Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Queued scan results in passed test (no waiting until it starts) #66

Closed
wawaqa opened this issue May 6, 2022 · 4 comments · Fixed by #87 or #100
Closed

Queued scan results in passed test (no waiting until it starts) #66

wawaqa opened this issue May 6, 2022 · 4 comments · Fixed by #87 or #100
Assignees
@derevnjuk
Labels
Type: bug Something isn't working

Comments

@wawaqa
Copy link

wawaqa commented May 6, 2022
edited
Loading

If a scan is queued, sec-tester doesn't wait until it starts, gets done or finds a vulnerability, but simply lets the test pass.

Steps to reproduce:

  1. Get the API key for the organization with engine count=1.
  2. Make >1 test files with jest (e.g. 3)
  3. Run tests with default jest options (several test files are run in parallel in jest)
  4. Observe the results.

Actual: tests with scans of queued status passed, although the scan didn't even start.
Expected: sec-tester-js waits until the scan is done

Looks like the problem is here: https://github.com/NeuraLegion/sec-tester-js/blob/master/packages/scan/src/Scan.ts
private readonly ACTIVE_STATUSES doesn't contain queued, so we don't poll such scans
@derevnjuk
Copy link
Member

@wawaqa queued scan can be considered as active. There is no reason to proceed with it at all since it might take days to start such a scan.

@derevnjuk derevnjuk added the Type: question Further information is requested label May 6, 2022
@wawaqa
Copy link
Author

wawaqa commented May 6, 2022

@derevnjuk - right, we need to think how to handle this situation. Actually, any of our scans can take days. :)
IMHO the correct behavior here would be failing by timeout or smth like that - this way user would know that there were no asserted results from the scan.

@derevnjuk
Copy link
Member

There are just two options that are worth to be discussed:

  1. Fail the test by timeout.
  2. Fail the test immediately to show a message that the user should upgrade his plan to have the ability to run parallel tests.

@ArtLinkov @bararchy @wawaqa fyi

@derevnjuk derevnjuk added Type: bug Something isn't working and removed Type: question Further information is requested labels May 16, 2022
@derevnjuk derevnjuk self-assigned this May 16, 2022
derevnjuk added a commit that referenced this issue May 16, 2022
@derevnjuk
fix(scan): raise an exception if scan enters into queued status
1c67ba6 
closes #66
@derevnjuk derevnjuk mentioned this issue May 16, 2022
Merged
derevnjuk added a commit that referenced this issue May 16, 2022
@derevnjuk
fix(scan): raise an exception if scan enters into queued status
e509736 
closes #66
derevnjuk added a commit that referenced this issue May 16, 2022
@derevnjuk
fix(scan): raise an exception if scan enters into queued status
7944f15 
closes #66
derevnjuk added a commit that referenced this issue May 16, 2022
@derevnjuk
fix(scan): raise an exception if scan enters into queued status
3a9f96f 
closes #66
derevnjuk added a commit that referenced this issue May 20, 2022
@derevnjuk
fix(scan): raise an exception if scan enters into queued status
b54635f 
closes #66
derevnjuk added a commit that referenced this issue May 20, 2022
@derevnjuk
fix(scan): raise an exception if scan enters into queued status
45a2ae2 
closes #66
derevnjuk added a commit that referenced this issue May 23, 2022
@derevnjuk
fix(scan): raise an exception if scan enters into queued status (#87)
2cbac27 
closes #66
@derevnjuk derevnjuk reopened this May 24, 2022
@derevnjuk
Copy link
Member

We agreed that in order to avoid “making assumptions” about the user's preferred CI behavior we should not use the exception by default. Instead, we will show log messages that will inform them of the situation and hold until there is a free engine, as follows:

When the scan is queued, log: The maximum amount of concurrent scans has been reached for the organization, the execution will resume once a free engine will be available. If you want to increase the execution concurrency, please upgrade your subscription or contact your system administrator

When the engine is available, log: Connected to the engine, resuming execution

@derevnjuk derevnjuk mentioned this issue May 24, 2022
Merged
derevnjuk added a commit that referenced this issue May 25, 2022
@derevnjuk
fix(scan): prevent raising the too many scans error (#100)
1116f13 
closes #66
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@derevnjuk derevnjuk

Labels
Type: bug Something isn't working
Projects
None yet
Milestone
No milestone
2 participants
@derevnjuk @wawaqa