Fix input and handle to scan statuses

izokoru · izokoru · commit c479d8c61c54 · 2025-10-16T16:16:51.000+02:00
diff --git a/README.md b/README.md
@@ -61,8 +61,8 @@ When `WARN_ON_SEVERITY` is specified, the action will:
 - `LOW`: Block on all severity vulnerabilities (low, medium, high)
 
 ### `POLLING_TIMEOUT`
-When `POLLING_TIMEOUT` is specified, the action will stop polling the scan result after the specified time (milliseconds).
-Defaults to 300 000ms (5 minutes).
+When `POLLING_TIMEOUT` is specified, the action will stop polling the scan result after the specified time in seconds.
+Defaults to 300 seconds (5 minutes).
 
 
 ### Example with Vulnerability Blocking
@@ -135,6 +135,6 @@ jobs:
           EXTERNAL_ID: "App_12230045"
           BLOCK_ON_SEVERITY: "HIGH"  # Optional: Block build on high severity vulnerabilities
           WARN_ON_SEVERITY: "MEDIUM"  # Optional: Warn on medium severity vulnerabilities
-          POLLING_TIMEOUT: 300000  # Optional: Stop polling the scan result after the specified time 
+          POLLING_TIMEOUT: 300  # Optional: Stop polling the scan result after the specified time 
 
 ```
diff --git a/action.yml b/action.yml
@@ -67,6 +67,7 @@ inputs:
   POLLING_TIMEOUT:
     description: >
       Stop polling the scan result after the specified time in milliseconds, default is 5 minutes.
+    required: false
 runs:
   using: 'node20'
   main: 'main.js'
diff --git a/main.js b/main.js
@@ -106,6 +106,16 @@ function run() {
         const block_on_severity = core.getInput("BLOCK_ON_SEVERITY");
         const warn_on_severity = core.getInput("WARN_ON_SEVERITY");
         const polling_timeout = core.getInput("POLLING_TIMEOUT");
+        var parsed_polling_timeout;
+        if (polling_timeout) {
+            parsed_polling_timeout = parseInt(polling_timeout, 10);
+            if (isNaN(parsed_polling_timeout)) {
+                throw new Error("POLLING_TIMEOUT must be a number");
+            }
+            if (parsed_polling_timeout < 0) {
+                throw new Error("POLLING_TIMEOUT must be greater or equal to 0");
+            }
+        }
         // Validate severity levels
         if (block_on_severity &&
             !["HIGH", "MEDIUM", "LOW"].includes(block_on_severity.toUpperCase())) {
@@ -261,12 +271,8 @@ function run() {
         for (const scan of scan_info) {
             const { mobile_app_id, scan_id } = scan;
             var maxWaitTime = 300000; // 5 minutes
-            if (polling_timeout) {
-                maxWaitTime = parseInt(polling_timeout, 10);
-                // Fallback to default value if the value is incorrect
-                if (isNaN(maxWaitTime)) {
-                    maxWaitTime = 300000;
-                }
+            if (parsed_polling_timeout) {
+                maxWaitTime = parsed_polling_timeout * 1000;
             }
             // Poll for scan completion with 23-second intervals
             const pollInterval = 23000; // 23 seconds
@@ -285,8 +291,9 @@ function run() {
                         continue;
                     }
                     const status_data = yield status_response.json();
-                    if (status_data.static_scan &&
-                        status_data.static_scan.status === "FAILED") {
+                    const scan_status = status_data.status || status_data.static_scan.status;
+                    if (scan_status &&
+                        ["FAILED", "SCAN_ATTEMPT_ERROR", "CANCELLED"].includes(scan_status)) {
                         console.log(`Scan ${scan_id} failed, skipping vulnerability check`);
                         break;
                     }
diff --git a/main.ts b/main.ts
@@ -126,6 +126,17 @@ async function run() {
   const block_on_severity = core.getInput("BLOCK_ON_SEVERITY");
   const warn_on_severity = core.getInput("WARN_ON_SEVERITY");
   const polling_timeout = core.getInput("POLLING_TIMEOUT");
+  var parsed_polling_timeout;
+  if (polling_timeout) {
+        parsed_polling_timeout = parseInt(polling_timeout, 10);
+        if (isNaN(parsed_polling_timeout)) {
+            throw new Error("POLLING_TIMEOUT must be a number");
+        }
+        if (parsed_polling_timeout < 0) {
+            throw new Error("POLLING_TIMEOUT must be greater or equal to 0");
+        }
+    }
+
   // Validate severity levels
   if (
     block_on_severity &&
@@ -318,12 +329,8 @@ async function run() {
     const { mobile_app_id, scan_id } = scan;
 
     var maxWaitTime = 300000; // 5 minutes
-    if (polling_timeout) {
-        maxWaitTime = parseInt(polling_timeout, 10);
-        // Fallback to default value if the value is incorrect
-        if (isNaN(maxWaitTime)) {
-            maxWaitTime = 300000;
-        }
+    if (parsed_polling_timeout) {
+        maxWaitTime = parsed_polling_timeout * 1000;
     }
 
     // Poll for scan completion with 23-second intervals
@@ -356,10 +363,10 @@ async function run() {
         }
 
         const status_data = await status_response.json();
-
+        const scan_status = status_data.status || status_data.static_scan.status;
         if (
-          status_data.static_scan &&
-          status_data.static_scan.status === "FAILED"
+          scan_status &&
+          ["FAILED", "SCAN_ATTEMPT_ERROR", "CANCELLED"].includes(scan_status)
         ) {
           console.log(`Scan ${scan_id} failed, skipping vulnerability check`);
           break;
