Make SecurityTests' timeout configurable

[rafaveira3]

Motivation

We received this feedback from huskyCI users (thanks, @igorfernandes 😃) that suggests that the analysis could have a timeout configurable. Some repositories are "very large" take too long to finish, which impacts their CI somehow.

It would be great if

We add new logic to let developers set this on their side, and not from the hardcoded the API config.yaml.

What we expect

There are a few ways we can take this issue and a start suggestion is to add a new environment variable to the client code, as exemplified below:

stages:
    - huskyCI

huskyCI:
    stage: huskyCI
    variables:
        HUSKYCI_CLIENT_TESTS_TIMEOUT: 360
    script:
        - wget $HUSKYCI_CLIENT_URL/huskyci-client
        - chmod +x huskyci-client
        - ./huskyci-client

Tips

• This is where the env vars are used by the client
• This is an example using the command timeout in Gitleaks
• This is how the API handles the container command

[raydwaipayan]

The timeout seems to be hardcoded in [analysis.go] (https://github.com/globocom/huskyCI/blob/master/client/analysis/analysis.go)

    timeout := time.After(60 * time.Minute)

Changing this should suffice perhaps.

I would like to take it up!

[rafaveira3]

Great catch, @raydwaipayan! I will be very happy to review any PR regarding this one! :)

[raydwaipayan]

Great thanks! I will send in a PR once done.

[raydwaipayan]

@rafaveira3 One problem I am facing is that the Timeout times are hardly coupled with security tests currenty. I am looking at using a temporary timeout time which overrides the set timeOutInSeconds in SecurityTest:

type SecurityTest struct {
    Name             string `bson:"name" json:"name"`
    Image            string `bson:"image" json:"image"`
    ImageTag         string `bson:"imageTag" json:"imageTag"`
    Cmd              string `bson:"cmd" json:"cmd"`
    Type             string `bson:"type" json:"type"`
    Language         string `bson:"language" json:"language"`
    Default          bool   `bson:"default" json:"default"`
    TimeOutInSeconds int    `bson:"timeOutSeconds" json:"timeOutSeconds"`
}

This config is only loaded once, so overwriting it's values may cause further problems.

I was looking at modifying the Repository type like this:

type Repository struct {
    URL       string    `bson:"repositoryURL" json:"repositoryURL"`
    Branch    string    `json:"repositoryBranch"`
    TimeOut   string    `json:"timeOutInSeconds"`
    CreatedAt time.Time `bson:"createdAt" json:"createdAt"`
}

And probably override the security test timeouts for that repo temporarily to take the new supplied value.

What do you think of this?