sync(fix[update_repo]): Capture obtain() failures in SyncResult

tony · tony · commit 882593cfbcf0 · 2026-02-07T08:08:36.000-06:00
why: CommandError from obtain() propagated uncaught, bypassing the
structured SyncResult error reporting that all other sync steps use.
what:
- Wrap obtain() in try/except in GitSync.update_repo()
- Wrap obtain() in try/except in HgSync.update_repo()
- Wrap obtain() in try/except in SvnSync.update_repo()
- Update command injection test to check SyncResult instead of raised exception
diff --git a/src/libvcs/sync/git.py b/src/libvcs/sync/git.py
@@ -398,7 +398,12 @@ def update_repo(
         self.ensure_dir()
 
         if not pathlib.Path(self.path / ".git").is_dir():
-            self.obtain()
+            try:
+                self.obtain()
+            except exc.CommandError as e:
+                self.log.exception("Failed to obtain repository")
+                result.add_error("obtain", str(e), exception=e)
+                return result
             return self.update_repo(set_remotes=set_remotes)
 
         if set_remotes:
diff --git a/src/libvcs/sync/hg.py b/src/libvcs/sync/hg.py
@@ -75,7 +75,12 @@ def update_repo(self, *args: t.Any, **kwargs: t.Any) -> SyncResult:
         """
         result = SyncResult()
         if not pathlib.Path(self.path / ".hg").exists():
-            self.obtain()
+            try:
+                self.obtain()
+            except exc.CommandError as e:
+                self.log.exception("Failed to obtain repository")
+                result.add_error("obtain", str(e), exception=e)
+                return result
             return self.update_repo()
         else:
             try:
diff --git a/src/libvcs/sync/svn.py b/src/libvcs/sync/svn.py
@@ -178,7 +178,12 @@ def update_repo(
             except exc.CommandError as e:
                 result.add_error("checkout", str(e), exception=e)
         else:
-            self.obtain()
+            try:
+                self.obtain()
+            except exc.CommandError as e:
+                self.log.exception("Failed to obtain repository")
+                result.add_error("obtain", str(e), exception=e)
+                return result
             return self.update_repo()
         return result
 
diff --git a/tests/sync/test_hg.py b/tests/sync/test_hg.py
@@ -95,9 +95,12 @@ def test_vulnerability_2022_03_12_command_injection(
         vcs="hg",
         path="./",
     )
-    with pytest.raises(exc.CommandError):
-        mercurial_repo.update_repo()
+    result = mercurial_repo.update_repo()
 
+    assert not result.ok, "update_repo() should report failure for malicious URL"
+    assert any(e.step == "obtain" for e in result.errors), (
+        "Error should be recorded under 'obtain' step"
+    )
     assert not pathlib.Path(
         random_dir / "HELLO",
     ).exists(), "Prevent command injection in hg aliases"
