From 219d73de9579881404a49becd10d142d1df0e446 Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Mon, 19 Jun 2023 17:25:26 -0400
Subject: [PATCH] add semgrep (#126)

**Why I did it**
[Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities.
When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs.
When merging PR, Semgrep performs a full scan on master branch and report all findings.

Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule)

**How I did it**
Integrate Semgrep into this repository by committing a job configuration file
---
 .github/workflows/semgrep.yml   | 22 +++++++++++
 gnmi_server/client_subscribe.go |  5 +++
 gnmi_server/server_test.go      | 66 +++++++++++++++++++++++++++++++++
 sonic_data_client/db_client.go  |  7 ++++
 4 files changed, 100 insertions(+)
 create mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 00000000..975769a5
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,22 @@
+name: Semgrep
+
+on:
+  pull_request: {}
+  push:
+    branches:
+      - master
+      - '201[7-9][0-1][0-9]'
+      - '202[0-9][0-1][0-9]'
+
+jobs:
+  semgrep:
+    if: github.repository_owner == 'sonic-net'
+    name: Semgrep
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    steps:
+      - uses: actions/checkout@v3
+      - run: semgrep ci
+        env:
+           SEMGREP_RULES: p/default
diff --git a/gnmi_server/client_subscribe.go b/gnmi_server/client_subscribe.go
index 5d27177a..090c4405 100644
--- a/gnmi_server/client_subscribe.go
+++ b/gnmi_server/client_subscribe.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"net"
 	"sync"
+	"strings"
 
 	"github.com/Workiva/go-datastructures/queue"
 	log "github.com/golang/glog"
@@ -207,6 +208,10 @@ func (c *Client) Run(stream gnmipb.GNMI_SubscribeServer) (err error) {
 	c.Close()
 	// Wait until all child go routines exited
 	c.w.Wait()
+	if strings.Contains(err.Error(), "i/o timeout") {
+		return grpc.Errorf(codes.Internal, "%s", err)
+	}
+
 	return grpc.Errorf(codes.InvalidArgument, "%s", err)
 }
 
diff --git a/gnmi_server/server_test.go b/gnmi_server/server_test.go
index 76b0ddbe..0374ff8b 100644
--- a/gnmi_server/server_test.go
+++ b/gnmi_server/server_test.go
@@ -3255,6 +3255,72 @@ func TestConnectionsKeepAlive(t *testing.T) {
     }
 }
 
+func TestConnectionFailure(t *testing.T) {
+    s := createServer(t, 8081)
+    go runServer(t, s)
+    defer s.s.Stop()
+
+    tt := struct {
+        desc    string
+        q       client.Query
+        want    []client.Notification
+        poll    int
+    }{
+        desc: "poll query for COUNTERS/Ethernet*",
+        poll: 10,
+        q: client.Query{
+            Target: "COUNTERS_DB",
+            Type:    client.Poll,
+            Queries: []client.Path{{"COUNTERS", "Ethernet*"}},
+            TLS:     &tls.Config{InsecureSkipVerify: true},
+        },
+        want: []client.Notification{
+            client.Connected{},
+            client.Sync{},
+        },
+    }
+    namespace := sdcfg.GetDbDefaultNamespace()
+    rclient := getRedisClientN(t, 6, namespace)
+    defer rclient.Close()
+
+    prepareStateDb(t, namespace)
+    t.Run(tt.desc, func(t *testing.T) {
+        q := tt.q
+        q.Addrs = []string{"127.0.0.1:8081"}
+        c := client.New()
+
+        sdc.MockFail = 1
+        wg := new(sync.WaitGroup)
+        wg.Add(1)
+
+        go func() {
+            defer wg.Done()
+            if err := c.Subscribe(context.Background(), q); err != nil {
+                t.Errorf("c.Subscribe(): got error %v, expected nil", err)
+            }
+        }()
+
+        wg.Wait()
+
+        resultMap, err := rclient.HGetAll("TELEMETRY_CONNECTIONS").Result()
+
+        if resultMap == nil {
+            t.Errorf("result Map is nil, expected non nil, err: %v", err)
+	    }
+        if len(resultMap) != 1 {
+            t.Errorf("result for TELEMETRY_CONNECTIONS should be 1")
+        }
+
+        for key, _ := range resultMap {
+            if !strings.Contains(key, "COUNTERS_DB|COUNTERS|Ethernet*") {
+                t.Errorf("key is expected to contain correct query, received: %s", key)
+            }
+        }
+        sdc.MockFail = 0
+        c.Close()
+    })
+}
+
 func TestClient(t *testing.T) {
     var mutexDeInit sync.RWMutex
     var mutexHB sync.RWMutex
diff --git a/sonic_data_client/db_client.go b/sonic_data_client/db_client.go
index 09a52d45..139c097b 100644
--- a/sonic_data_client/db_client.go
+++ b/sonic_data_client/db_client.go
@@ -80,6 +80,7 @@ var IntervalTicker = func(interval time.Duration) <-chan time.Time {
 }
 
 var NeedMock bool = false
+var MockFail int = 0
 var intervalTickerMutex sync.Mutex
 
 // Define a new function to set the IntervalTicker variable
@@ -744,6 +745,12 @@ func tableData2Msi(tblPath *tablePath, useKey bool, op *string, msi *map[string]
 		return nil
 	}
 
+	if MockFail == 1 {
+		MockFail++
+		fmt.Println("Mock sleep for redis timeout")
+		time.Sleep(30 * time.Second)
+	}
+
 	for idx, dbkey := range dbkeys {
 		fv, err = redisDb.HGetAll(dbkey).Result()
 		if err != nil {