Skip to content

Commit 09dcaf4

Browse files
quantumdarkquantumdark
committed
Update logic for checking results in all issues mode
1 parent 8789eb2 commit 09dcaf4

2 files changed

Lines changed: 215 additions & 134 deletions

File tree

main.js

Lines changed: 80 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ function get_security_findings(dt_results_api_key, mobile_app_id, results_since,
6464
});
6565
}
6666
function check_severity_findings(dt_results_api_key, mobile_app_id, results_since, severity_level, check_scope) {
67+
var _a;
6768
return __awaiter(this, void 0, void 0, function* () {
6869
const severity_checks = {
6970
HIGH: ["HIGH"],
@@ -83,7 +84,7 @@ function check_severity_findings(dt_results_api_key, mobile_app_id, results_sinc
8384
throw new Error(`Error fetching security findings for ${severity} severity: HTTP ${findings_response.status}`);
8485
}
8586
const findings_data = yield findings_response.json();
86-
const count = findings_data.total_count || 0;
87+
const count = ((_a = findings_data.pagination_info) === null || _a === void 0 ? void 0 : _a.total_count) || 0;
8788
total_findings += count;
8889
if (count > 0) {
8990
return { has_findings: true, total_count: total_findings };
@@ -278,8 +279,14 @@ function run() {
278279
if (warn_on_severity) {
279280
console.log(`Warning on vulnerabilities with minimum severity: ${warn_on_severity}`);
280281
}
281-
if (wait_for_static_scan_only === 'true') {
282-
console.log('WAIT_FOR_STATIC_SCAN_ONLY is enabled: will wait for static_scan completion');
282+
if (wait_for_static_scan_only === "true") {
283+
console.log("WAIT_FOR_STATIC_SCAN_ONLY is enabled: will wait for static_scan completion");
284+
}
285+
if (severity_check_scope.toUpperCase() === "ALL_ISSUES") {
286+
console.log("SEVERITY_CHECK_SCOPE is set to ALL_ISSUES: checking all open issues in the mobile app");
287+
}
288+
else {
289+
console.log("SEVERITY_CHECK_SCOPE is set to CURRENT_SCAN: checking only issues from the current scan");
283290
}
284291
for (const scan of scan_info) {
285292
const { mobile_app_id, scan_id } = scan;
@@ -290,7 +297,11 @@ function run() {
290297
// Poll for scan completion with 23-second intervals
291298
const pollInterval = 23000; // 23 seconds
292299
const startTime = Date.now();
293-
console.log(`Waiting for scan ${scan_id} to complete...`);
300+
let status_data = null;
301+
let scan_completed = false;
302+
let scan_failed = false;
303+
// Skip waiting for scan completion if in ALL_ISSUES mode
304+
const should_wait_for_scan = severity_check_scope.toUpperCase() !== "ALL_ISSUES";
294305
while (Date.now() - startTime < maxWaitTime) {
295306
try {
296307
const status_response = yield check_scan_status(dt_results_api_key, mobile_app_id, scan_id);
@@ -303,10 +314,10 @@ function run() {
303314
yield new Promise((resolve) => setTimeout(resolve, pollInterval));
304315
continue;
305316
}
306-
const status_data = yield status_response.json();
317+
status_data = yield status_response.json();
307318
// Check status based on WAIT_FOR_STATIC_SCAN_ONLY parameter
308319
let scan_status;
309-
if (wait_for_static_scan_only === 'true') {
320+
if (wait_for_static_scan_only === "true") {
310321
if ((_a = status_data.static_scan) === null || _a === void 0 ? void 0 : _a.status) {
311322
scan_status = status_data.static_scan.status;
312323
}
@@ -328,67 +339,86 @@ function run() {
328339
yield new Promise((resolve) => setTimeout(resolve, pollInterval));
329340
continue;
330341
}
331-
console.log(`Scan ${scan_id} completed, checking for security findings...`);
332-
// Use start_date from status_data as results_since
333-
const results_since = status_data.start_date;
334-
if (!results_since) {
335-
console.log(`No start_date found in scan data for ${scan_id}`);
336-
break;
342+
console.log(`Scan ${scan_id} completed`);
343+
scan_completed = true;
344+
break;
345+
}
346+
catch (error) {
347+
console.log(`Error checking scan status for ${scan_id}: ${error.message}`);
348+
yield new Promise((resolve) => setTimeout(resolve, pollInterval));
349+
}
350+
}
351+
if (Date.now() - startTime >= maxWaitTime) {
352+
console.log(`Timeout waiting for scan results for scan ${scan_id}`);
353+
}
354+
// Check for security findings with retry logic (max 3 attempts)
355+
const maxAttempts = 3;
356+
const retryInterval = 5000; // 5 seconds
357+
for (let attempt = 1; attempt <= maxAttempts; attempt++) {
358+
if (scan_failed &&
359+
severity_check_scope.toUpperCase() === "CURRENT_SCAN") {
360+
// Skip findings check if scan failed in CURRENT_SCAN mode
361+
break;
362+
}
363+
try {
364+
let results_since;
365+
if (severity_check_scope.toUpperCase() === "ALL_ISSUES") {
366+
results_since = "";
367+
}
368+
else {
369+
if (!status_data || !status_data.start_date) {
370+
console.log(`No start_date found in scan data for ${scan_id}`);
371+
break;
372+
}
373+
results_since = status_data.start_date;
337374
}
338375
// Check for blocking vulnerabilities first
339376
if (block_on_severity) {
340-
try {
341-
const { has_findings, total_count } = yield check_severity_findings(dt_results_api_key, mobile_app_id, results_since, block_on_severity, severity_check_scope);
342-
if (has_findings) {
343-
const scope_description = severity_check_scope.toUpperCase() === "ALL_ISSUES"
344-
? "in the mobile app"
345-
: "in this scan";
346-
console.log(`Found ${total_count} security findings ${scope_description} at or above ${block_on_severity} severity level`);
347-
core.setFailed(`Build blocked due to ${total_count} security findings ${scope_description} at or above ${block_on_severity} severity level`);
348-
return;
349-
}
377+
const { has_findings, total_count } = yield check_severity_findings(dt_results_api_key, mobile_app_id, results_since, block_on_severity, severity_check_scope);
378+
if (has_findings) {
350379
const scope_description = severity_check_scope.toUpperCase() === "ALL_ISSUES"
351380
? "in the mobile app"
352-
: `for scan ${scan_id}`;
353-
console.log(`No security findings found at or above ${block_on_severity} severity level ${scope_description}`);
354-
}
355-
catch (error) {
356-
console.log(`Error checking security findings for scan ${scan_id}: ${error.message}`);
357-
break;
381+
: "in this scan";
382+
console.log(`Found ${total_count} security findings ${scope_description} at or above ${block_on_severity} severity level`);
383+
core.setFailed(`Build blocked due to ${total_count} security findings ${scope_description} at or above ${block_on_severity} severity level`);
384+
return;
358385
}
386+
const scope_description = severity_check_scope.toUpperCase() === "ALL_ISSUES"
387+
? "in the mobile app"
388+
: `for scan ${scan_id}`;
389+
console.log(`No security findings found at or above ${block_on_severity} severity level ${scope_description}`);
359390
}
360391
// Check for warning vulnerabilities
361392
if (warn_on_severity) {
362-
try {
363-
const { has_findings, total_count } = yield check_severity_findings(dt_results_api_key, mobile_app_id, results_since, warn_on_severity, severity_check_scope);
364-
if (has_findings) {
365-
const scope_description = severity_check_scope.toUpperCase() === "ALL_ISSUES"
366-
? "in the mobile app"
367-
: `for scan ${scan_id}`;
368-
console.log(`⚠️ WARNING: Found ${total_count} security findings ${scope_description} at or above ${warn_on_severity} severity level`);
369-
console.log(`⚠️ These findings do not block the build, but should be reviewed and addressed.`);
370-
}
371-
else {
372-
const scope_description = severity_check_scope.toUpperCase() === "ALL_ISSUES"
373-
? "in the mobile app"
374-
: `for scan ${scan_id}`;
375-
console.log(`No security findings found at or above ${warn_on_severity} severity level ${scope_description}`);
376-
}
393+
const { has_findings, total_count } = yield check_severity_findings(dt_results_api_key, mobile_app_id, results_since, warn_on_severity, severity_check_scope);
394+
if (has_findings) {
395+
const scope_description = severity_check_scope.toUpperCase() === "ALL_ISSUES"
396+
? "in the mobile app"
397+
: `for scan ${scan_id}`;
398+
console.log(`⚠️ WARNING: Found ${total_count} security findings ${scope_description} at or above ${warn_on_severity} severity level`);
399+
console.log(`⚠️ These findings do not block the build, but should be reviewed and addressed.`);
377400
}
378-
catch (error) {
379-
console.log(`Error checking security findings for warnings for scan ${scan_id}: ${error.message}`);
401+
else {
402+
const scope_description = severity_check_scope.toUpperCase() === "ALL_ISSUES"
403+
? "in the mobile app"
404+
: `for scan ${scan_id}`;
405+
console.log(`No security findings found at or above ${warn_on_severity} severity level ${scope_description}`);
380406
}
381407
}
408+
// Successfully checked findings, exit retry loop
382409
break;
383410
}
384411
catch (error) {
385-
console.log(`Error checking scan status for ${scan_id}: ${error.message}`);
386-
yield new Promise((resolve) => setTimeout(resolve, pollInterval));
412+
console.log(`Error checking security findings for ${scan_id} (attempt ${attempt}/${maxAttempts}): ${error.message}`);
413+
if (attempt < maxAttempts) {
414+
console.log(`Retrying in ${retryInterval / 1000} seconds...`);
415+
yield new Promise((resolve) => setTimeout(resolve, retryInterval));
416+
}
417+
else {
418+
console.log(`Failed to check security findings after ${maxAttempts} attempts`);
419+
}
387420
}
388421
}
389-
if (Date.now() - startTime >= maxWaitTime) {
390-
console.log(`Timeout waiting for scan results for scan ${scan_id}`);
391-
}
392422
}
393423
core.setOutput("responses", output);
394424
core.setOutput("response", output[0]); // keep the `response` output as the response of the first file upload to maintain compatibility

0 commit comments

Comments
 (0)