fix(helm): helm add timeout to dependencies command (#3525)

helm add timeout to dependencies command
bridgecrewio · Sep 18, 2022 · 68f34fc · 68f34fc
1 parent c040ddb
commit 68f34fc
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 7 deletions.
diff --git a/checkov/helm/runner.py b/checkov/helm/runner.py
@@ -19,8 +19,9 @@
 from checkov.common.runners.base_runner import BaseRunner, filter_ignored_paths
 from checkov.helm.registry import registry
 from checkov.kubernetes.graph_builder.local_graph import KubernetesLocalGraph
-from checkov.kubernetes.runner import Runner as k8_runner
+from checkov.kubernetes.runner import Runner as k8_runner, handle_timeout
 from checkov.runner_filter import RunnerFilter
+import signal
 
 
 class K8sHelmRunner(k8_runner):
@@ -178,7 +179,7 @@ def _get_target_dir(chart_item: tuple[str, dict[str, Any]], root_folder: str, ta
 
     @staticmethod
     def get_binary_output(
-        chart_item: tuple[str, dict[str, Any]], target_dir: str, helm_command: str, runner_filter: RunnerFilter
+        chart_item: tuple[str, dict[str, Any]], target_dir: str, helm_command: str, runner_filter: RunnerFilter, timeout: int = 3600
     ) -> tuple[bytes, tuple[str, dict[str, Any]]] | tuple[None, None]:
         (chart_dir, chart_meta) = chart_item
         chart_name = chart_meta.get('name', chart_meta.get('Name'))
@@ -208,10 +209,13 @@ def get_binary_output(
                 helm_command_args.append("--values")
                 helm_command_args.append(var)
 
+        signal.signal(signal.SIGALRM, handle_timeout)
+        signal.alarm(timeout)
         try:
             # --dependency-update needed to pull in deps before templating.
             proc = subprocess.Popen(helm_command_args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)  # nosec
             o, e = proc.communicate()
+            signal.alarm(0)
             if e:
                 logging.warning(
                     f"Error processing helm chart {chart_name} at dir: {chart_dir}. Working dir: {target_dir}. Error details: {str(e, 'utf-8')}")
@@ -221,11 +225,17 @@ def get_binary_output(
             logging.info(f'Done helm run for: {chart_dir}')
             return o, chart_item
 
-        except Exception:
-            logging.info(
-                f"Error processing helm chart {chart_name} at dir: {chart_dir}. Working dir: {target_dir}.",
-                exc_info=True,
-            )
+        except Exception as e:
+            signal.alarm(0)
+            if isinstance(e, TimeoutError):
+                logging.info(
+                    f"Error processing helm chart {chart_name} at dir: {chart_dir}. Working dir: {target_dir}. got timeout"
+                )
+            else:
+                logging.info(
+                    f"Error processing helm chart {chart_name} at dir: {chart_dir}. Working dir: {target_dir}.",
+                    exc_info=True,
+                )
             return None, None
 
     @staticmethod

diff --git a/checkov/kubernetes/runner.py b/checkov/kubernetes/runner.py
@@ -33,6 +33,14 @@
     from checkov.common.graph.checks_infra.base_check import BaseGraphCheck
 
 
+class TimeoutError(Exception):
+    pass
+
+
+def handle_timeout():
+    raise TimeoutError('command got timeout')
+
+
 class Runner(BaseRunner):
     check_type = CheckType.KUBERNETES  # noqa: CCE003  # a static attribute