BUG: DejaCode improper handling of timeout when retrieving scan results from ScanCode.io #459
Description
Describe the bug
Accessing the API endpoint /api/v2/packages/{uuid}/scan_results can result in a 200 OK response with an empty body, should the ScanCode.io server not respond quick enough. This is because scan_results or functions called within, do not perform proper error handling. DejaCode sets a default timeout (default_timeout) to 5 seconds, hence any response taking longer then that is considered a failure and an error is logged by request_get. The exception is not passed along nor is the return value checked.
Unlike _get_scancodeio_project_info, there is no error handling for when fetch_scan_data fails to return data.
scan_results => fetch_scan_data => request_get
To Reproduce
Steps to reproduce the behavior:
- Have a DejaCode and ScanCode.io server setup, and DejaCode connected to it
- Perform a scan that results in a large(r) scan result file
- Request it via the API with curl
Expected behavior
Functions should perform proper errror handling. If retrieval fails, it should not give a 200 OK response.
The current default timeout seems also quite low with 5s. Perhaps this could be made adjustable via settings.py as deployments may have different requirements what consistitute an exceptable response time.
Currently this breaks CI/CD pipeline integration as the requesting tools expects a proper JSON response when receiving 200 OK, but fails to get any JSON response because none is given.
Screenshots
n.a.
Context (OS, Browser, Device, etc.):
n.a.