Read timeout

[thezim]

We are receiving read timeout errors when during the upload step. The strange part is that on the SSC server the FPR upload is successfully and it is processed correctly once there. Note that this only occurs for larger FPRs with more issues.

com.fortify.ssc.restclient.ApiException: java.net.SocketTimeoutException: Read timed out
    at com.fortify.ssc.restclient.ApiClient.execute(ApiClient.java:846)
    at com.fortify.ssc.restclient.api.ArtifactOfProjectVersionControllerApi.uploadArtifactOfProjectVersionWithHttpInfo(ArtifactOfProjectVersionControllerApi.java:314)
    at com.fortify.ssc.restclient.api.ArtifactOfProjectVersionControllerApi.uploadArtifactOfProjectVersion(ArtifactOfProjectVersionControllerApi.java:298)
    at com.fortify.plugin.jenkins.fortifyclient.ApiClientWrapper.uploadFpr(ApiClientWrapper.java:498)
    at com.fortify.plugin.jenkins.fortifyclient.FortifyClient.uploadFPR(FortifyClient.java:155)
    at com.fortify.plugin.jenkins.steps.FortifyUpload$1.runWith(FortifyUpload.java:271)
    at com.fortify.plugin.jenkins.steps.FortifyUpload$1.runWith(FortifyUpload.java:268)
    at com.fortify.plugin.jenkins.steps.FortifyUpload.runWithFortifyClient(FortifyUpload.java:788)
    at com.fortify.plugin.jenkins.steps.FortifyUpload.uploadToSSC(FortifyUpload.java:267)
    at com.fortify.plugin.jenkins.steps.FortifyUpload.perform(FortifyUpload.java:194)
    at com.fortify.plugin.jenkins.steps.FortifyUpload$Execution.run(FortifyUpload.java:809)
    at com.fortify.plugin.jenkins.steps.FortifyUpload$Execution.run(FortifyUpload.java:798)
    at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.net.SocketTimeoutException: Read timed out
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.socketRead(Unknown Source)
    at java.net.SocketInputStream.read(Unknown Source)
    at java.net.SocketInputStream.read(Unknown Source)
    at sun.security.ssl.InputRecord.readFully(Unknown Source)
    at sun.security.ssl.InputRecord.read(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at sun.security.ssl.AppInputStream.read(Unknown Source)
    at okio.Okio$2.read(Okio.java:139)
    at okio.AsyncTimeout$2.read(AsyncTimeout.java:211)
    at okio.RealBufferedSource.indexOf(RealBufferedSource.java:306)
    at okio.RealBufferedSource.indexOf(RealBufferedSource.java:300)
    at okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:196)
    at com.squareup.okhttp.internal.http.Http1xStream.readResponse(Http1xStream.java:186)
    at com.squareup.okhttp.internal.http.Http1xStream.readResponseHeaders(Http1xStream.java:127)
    at com.squareup.okhttp.internal.http.HttpEngine.readNetworkResponse(HttpEngine.java:737)
    at com.squareup.okhttp.internal.http.HttpEngine.access$200(HttpEngine.java:87)
    at com.squareup.okhttp.internal.http.HttpEngine$NetworkInterceptorChain.proceed(HttpEngine.java:722)
    at com.squareup.okhttp.internal.http.HttpEngine.readResponse(HttpEngine.java:576)
    at com.squareup.okhttp.Call.getResponse(Call.java:287)
    at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:243)
    at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:205)
    at com.squareup.okhttp.Call.execute(Call.java:80)
    at com.fortify.ssc.restclient.ApiClient.execute(ApiClient.java:842)

[thezim]

Okay here is the deal. fortify-plugin uses ssc-restapi-client which in turn uses okhttp. okhttp default read timeout is 10s and neither fortify-plugin or ssc-restapi-client has functionality to pass timeouts down the call stack to okhttp.

As a proof I modified ssc-restapi-client with at hard coded timeout set and injected the new jar in to the plugin and it now works.

This plugin should support passing of timeouts for the web calls (ssc-restapi-client too) as 10s simply isn't enough time especially across the internet or large FPRs.

[tvanhill]

I am encountering the same issue uploading an ~25 MB file.

I took a look at the proposed PR (https://github.com/fortify/ssc-restapi-client/pull/4) for ssc-restapi-client and believe this should be fixed directly in the Fortify Jenkins plugin. I modified the com.fortify.plugin/jenkins/fortify.client.ApiClientWrapper class's constructor to specify connect and read timeouts by calling the following methods:

• ApiClient.setConnectTimeout(connectTimeout)
• ApiClient.setConnectTimeout(readTimeout)

I also modified the the plugin so that these values could be specified via pipeline. The modified code is attached and i have verified that the input values is used and that setting a larger value solves this problem.

fortifyjenkins.zip

[thezim]

@tvanhill Do you have a PR for this yet?

[tvanhill]

I did not open pull request as I saw the pull request linked below. I attached the updated source to that pull request and the author was going to test with it.

https://github.com/jenkinsci/fortify-plugin/pull/14