Add timeout 504 handling for single file, single worker scan requests

[eeisegn]

• Add timeout HTTP response (504) handling for single file, single worker scan requests
• Extend unit test coverage for settings header parsing

Summary by CodeRabbit

• New Features

  • Added support for scan settings configuration with validation and opt-in controls.

• Bug Fixes

  • Distinguish scan timeouts from other failures; timeouts now return 504 Gateway Timeout, other failures return 500.

• Tests

  • Expanded unit tests for scan-settings handling and timeout scenarios.
  • Added a slow-engine simulator to exercise timeout behavior.

• Chores

  • Enabled line-length linter and aligned test-file lint exclusions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9cc5f407-bfbf-494d-ab2d-ee02b25d3943

📥 Commits

Reviewing files that changed from the base of the PR and between 55b04f3 and f9ad481.

📒 Files selected for processing (1)

• CHANGELOG.md

✅ Files skipped from review due to trivial changes (1)

• CHANGELOG.md

---

📝 Walkthrough

Walkthrough

Enabled the lll linter; changed scanWfp to return a timeout boolean; updated callers to handle timeouts (map to HTTP 504); added tests for scan settings and timeout behavior; added a slow-engine test helper script and a changelog entry.

Changes

Cohort / File(s)	Summary
Linter Configuration \.golangci.yml	Enabled lll in linters.enable and added lll to test-file exclusions under exclusions.rules.
Scan runtime & timeout handling pkg/service/scanning_service.go	Changed scanWfp signature to return (string, bool, error); detect timeout via context, propagate boolean; singleScan maps timed-out scans to HTTP 504, other errors to 500; workerScan updated to accept new return values.
Callsite update pkg/service/kb_details.go	Updated loadKBDetails() to capture the added boolean return value from scanWfp.
Tests & test helper pkg/service/scanning_service_test.go, test-support/scanoss-slow.sh	Extended TestScanDirectSingle with scan-settings/base64/permission cases; added TestScanDirectSingleSlow to verify timeout (uses slow engine); added scanoss-slow.sh to simulate delayed engine responses (DELAY=10, help handling).
Docs / Changelog CHANGELOG.md	Added v1.6.4 changelog entry noting single-worker scan timeout HTTP 504 handling and compare link.

Sequence Diagram

sequenceDiagram
    participant Client
    participant APIService
    participant scanWfp as scanWfp Function
    participant Engine as Scan Engine
    participant Response

    rect rgba(200,150,100,0.5)
    Note over APIService,Engine: Normal Scan Flow
    Client->>APIService: POST /scan
    APIService->>scanWfp: call scanWfp(wfp, sbomFile,...)
    scanWfp->>Engine: execute scan command
    Engine-->>scanWfp: success (output)
    scanWfp-->>APIService: (output, false, nil)
    APIService->>Response: HTTP 200 with results
    Response-->>Client: return results
    end

    rect rgba(100,150,200,0.5)
    Note over APIService,Engine: Timeout Scenario
    Client->>APIService: POST /scan
    APIService->>scanWfp: call scanWfp(wfp, sbomFile,...)
    scanWfp->>Engine: execute scan command
    Engine-->>scanWfp: context timeout detected
    scanWfp-->>APIService: (output, true, error)
    APIService->>Response: HTTP 504 "ERROR engine scan timed out"
    Response-->>Client: timeout response
    end

    rect rgba(200,100,100,0.5)
    Note over APIService,Engine: Non-timeout Error
    Client->>APIService: POST /scan
    APIService->>scanWfp: call scanWfp(wfp, sbomFile,...)
    scanWfp->>Engine: execute scan command
    Engine-->>scanWfp: failure (error)
    scanWfp-->>APIService: (output, false, error)
    APIService->>Response: HTTP 500 "ERROR engine scan failed"
    Response-->>Client: error response
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• add command timeout with context.Cause for better error handling #65 — Similar changes to scanWfp to use context.Cause/WithTimeoutCause to distinguish timeouts versus other failures.

Suggested reviewers

• mscasso-scanoss
• dopicatto

Poem

🐇 I hopped through code where timeouts hide,

I nudged the scanner, watched the clock slide.
Slow scripts dream with DELAY in tow,
Now errors tell when runs are slow,
A carrot-coded 504 to know.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: adding timeout 504 handling for single file, single worker scan requests, which aligns with the primary modifications in scanning_service.go and test coverage additions.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/SP-4177-add-timeout-response-code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test-support/scanoss-slow.sh`:
- Around line 27-32: Call scanoss.sh with the caller's arguments and fix the
exit-status check: invoke "$d"/scanoss.sh with "$@" so arguments from scanWfp
are forwarded, capture its exit code in EXIT_CODE as before, and change the
conditional from testing non-empty ("[ $EXIT_CODE ]") to an explicit zero check
(e.g., "[ \"$EXIT_CODE\" -eq 0 ]") before sleeping using DELAY.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eb6e3a53-869d-414e-a714-d8d27e27663f

📥 Commits

Reviewing files that changed from the base of the PR and between 03c6e1b and 2ab7887.

📒 Files selected for processing (5)

• .golangci.yml
• pkg/service/kb_details.go
• pkg/service/scanning_service.go
• pkg/service/scanning_service_test.go
• test-support/scanoss-slow.sh