From 9542e3a5cd41b8ec176fd63c2dc1641ff7fe74b0 Mon Sep 17 00:00:00 2001
From: Jon Ruskin <jonabc@github.com>
Date: Wed, 23 Sep 2020 11:42:54 -0700
Subject: [PATCH] handle yaml parsing errors

---
 lib/licensed/commands/command.rb  |  2 +-
 lib/licensed/dependency_record.rb |  4 ++++
 test/commands/command_test.rb     | 11 +++++++++++
 test/dependency_record_test.rb    |  7 +++++++
 4 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/licensed/commands/command.rb b/lib/licensed/commands/command.rb
index 37a32d01..c2a23531 100644
--- a/lib/licensed/commands/command.rb
+++ b/lib/licensed/commands/command.rb
@@ -125,7 +125,7 @@ def run_dependency(app, source, dependency)
             end
 
             evaluate_dependency(app, source, dependency, report)
-          rescue Licensed::Shell::Error => err
+          rescue Licensed::DependencyRecord::Error, Licensed::Shell::Error => err
             report.errors << err.message
             false
           end
diff --git a/lib/licensed/dependency_record.rb b/lib/licensed/dependency_record.rb
index f8e9042c..a0985ca3 100644
--- a/lib/licensed/dependency_record.rb
+++ b/lib/licensed/dependency_record.rb
@@ -5,6 +5,8 @@
 
 module Licensed
   class DependencyRecord
+    class Error < StandardError; end
+
     class License
       attr_reader :text, :sources
       def initialize(content)
@@ -46,6 +48,8 @@ def self.read(filename)
         notices: data.delete("notices"),
         metadata: data
       )
+    rescue Psych::SyntaxError => e
+      raise Licensed::DependencyRecord::Error.new(e.message)
     end
 
     def_delegators :@metadata, :[], :[]=
diff --git a/test/commands/command_test.rb b/test/commands/command_test.rb
index 908bfa7a..7af818ec 100644
--- a/test/commands/command_test.rb
+++ b/test/commands/command_test.rb
@@ -72,6 +72,17 @@
     end
   end
 
+  it "catches dependency record errors thrown when evaluating a dependency" do
+    proc = lambda { |app, source, dep| raise Licensed::DependencyRecord::Error.new("dependency record error") }
+    refute command.run(evaluate_proc: proc)
+
+    reports = command.reporter.report.all_reports.select { |report| report.target.is_a?(Licensed::Dependency) }
+    refute_empty reports
+    reports.each do |report|
+      assert_includes report.errors, "dependency record error"
+    end
+  end
+
   it "reports errors found on a dependency" do
     dependency_name = "#{apps.first["name"]}.test.dependency"
     proc = lambda { |app, source, dep| dep.errors << "error" }
diff --git a/test/dependency_record_test.rb b/test/dependency_record_test.rb
index 7519a63a..6d25b9e9 100644
--- a/test/dependency_record_test.rb
+++ b/test/dependency_record_test.rb
@@ -28,6 +28,13 @@
       assert_equal ["license1", "license2"], content.licenses.map(&:text)
       assert_equal ["notice", "author"], content.notices
     end
+
+    it "raises an error on invalid YAML" do
+      File.write(@filename, "name: [")
+      assert_raises Licensed::DependencyRecord::Error do
+        Licensed::DependencyRecord.read(@filename)
+      end
+    end
   end
 
   describe "save" do