Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scan queuing not working - regression from 1.6.29 #910

Closed
cx-scord opened this issue Jan 25, 2022 · 2 comments
Closed

Scan queuing not working - regression from 1.6.29 #910

cx-scord opened this issue Jan 25, 2022 · 2 comments
Assignees
@jbrotsos
Labels
bug Something isn't working

Comments

@cx-scord
Copy link
Contributor

cx-scord commented Jan 25, 2022
edited
Loading

Description

Scan queuing is not possible anymore starting from CxFlow 1.6.29 onwards, the condition for having the property checked was removed.

Expected Behavior

When setting checkmarx.scan-queing to true, scans are note being queued in CxSAST and should take priority over cx-flow.scan-resubmit, meaning that scan-resubmit should be ignored if scan-queuing is set.

Actual Behavior

Queuing is not working with checkmarx.scan-queuing: true, that condition is only used later on the code's logic and only when cx-flow.scan-resubmit: true and that's wrong. These settings should be mutually exclusive with queuing having priority/precedence over scan resubmission, meaning if checkmarx.scan-queuing is true then the cx-flow.scan-resubmit feature code shouldn't even be used.

With both checkmarx.scan-queuing and cx-flow.scan-resubmit set to true the problem is that resubmission is not ignored and the current scan will be canceled first instead of being queued and a new one will start immediately, that is wrong as the current scan shouldn't be cancelled with checkmarx.scan-queuing set to true.

This regression was introduced in #884 when the if condition if(!getCxPropertiesBase().getScanQueuing()) (...) that checked for the checkmarx.scan-queuing active condition was removed.

I also found that queuing is internal to the checkmarx-spring-boot-sdk, and because of this, there should be:

  1. Informative logging each 5 minutes or so telling the scan of the current project hasn't finished yet and;
  2. Send a markdown feedback message to the PRs saying that the scan is still in CxFlow queue (and not CxSAST queue) to be sent to CxSAST to be scanned, or else no one knows the status of the scan request. This is also reflected in Send PR markdown feedback once CxFlow receives a scan request & keep updating the PR #905

Reproduction

Setting checkmarx.scan-queuing to true and resubmitting multiple scans to the same project shouldn't work.
If there's a scan in queue and checkmarx.scan-resubmit is true, the current scan should be cancelled and a new one starts, if it's false then Cxflow will cancel (as expected) the scan re-submission and never put it in queue.

Environment Details

CxFlow 1.6.29, 1.6.30+
@cx-scord cx-scord added the bug Something isn't working label Jan 25, 2022
@cx-scord
Copy link
Contributor Author

My logging and feedback request back to the PRs telling a scan is in queue is directly connected to #905

@jbrotsos jbrotsos self-assigned this Jan 25, 2022
@DhavalPatelPersistent
Copy link
Contributor

DhavalPatelPersistent commented Feb 1, 2022
edited
Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jbrotsos jbrotsos

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jbrotsos @cx-scord @DhavalPatelPersistent