[ANE-1018] Fails for remote-dep when it goes above length of 255

[meghfossa]

Overview

This PR,

• Adds remote dep constraint on character length (only in upload mode)

Acceptance criteria

• Fatally fails, when remote-dep's length is greater than allowed length.

Testing plan

Prereq:

git checkout master && git pull origin && git checkout fix/limit-chars-remote-dep && make install-dev

Test Happy Path:

# > cat fossa-deps.yml
remote-dependencies:
  - name: fossa-cli
    url: https://github.com/fossas/fossa-cli/archive/refs/heads/master.zip
    version: "latest"

Run: fossa analyze -p ane1018 -r happy --fossa-api-key some-key (should succeed)

Test not so Happy Path:

# > cat fossa-deps.yml
remote-dependencies:
  - name: fossa-cli
    url: https://github.com/fossas/fossa-cli/archive/refs/heads/master.zip
    version: "latest"

  - name: long-dep
    url: https://ohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurlohsuchalongurl.com/asset.zip
    version: "0.0.1"

Run: fossa analyze -p ane1018 -r not-happy --fossa-api-key some-key (should fail for fossa-deps.yml)

Risks

We only fail when we are not in --output mode, since we don't know the organization Id at output only mode.

Endpoint Code:

• https://github.com/fossas/FOSSA/blob/develop/modules/BuildMetadataManager/additionalDependencyData.ts#L72
• https://github.com/fossas/FOSSA/blob/develop/modules/UrlPrivateDependencyManager.ts#L67

Long term, we should have have more holistic validation approach, ideally done at endpoint for things that requires some interaction w endpoint.

Metrics

N/A

References

https://fossa.atlassian.net/browse/ANE-1018

Checklist

• I added tests for this PR's change (or explained in the PR description why tests don't make sense).
• If this PR introduced a user-visible change, I added documentation into docs/.
• If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
• If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).

[jssblck]

I'm fine with merging this if the backend fix isn't going to be swift, but we have decided to fix this in the backend by simply removing the limit for locator length.

Given that, can we add documentation in the changelog to say something like "this is temporary until the FOSSA backend supports longer locators" so that we don't give customers whiplash?

Update: this is rougher than originally thought, so we'll only revisit if there's significant pain caused by the 255 limit. I retract my comment!

[jssblck]

Please address comment before merging!