feat(vulnerable-code): Make the read timeout configurable

See [1] for background information. Also [2] is good related read. [1]: aboutcode-org/vulnerablecode#1411 [2]: https://www.baeldung.com/okhttp-timeouts Signed-off-by: Sebastian Schuberth <[email protected]>
oss-review-toolkit · Feb 2, 2024 · 89b6325 · 89b6325
1 parent 505f2a2
commit 89b6325
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 4 deletions.
diff --git a/model/src/main/resources/reference.yml b/model/src/main/resources/reference.yml
@@ -152,6 +152,7 @@ ort:
       VulnerableCode:
         options:
           serverUrl: 'http://localhost:8000'
+          readTimeout: 40
         secrets:
           apiKey: 0123456789012345678901234567890123456789
 

diff --git a/model/src/test/kotlin/config/OrtConfigurationTest.kt b/model/src/test/kotlin/config/OrtConfigurationTest.kt
@@ -173,7 +173,8 @@ class OrtConfigurationTest : WordSpec({
 
                     get("VulnerableCode") shouldNotBeNull {
                         options shouldContainExactly mapOf(
-                            "serverUrl" to "http://localhost:8000"
+                            "serverUrl" to "http://localhost:8000",
+                            "readTimeout" to "40"
                         )
 
                         secrets shouldContainExactly mapOf(

diff --git a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCode.kt
@@ -21,6 +21,7 @@ package org.ossreviewtoolkit.plugins.advisors.vulnerablecode
 
 import java.net.URI
 import java.time.Instant
+import java.util.concurrent.TimeUnit
 
 import org.ossreviewtoolkit.advisor.AdviceProvider
 import org.ossreviewtoolkit.advisor.AdviceProviderFactory
@@ -72,7 +73,8 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice
         override fun parseConfig(options: Options, secrets: Options) =
             VulnerableCodeConfiguration(
                 serverUrl = options["serverUrl"],
-                apiKey = secrets["apiKey"]
+                apiKey = secrets["apiKey"],
+                readTimeout = options["readTimeout"]?.toLongOrNull()
             )
     }
 
@@ -83,7 +85,11 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice
     override val details = AdvisorDetails(providerName, enumSetOf(AdvisorCapability.VULNERABILITIES))
 
     private val service by lazy {
-        VulnerableCodeService.create(config.serverUrl, config.apiKey, OkHttpClientHelper.buildClient())
+        val client = OkHttpClientHelper.buildClient {
+            if (config.readTimeout != null) readTimeout(config.readTimeout, TimeUnit.SECONDS)
+        }
+
+        VulnerableCodeService.create(config.serverUrl, config.apiKey, client)
     }
 
     override suspend fun retrievePackageFindings(packages: Set<Package>): Map<Package, AdvisorResult> {

diff --git a/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCodeConfiguration.kt b/plugins/advisors/vulnerable-code/src/main/kotlin/VulnerableCodeConfiguration.kt
@@ -31,5 +31,10 @@ data class VulnerableCodeConfiguration(
     /**
      * The optional API key to use.
      */
-    val apiKey: String? = null
+    val apiKey: String? = null,
+
+    /**
+     * The read timeout for the server connection in seconds. Defaults to whatever is the HTTP client's default value.
+     */
+    val readTimeout: Long? = null
 )