From 2b235220139cc80f37626306badaf4fd8361f6bc Mon Sep 17 00:00:00 2001
From: sachin-sandhu <sachin-sandhu@github.com>
Date: Tue, 14 Jan 2025 22:17:53 -0500
Subject: [PATCH] adds handler for pip updater

---
 .../python/file_updater/requirement_replacer.rb   | 15 +++++++++++++++
 .../file_updater/requirement_replacer_spec.rb     | 14 ++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/python/lib/dependabot/python/file_updater/requirement_replacer.rb b/python/lib/dependabot/python/file_updater/requirement_replacer.rb
index dca59edb01..ba511e4003 100644
--- a/python/lib/dependabot/python/file_updater/requirement_replacer.rb
+++ b/python/lib/dependabot/python/file_updater/requirement_replacer.rb
@@ -14,6 +14,8 @@ class FileUpdater
       class RequirementReplacer
         PACKAGE_NOT_FOUND_ERROR = "PackageNotFoundError"
 
+        CERTIFICATE_VERIFY_FAILED = /CERTIFICATE_VERIFY_FAILED/
+
         def initialize(content:, dependency_name:, old_requirement:,
                        new_requirement:, new_hash_version: nil, index_urls: nil)
           @content          = content
@@ -153,6 +155,8 @@ def package_hashes_for(name:, version:, algorithm:)
                 args: args
               )
             rescue SharedHelpers::HelperSubprocessFailed => e
+              requirement_error_handler(e)
+
               raise unless e.message.include?("PackageNotFoundError")
 
               next
@@ -193,6 +197,17 @@ def requirements_match(req1, req2)
           req1&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort ==
             req2&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort
         end
+
+        public
+
+        def requirement_error_handler(error)
+          Dependabot.logger.warn(error.message)
+
+          return unless error.message.match?(CERTIFICATE_VERIFY_FAILED)
+
+          msg = "Error resolving dependency."
+          raise DependencyFileNotResolvable, msg
+        end
       end
     end
   end
diff --git a/python/spec/dependabot/python/file_updater/requirement_replacer_spec.rb b/python/spec/dependabot/python/file_updater/requirement_replacer_spec.rb
index 939d73a52f..0ae9b09313 100644
--- a/python/spec/dependabot/python/file_updater/requirement_replacer_spec.rb
+++ b/python/spec/dependabot/python/file_updater/requirement_replacer_spec.rb
@@ -89,6 +89,20 @@
         it { is_expected.to include("Flask-SQLAlchemy\n") }
         it { is_expected.to include("zope.SQLAlchemy\n") }
       end
+
+      context "when requirement check returns unexpected exception" do
+        subject(:req_replacer) { replacer.requirement_error_handler(exception) }
+
+        let(:exception) { Exception.new(response) }
+
+        context "with a registry that results in failed certificate error" do
+          let(:response) { "CERTIFICATE_VERIFY_FAILED" }
+
+          it "raises a helpful error" do
+            expect { req_replacer }.to raise_error(Dependabot::DependencyFileNotResolvable)
+          end
+        end
+      end
     end
   end
 end