Merge pull request #27 from AikidoSec/feat/make-timeout-customizable

Make timeout customizable

README.md

@@ -21,7 +21,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Detect new vulnerabilities
-        uses: AikidoSec/[email protected].5
+        uses: AikidoSec/[email protected].6
         with:
             secret-key: ${{ secrets.AIKIDO_SECRET_KEY }}
             fail-on-timeout: false

action.yaml

@@ -25,6 +25,10 @@ inputs:
     description: 'Whether or not the action should fail when the pull request introduced new SAST issues with critical severity'
     required: false
     default: "false"
+  timeout-seconds:
+    description: 'Provide a number of seconds the action will wait for scans to complete.'
+    required: false
+    default: "120"
 outputs:
   outcome:
     description: |

dist/index.js

@@ -122,6 +122,7 @@ async function run() {
         const failOnDependencyScan = core.getInput('fail-on-dependency-scan');
         const failOnSastScan = core.getInput('fail-on-sast-scan');
         const failOnIacScan = core.getInput('fail-on-iac-scan');
+        const timeoutInSeconds = parseTimeoutDuration(core.getInput('timeout-seconds'));
         if (!['LOW', 'MEDIUM', 'HIGH', 'CRITICAL'].includes(fromSeverity.toUpperCase())) {
             core.setOutput('output', STATUS_FAILED);
             core.info(`Invalid property value for minimum-severity. Allowed values are: LOW, MEDIUM, HIGH, CRITICAL`);
@@ -148,7 +149,7 @@ async function run() {
         const scanId = await (0, api_1.startScan)(secretKey, startScanPayload);
         core.info(`successfully started a scan with id: "${scanId}"`);
         const getScanCompletionStatus = (0, api_1.getScanStatus)(secretKey, scanId);
-        const expirationTimestamp = (0, time_1.getCurrentUnixTime)() + 120 * 1000; // 2 minutes from now
+        const expirationTimestamp = (0, time_1.getCurrentUnixTime)() + timeoutInSeconds * 1000;
         let scanIsCompleted = false;
         core.info('==== check if scan is completed ====');
         do {
@@ -200,6 +201,16 @@ async function run() {
             core.setFailed(error.message);
     }
 }
+function parseTimeoutDuration(rawTimeoutInSeconds) {
+    if (rawTimeoutInSeconds === '')
+        return 120;
+    try {
+        return parseInt(rawTimeoutInSeconds, 10);
+    }
+    catch (error) {
+        throw new Error(`Invalid timeout provided. The provided timeout should be a valid number, but got: "${rawTimeoutInSeconds}"`);
+    }
+}
 void run();
 
 

src/main.ts

@@ -16,6 +16,7 @@ async function run(): Promise<void> {
 		const failOnDependencyScan: string = core.getInput('fail-on-dependency-scan');
 		const failOnSastScan: string = core.getInput('fail-on-sast-scan');
 		const failOnIacScan: string = core.getInput('fail-on-iac-scan');
+		const timeoutInSeconds = parseTimeoutDuration(core.getInput('timeout-seconds'));
 
 		if (!['LOW', 'MEDIUM', 'HIGH', 'CRITICAL'].includes(fromSeverity.toUpperCase())) {
 			core.setOutput('output', STATUS_FAILED);
@@ -50,7 +51,7 @@ async function run(): Promise<void> {
 
 		const getScanCompletionStatus = getScanStatus(secretKey, scanId);
 
-		const expirationTimestamp = getCurrentUnixTime() + 120 * 1000; // 2 minutes from now
+		const expirationTimestamp = getCurrentUnixTime() + timeoutInSeconds * 1000;
 
 		let scanIsCompleted = false;
 
@@ -125,4 +126,16 @@ async function run(): Promise<void> {
 	}
 }
 
+function parseTimeoutDuration(rawTimeoutInSeconds: string): number {
+	if (rawTimeoutInSeconds === '') return 120;
+
+	try {
+		return parseInt(rawTimeoutInSeconds, 10);
+	} catch (error) {
+		throw new Error(
+			`Invalid timeout provided. The provided timeout should be a valid number, but got: "${rawTimeoutInSeconds}"`
+		);
+	}
+}
+
 void run();