Exceptions are raised instead of returning None

Author: maelv-filigran

pycti/api/opencti_api_client.py

@@ -298,18 +298,6 @@ def _setup_proxy_certificates(self):
 
                 # Determine if HTTPS_CA_CERTIFICATES contains inline content or file path
                 cert_content = self._get_certificate_content(https_ca_certificates)
-                if not cert_content:
-                    self.app_logger.warning(
-                        "Invalid HTTPS_CA_CERTIFICATES: not a valid certificate or file path",
-                        {
-                            "value": (
-                                https_ca_certificates[:50] + "..."
-                                if len(https_ca_certificates) > 50
-                                else https_ca_certificates
-                            )
-                        },
-                    )
-                    return
 
                 # Write proxy certificate to temp file
                 proxy_cert_file = os.path.join(cert_dir, "proxy-ca.crt")
@@ -373,8 +361,9 @@ def _get_certificate_content(self, https_ca_certificates):
 
         :param https_ca_certificates: Content from HTTPS_CA_CERTIFICATES env var
         :type https_ca_certificates: str
-        :return: Certificate content in PEM format or None if invalid
-        :rtype: str or None
+        :return: Certificate content in PEM format
+        :rtype: str
+        :raises ValueError: If the certificate content is invalid or cannot be read
         """
         # Strip whitespace once at the beginning
         stripped_https_ca_certificates = https_ca_certificates.strip()
@@ -400,20 +389,21 @@ def _get_certificate_content(self, https_ca_certificates):
                         )
                         return cert_content
                     else:
-                        self.app_logger.warning(
-                            "File at HTTPS_CA_CERTIFICATES path does not contain valid certificate",
-                            {"file_path": cert_file_path},
+                        raise ValueError(
+                            f"File at HTTPS_CA_CERTIFICATES path does not contain valid certificate: {cert_file_path}"
                         )
-                        return None
+            except ValueError:
+                # Re-raise ValueError from certificate validation
+                raise
             except Exception as e:
-                self.app_logger.warning(
-                    "Failed to read certificate file",
-                    {"file_path": cert_file_path, "error": str(e)},
+                raise ValueError(
+                    f"Failed to read certificate file at {cert_file_path}: {str(e)}"
                 )
-                return None
 
         # Neither inline content nor valid file path
-        return None
+        raise ValueError(
+            f"HTTPS_CA_CERTIFICATES is not a valid certificate or file path: {https_ca_certificates[:50]}..."
+        )
 
     def set_applicant_id_header(self, applicant_id):
         self.request_headers["opencti-applicant-id"] = applicant_id

tests/01-unit/api/test_opencti_api_client-proxy.py

@@ -75,13 +75,11 @@ def test_get_certificate_content_invalid_file_content(self, api_client):
             invalid_file_path = invalid_file.name
 
         try:
-            result = api_client._get_certificate_content(invalid_file_path)
-
-            assert result is None
-            api_client.app_logger.warning.assert_called_with(
-                "File at HTTPS_CA_CERTIFICATES path does not contain valid certificate",
-                {"file_path": invalid_file_path},
-            )
+            with pytest.raises(
+                ValueError,
+                match="File at HTTPS_CA_CERTIFICATES path does not contain valid certificate",
+            ):
+                api_client._get_certificate_content(invalid_file_path)
         finally:
             # Clean up
             os.unlink(invalid_file_path)
@@ -90,15 +88,19 @@ def test_get_certificate_content_nonexistent_file(self, api_client):
         """Test _get_certificate_content with a nonexistent file path."""
         nonexistent_path = "/tmp/nonexistent_certificate.crt"
 
-        result = api_client._get_certificate_content(nonexistent_path)
-
-        assert result is None
+        with pytest.raises(
+            ValueError,
+            match="HTTPS_CA_CERTIFICATES is not a valid certificate or file path",
+        ):
+            api_client._get_certificate_content(nonexistent_path)
 
     def test_get_certificate_content_invalid_content(self, api_client):
         """Test _get_certificate_content with invalid content (not PEM, not file)."""
-        result = api_client._get_certificate_content(self.INVALID_CONTENT)
-
-        assert result is None
+        with pytest.raises(
+            ValueError,
+            match="HTTPS_CA_CERTIFICATES is not a valid certificate or file path",
+        ):
+            api_client._get_certificate_content(self.INVALID_CONTENT)
 
     def test_get_certificate_content_whitespace_handling(self, api_client):
         """Test _get_certificate_content handles whitespace correctly."""
@@ -174,13 +176,19 @@ def test_setup_proxy_certificates_with_invalid_path(self, mock_mkdtemp, api_clie
 
         mock_mkdtemp.return_value = "/tmp/test_certs"
 
-        # Mock _get_certificate_content to return None (invalid)
-        with patch.object(api_client, "_get_certificate_content", return_value=None):
-            api_client._setup_proxy_certificates()
+        # Mock _get_certificate_content to raise ValueError (invalid)
+        with patch.object(
+            api_client,
+            "_get_certificate_content",
+            side_effect=ValueError("Invalid certificate"),
+        ):
+            with pytest.raises(ValueError, match="Invalid certificate"):
+                api_client._setup_proxy_certificates()
 
-        # Should log warning and return early
-        api_client.app_logger.warning.assert_called()
-        assert not hasattr(api_client, "ssl_verify") or api_client.ssl_verify is False
+        # Should log error before raising
+        api_client.app_logger.error.assert_called_with(
+            "Failed to setup proxy certificates", {"error": "Invalid certificate"}
+        )
 
         # Cleanup
         opencti_api_client._PROXY_CERT_BUNDLE = None