Synchronous Access of requests without Timeoutâ
The requests.get() and similar functions are used to make standard HTTP
requests to a web server. By default, this function does not enforce a
timeout on the network connection, which means that an application
could block indefinitely if the server is unresponsive or experiences a
network issue. This can result in resource exhaustion, Denial of Service
(DoS), or unresponsive behavior in the application, especially in production
environments.
This rule ensures that a timeout parameter is provided when calling
requests.get() and similar functions to prevent the risk of indefinite
blocking during the HTTP requests.
If no timeout is specified in requests.get(), the application may block
indefinitely while waiting for a response from the server. This can
lead to resource exhaustion, slow performance, or unresponsive behavior in the
application.
Exampleâ
import requests
requests.get("https://localhost")
Remediationâ
Always provide a timeout parameter when using requests.get and similar
functions. This ensures that if the HTTP server is unreachable or
unresponsive, the connection attempt will fail after a set period, preventing
indefinite blocking and resource exhaustion.
Alternatively, the global default timeout can be set via
socket.setdefaulttimeout(). This is a good option to enforce a consistent
timeout for any network library that uses sockets, including requests.
import requests
requests.get("https://localhost", timeout=5)
False Positivesâ
In the case of a false positive the rule can be suppressed. Simply add a
trailing or preceding comment line with either the rule ID (PY532) or
rule category name (no_timeout).
- Using rule ID
- Using category name
import requests
# suppress: PY532
requests.get("https://localhost")
import requests
# suppress: no_timeout
requests.get("https://localhost")