.details)
+
     def test_scanpipe_add_resource_to_package(self):
         project1 = Project.objects.create(name="Analysis")
         resource1 = make_resource_file(project=project1, path="filename.ext")