Synchronous Access of Telnet without Timeout
The telnetlib.Telnet class and the telnetlib.Telnet.open() method are
used to establish a connection to a remote server using the Telnet protocol.
By default, these operations do not enforce a timeout on the connection,
which can lead to indefinite blocking if the server is unresponsive. This
can result in resource exhaustion, application hanging, or Denial of Service
(DoS) vulnerabilities, especially in networked or production environments.
This rule ensures that a timeout parameter is provided when using
telnetlib.Telnet and telnetlib.Telnet.open() to prevent the risk of
indefinite blocking during network communications.
Failing to specify a timeout in these classes may cause the application to block indefinitely while waiting for a response from the mail server. This can lead to Denial of Service (DoS) vulnerabilities or cause the application to become unresponsive.
Example
import telnetlib
telnet = telnetlib.Telnet("example.com", 23)
Remediation
Always provide a timeout parameter when using telnetlib.Telnet or
telnetlib.Telnet.open(). This ensures that if the mail server is unreachable
or unresponsive, the connection attempt will fail after a set period,
preventing indefinite blocking and resource exhaustion.
Alternatively, the global default timeout can be set via
socket.setdefaulttimeout(). This is a good option to enforce a consistent
timeout for any network library that uses sockets, including telnetlib.
import telnetlib
telnet = telnetlib.Telnet("example.com", 23, timeout=5)
False Positives
In the case of a false positive the rule can be suppressed. Simply add a
trailing or preceding comment line with either the rule ID (PY044) or
rule category name (no_timeout).
- Using rule ID
- Using category name
import telnetlib
# suppress: PY044
telnet = telnetlib.Telnet("example.com", 23)
import telnetlib
# suppress: no_timeout
telnet = telnetlib.Telnet("example.com", 23)