Merge pull request #1033 from Checkmarx/feature/saraChen/notEvaluatePolicy

cx-sarah-chen · web-flow · commit 69a3b470ef62 · 2025-02-09T11:18:12.000+02:00
Skip of policy evaluated when the scan not finished(AST-81796)
diff --git a/internal/commands/result.go b/internal/commands/result.go
@@ -986,9 +986,14 @@ func runGetResultCommand(
 			return errors.Errorf("%s: CODE: %d, %s", failedGettingScan, errorModel.Code, errorModel.Message)
 		}
 
-		policyResponseModel, err := services.HandlePolicyEvaluation(cmd, policyWrapper, scan, ignorePolicy, agent, waitDelay, policyTimeout)
-		if err != nil {
-			return err
+		var policyResponseModel *wrappers.PolicyResponseModel
+		if !isScanPending(string(scan.Status)) {
+			policyResponseModel, err = services.HandlePolicyEvaluation(cmd, policyWrapper, scan, ignorePolicy, agent, waitDelay, policyTimeout)
+			if err != nil {
+				return err
+			}
+		} else {
+			logger.PrintIfVerbose("Policy violations aren't returned in the pipeline for scans run in async mode.")
 		}
 
 		if sastRedundancy {
diff --git a/test/integration/scan_test.go b/test/integration/scan_test.go
@@ -2135,3 +2135,32 @@ func TestScanCreate_WithContainerFilterFlagsAndResubmitFlag_CreatingScanWithLate
 	assert.Equal(t, createdScanConfig.Value[commands.ConfigContainersImagesFilterKey], "*dev", "Image tag filter should be equal")
 	assert.Equal(t, createdScanConfig.Value[commands.ConfigContainersPackagesFilterKey], "^internal-.*", "Package filter should be equal")
 }
+
+func TestCreateScanWithAsyncFlag_TryShowResults_PolicyNotEvaluated(t *testing.T) {
+	createASTIntegrationTestCommand(t)
+	configuration.LoadConfiguration()
+	args := []string{
+		"scan", "create",
+		flag(params.ProjectName), getProjectNameForScanTests(),
+		flag(params.SourcesFlag), Zip,
+		flag(params.ScanTypes), "sast,iac-security,sca",
+		flag(params.BranchFlag), "main",
+		flag(params.AsyncFlag),
+		flag(params.ScanInfoFormatFlag), printer.FormatJSON,
+	}
+	scanID, _ := executeCreateScan(t, args)
+	assert.Assert(t, scanID != "", "Scan ID should not be empty")
+
+	var buf bytes.Buffer
+	log.SetOutput(&buf)
+
+	_ = executeCmdNilAssertion(
+		t, "Results show generating JSON report with options should pass",
+		"results", "show",
+		flag(params.ScanIDFlag), scanID,
+		flag(params.TargetFormatFlag), printer.FormatSummaryConsole,
+		flag(params.DebugFlag),
+	)
+	log.SetOutput(os.Stderr)
+	assert.Assert(t, strings.Contains(buf.String(), "Policy violations aren't returned in the pipeline for scans run in async mode."), "policy shouldn't evaluate in running scan")
+}
