Synchronous Access of requests
without Timeoutâ
The requests.get()
and similar functions are used to make standard HTTP
requests to a web server. By default, this function does not enforce a
timeout on the network connection, which means that an application
could block indefinitely if the server is unresponsive or experiences a
network issue. This can result in resource exhaustion, Denial of Service
(DoS), or unresponsive behavior in the application, especially in production
environments.
This rule ensures that a timeout parameter is provided when calling
requests.get()
and similar functions to prevent the risk of indefinite
blocking during the HTTP requests.
If no timeout is specified in requests.get()
, the application may block
indefinitely while waiting for a response from the server. This can
lead to resource exhaustion, slow performance, or unresponsive behavior in the
application.
Exampleâ
import requests
requests.get("https://localhost")
Remediationâ
Always provide a timeout parameter when using requests.get
and similar
functions. This ensures that if the HTTP server is unreachable or
unresponsive, the connection attempt will fail after a set period, preventing
indefinite blocking and resource exhaustion.
Alternatively, the global default timeout can be set via
socket.setdefaulttimeout()
. This is a good option to enforce a consistent
timeout for any network library that uses sockets, including requests
.
import requests
requests.get("https://localhost", timeout=5)
False Positivesâ
In the case of a false positive the rule can be suppressed. Simply add a
trailing or preceding comment line with either the rule ID (PY532
) or
rule category name (no_timeout
).
- Using rule ID
- Using category name
import requests
# suppress: PY532
requests.get("https://localhost")
import requests
# suppress: no_timeout
requests.get("https://localhost")