fix: Emit warnings when files cannot be read instead of failing silently

supply_chain_scanner/test_supply_chain.py

@@ -24,6 +24,7 @@
 import re
 import site
 import sys
+import warnings
 import zlib
 from pathlib import Path
 
@@ -333,7 +334,8 @@ def test_no_suspicious_pth_files(self):
         for pth_file in pth_files:
             try:
                 content = pth_file.read_text(errors="replace")
-            except (OSError, PermissionError):
+            except (OSError, PermissionError) as exc:
+                warnings.warn(f"Could not read {pth_file}: {exc}", stacklevel=1)
                 continue
 
             issues = []
@@ -387,7 +389,8 @@ def test_pth_files_are_path_only(self):
         for pth_file in pth_files:
             try:
                 content = pth_file.read_text(errors="replace")
-            except (OSError, PermissionError):
+            except (OSError, PermissionError) as exc:
+                warnings.warn(f"Could not read {pth_file}: {exc}", stacklevel=1)
                 continue
 
             for line_num, line in enumerate(content.splitlines(), 1):
@@ -428,7 +431,8 @@ def test_no_encoded_exfiltration_payloads(self):
 
                 try:
                     content = py_file.read_text(errors="replace")
-                except (OSError, PermissionError):
+                except (OSError, PermissionError) as exc:
+                    warnings.warn(f"Could not read {py_file}: {exc}", stacklevel=1)
                     continue
 
                 # Scan for encoded strings (base64, hex)
@@ -464,7 +468,8 @@ def test_no_string_concat_obfuscation(self):
 
                 try:
                     content = py_file.read_text(errors="replace")
-                except (OSError, PermissionError):
+                except (OSError, PermissionError) as exc:
+                    warnings.warn(f"Could not read {py_file}: {exc}", stacklevel=1)
                     continue
 
                 for pattern in OBFUSCATION_PATTERNS:
@@ -562,7 +567,8 @@ def test_no_suspicious_egg_info_scripts(self):
                             for pattern in SUSPICIOUS_PATTERNS:
                                 if pattern.search(content):
                                     suspicious.append(f"{egg_info.name}/{script.name}: {pattern.pattern}")
-                        except (OSError, PermissionError):
+                        except (OSError, PermissionError) as exc:
+                            warnings.warn(f"Could not read {script}: {exc}", stacklevel=1)
                             continue
 
         assert not suspicious, f"Packages with suspicious install scripts: {suspicious}"
@@ -585,7 +591,8 @@ def test_no_setup_py_with_network_calls(self):
                     for pattern in network_patterns:
                         if pattern.search(content):
                             suspicious.append(f"{setup_py.parent.name}/setup.py: {pattern.pattern}")
-                except (OSError, PermissionError):
+                except (OSError, PermissionError) as exc:
+                    warnings.warn(f"Could not read {setup_py}: {exc}", stacklevel=1)
                     continue
 
         assert not suspicious, f"Packages with setup.py making network calls: {suspicious}"
@@ -634,8 +641,8 @@ def test_no_unexpected_pth_files(self):
                     content = Path(pth_path).read_text(errors="replace")
                     if any(pattern.search(content) for pattern in SUSPICIOUS_PATTERNS):
                         risky.append(pth_path)
-                except (OSError, PermissionError):
-                    pass
+                except (OSError, PermissionError) as exc:
+                    warnings.warn(f"Could not read {pth_path}: {exc}", stacklevel=1)
 
             assert not risky, f"CRITICAL: Unexpected .pth files with suspicious content: {risky}"
 
@@ -659,7 +666,8 @@ def test_no_credential_exfiltration_in_startup(self):
 
             try:
                 content = pth_file.read_text(errors="replace")
-            except (OSError, PermissionError):
+            except (OSError, PermissionError) as exc:
+                warnings.warn(f"Could not read {pth_file}: {exc}", stacklevel=1)
                 continue
 
             for target in SENSITIVE_EXFIL_TARGETS: