Synchronous Access of httpx without Timeoutâ
The httpx.get() and similar functions are used to make standard HTTP
requests to a web server. By default, this function enforces a five second
timeout on the network connection. But if the timeout is set to None, this
means that an application could block indefinitely if the server is
unresponsive or experiences a network issue. This can result in resource
exhaustion, Denial of Service (DoS), or unresponsive behavior in the
application, especially in production environments.
This rule ensures that a timeout parameter is not set to None when calling
httpx.get() and similar functions to prevent the risk of indefinite
blocking during the HTTP requests.
If timeout is set to None as specified in httpx.get(), the application may
block indefinitely while waiting for a response from the server. This can
lead to resource exhaustion, slow performance, or unresponsive behavior in the
application.
Exampleâ
import httpx
httpx.get("https://localhost", timeout=None)
Remediationâ
Always provide a timeout parameter when using httpx.get and similar
functions. This ensures that if the HTTP server is unreachable or
unresponsive, the connection attempt will fail after a set period, preventing
indefinite blocking and resource exhaustion.
Note, unlike other socket functions, httpx ignores the socket global default timeout and maintains its own value. So setting the global default timeout will have no effect.
import httpx
httpx.get("https://localhost", timeout=5)
False Positivesâ
In the case of a false positive the rule can be suppressed. Simply add a
trailing or preceding comment line with either the rule ID (PY533) or
rule category name (no_timeout).
- Using rule ID
- Using category name
import httpx
# suppress: PY533
httpx.get("https://localhost", timeout=None)
import httpx
# suppress: no_timeout
httpx.get("https://localhost", timeout=None)