Merge branch 'master' into fix-high-cve

seqeralabs · Oct 31, 2024 · df1f28b · df1f28b
2 parents 4ed7fde + d1d1a62
commit df1f28b
Show file tree

Hide file tree

Showing 6 changed files with 44 additions and 21 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.13.8
+1.13.10
diff --git a/changelog.txt b/changelog.txt
@@ -1,4 +1,11 @@
 # Wave changelog
+1.13.10 - 29 Oct 2024 
+- Log slow processing stream messages [e8a6b7ee]
+- Prevent scan when mode is not defined [d42bcae1]
+
+1.13.9 - 29 Oct 2024
+- Fix inspect view (#725) [dcf41dea] [e38e2c44]
+
 1.13.8 - 26 Oct 2024
 - Fix update scan status synchronously [e767c367]
 - Bump scan warn colour [705141f0]

diff --git a/src/main/groovy/io/seqera/wave/service/data/stream/impl/RedisMessageStream.groovy b/src/main/groovy/io/seqera/wave/service/data/stream/impl/RedisMessageStream.groovy
@@ -62,6 +62,9 @@ class RedisMessageStream implements MessageStream<String> {
     @Value('${wave.message-stream.claim-timeout:5s}')
     private Duration claimTimeout
 
+    @Value('${wave.message-stream.consume-warn-timeout-millis:4000}')
+    private long consumeWarnTimeoutMillis
+
     private String consumerName
 
     @PostConstruct
@@ -102,11 +105,17 @@ class RedisMessageStream implements MessageStream<String> {
     @Override
     boolean consume(String streamId, MessageConsumer<String> consumer) {
         try (Jedis jedis = pool.getResource()) {
+            String msg
+            final long begin = System.currentTimeMillis()
             final entry = claimMessage(jedis,streamId) ?: readMessage(jedis, streamId)
-            if( entry && consumer.accept(entry.getFields().get(DATA_FIELD)) ) {
+            if( entry && consumer.accept(msg=entry.getFields().get(DATA_FIELD)) ) {
                 final tx = jedis.multi()
                 // acknowledge the entry has been processed so that it cannot be claimed anymore
                 tx.xack(streamId, CONSUMER_GROUP_NAME, entry.getID())
+                final delta = System.currentTimeMillis()-begin
+                if( delta>consumeWarnTimeoutMillis ) {
+                    log.warn "Redis message stream - consume processing took ${Duration.ofMillis(delta)} - offending entry=${entry.getID()}; message=${msg}"
+                }
                 // this remove permanently the entry from the stream
                 tx.xdel(streamId, entry.getID())
                 tx.exec()

diff --git a/src/main/groovy/io/seqera/wave/service/scan/ContainerScanServiceImpl.groovy b/src/main/groovy/io/seqera/wave/service/scan/ContainerScanServiceImpl.groovy
@@ -132,11 +132,11 @@ class ContainerScanServiceImpl implements ContainerScanService, JobHandler<ScanE
     @Override
     void scanOnRequest(ContainerRequest request) {
         try {
-            if( request.scanId && request.isContainer() && !request.dryRun ) {
+            if( request.scanId && request.scanMode && request.isContainer() && !request.dryRun ) {
                 log.debug "Container scan required by scanOnRequest=$request"
                 scan(fromContainer(request))
             }
-            else if( request.scanId && !request.isContainer() && request.buildNew==false && request.succeeded && !request.dryRun && !existsScan(request.scanId) ) {
+            else if( request.scanId && request.scanMode && !request.isContainer() && request.buildNew==false && request.succeeded && !request.dryRun && !existsScan(request.scanId) ) {
                 log.debug "Container scan required by cached request=$request"
                 scan(fromContainer(request))
             }

diff --git a/src/main/resources/io/seqera/wave/inspect-view.hbs b/src/main/resources/io/seqera/wave/inspect-view.hbs
@@ -127,7 +127,6 @@
                 </h4>
             </div>
         {{else}}
-        {{/if}}
         <h3>Container Specification</h3>
         <table>
             <tr>
@@ -210,7 +209,7 @@
                     details.appendChild(nestedUl);
                     li.appendChild(details);
                 } else {
-                    li.textContent = `${key}: ${data[key]}`;
+                    li.textContent = `${key}: ${JSON.stringify(data[key])}`;
                 }
 
                 ul.appendChild(li);
@@ -223,5 +222,6 @@
     document.getElementById('config-div').appendChild(createTreeView({{{config}}}));
     document.getElementById('manifest-div').appendChild(createTreeView({{{manifest}}}));
 </script>
+{{/if}}
 </body>
 </html>
diff --git a/src/test/groovy/io/seqera/wave/service/scan/ContainerScanServiceImplTest.groovy b/src/test/groovy/io/seqera/wave/service/scan/ContainerScanServiceImplTest.groovy
@@ -27,6 +27,7 @@ import java.time.Duration
 import java.time.Instant
 
 import io.micronaut.test.extensions.spock.annotation.MicronautTest
+import io.seqera.wave.api.ScanMode
 import io.seqera.wave.configuration.ScanConfig
 import io.seqera.wave.core.ContainerPlatform
 import io.seqera.wave.service.builder.BuildFormat
@@ -367,6 +368,7 @@ class ContainerScanServiceImplTest extends Specification {
         def scanService = Spy(new ContainerScanServiceImpl(inspectService: inspectService, config: config))
         def request = Mock(ContainerRequest)
         request.scanId >> SCAN_ID
+        request.scanMode >> MODE
         request.isContainer() >> CONTAINER
         request.dryRun >> DRY_RUN
         and:
@@ -379,12 +381,14 @@ class ContainerScanServiceImplTest extends Specification {
         RUN_TIMES * scanService.scan(scan) >> null
 
         where:
-        SCAN_ID | CONTAINER     | DRY_RUN   | RUN_TIMES
-        null    | false         | false     | 0
-        'sc-123'| false         | false     | 0
-        'sc-123'| true          | false     | 1
-        'sc-123'| true          | true      | 0
-        null    | true          | false     | 0
+        SCAN_ID | MODE              | CONTAINER     | DRY_RUN   | RUN_TIMES
+        null    | ScanMode.async    | false         | false     | 0
+        'sc-123'| ScanMode.async    | false         | false     | 0
+        'sc-123'| ScanMode.async    | true          | false     | 1
+        'sc-123'| ScanMode.required | true          | false     | 1
+        'sc-123'| ScanMode.none     | true          | false     | 0
+        'sc-123'| ScanMode.async    | true          | true      | 0
+        null    | ScanMode.async    | true          | false     | 0
 
     }
 
@@ -398,6 +402,7 @@ class ContainerScanServiceImplTest extends Specification {
         scanService.existsScan(SCAN_ID)  >> EXISTS_SCAN
         and:
         def request = Mock(ContainerRequest)
+        request.scanMode >> MODE
         request.scanId >> SCAN_ID
         request.buildId >> BUILD_ID
         request.buildNew >> BUILD_NEW
@@ -413,16 +418,18 @@ class ContainerScanServiceImplTest extends Specification {
         RUN_TIMES * scanService.scan(scan) >> null
 
         where:
-        SCAN_ID | BUILD_ID  | BUILD_NEW | SUCCEEDED | DRY_RUN | EXISTS_SCAN | RUN_TIMES
-        null    | null      | null      | null      | null      | false         | 0
-        'sc-123'| null      | null      | null      | null      | false         | 0
+        SCAN_ID | BUILD_ID  | BUILD_NEW | SUCCEEDED | MODE              | DRY_RUN | EXISTS_SCAN | RUN_TIMES
+        null    | null      | null      | null      | ScanMode.async    | null      | false         | 0
+        'sc-123'| null      | null      | null      | ScanMode.async    | null      | false         | 0
         and:
-        'sc-123'| 'bd-123'  | null      | null      | null      | false         | 0
-        'sc-123'| 'bd-123'  | true      | null      | null      | false         | 0
-        'sc-123'| 'bd-123'  | false     | true      | null      | false         | 1
-        'sc-123'| 'bd-123'  | false     | false     | null      | false         | 0
-        'sc-123'| 'bd-123'  | false     | null      | null      | true          | 0
-        'sc-123'| 'bd-123'  | false     | null      | true      | false         | 0
+        'sc-123'| 'bd-123'  | null      | null      | ScanMode.async    | null      | false         | 0
+        'sc-123'| 'bd-123'  | true      | null      | ScanMode.async    | null      | false         | 0
+        'sc-123'| 'bd-123'  | false     | true      | ScanMode.async    | null      | false         | 1
+        'sc-123'| 'bd-123'  | false     | true      | ScanMode.required | null      | false         | 1
+        'sc-123'| 'bd-123'  | false     | true      | ScanMode.none     | null      | false         | 0
+        'sc-123'| 'bd-123'  | false     | false     | ScanMode.async    | null      | false         | 0
+        'sc-123'| 'bd-123'  | false     | null      | ScanMode.async    | null      | true          | 0
+        'sc-123'| 'bd-123'  | false     | null      | ScanMode.async    | true      | false         | 0
     }
 
     def 'should store scan entry' () {