Pull Request for Issue #43328

Summary of Changes

This PR adds a generic catch block that catches exceptions thrown in the TUF library. So far, we only caught attack-specific exceptions, internal errors, or errors related to metadata syntax error remained uncaught, making the site unusable.

Furthermore, it catches non-tuf exceptions from the HTTP library in our transport and converts them into TUF exceptions to also get them caught in the fetcher library.

Testing Instructions

We have to simulate an exception in the library in order to verify that the patch works. To do so, find the following code block in libraries/src/TUF/TufFetcher.php:

try {
                // Refresh the data if needed, it will be written inside the DB, then we fetch it afterwards and return it to
                // the caller
                $updater->refresh();

                // Persist the data as it was correctly fetched and verified
                $storage->persist();

                return $storage->read('targets');
            } catch (\Exception $e) {

and replace it with

try {
               throw new Tuf\Exception\TufException("Test TUF exception");

                // Refresh the data if needed, it will be written inside the DB, then we fetch it afterwards and return it to
                // the caller
                $updater->refresh();

                // Persist the data as it was correctly fetched and verified
                $storage->persist();

                return $storage->read('targets');
            } catch (\Exception $e) {

Actual result BEFORE applying this Pull Request

Unhandled exception.

Expected result AFTER applying this Pull Request

Proper system message shown, system remains usable.

Link to documentations

Please select:

• Documentation link for docs.joomla.org:

• [x ] No documentation changes for docs.joomla.org needed

• Pull Request link for manual.joomla.org:

• [x ] No documentation changes for manual.joomla.org needed