Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[flake8-bandit] fix S113 false positive for httpx without timeout argument #12213

Merged
merged 3 commits into from
Jul 6, 2024
Merged

[flake8-bandit] fix S113 false positive for httpx without timeout argument #12213

merged 3 commits into from
Jul 6, 2024

Conversation

trim21
Copy link
Contributor

@trim21 trim21 commented Jul 6, 2024

Summary

S113 exists because requests doesn't have a default timeout, so request without timeout may hang indefinitely

B113: Test for missing requests timeout
This plugin test checks for requests or httpx calls without a timeout specified.

Nearly all production code should use this parameter in nearly all requests, Failure to do so can cause your program to hang indefinitely.

But httpx has default timeout 5s, so S113 for httpx request without timeout argument is a false positive, only valid case would be timeout=None.

https://www.python-httpx.org/advanced/timeouts/

HTTPX is careful to enforce timeouts everywhere by default.

The default behavior is to raise a TimeoutException after 5 seconds of network inactivity.

Test Plan

snap updated

This was referenced Jul 6, 2024
Closed
Merged
@mkniewallner
Copy link
Contributor

We should also probably update the fixture to move the calls that don't pass timeout to the "OK" section.

@trim21
Copy link
Contributor Author

trim21 commented Jul 6, 2024

We should also probably update the fixture to move the calls that don't pass timeout to the "OK" section.

make sense

@charliermarsh charliermarsh added the bug Something isn't working label Jul 6, 2024
@charliermarsh charliermarsh changed the title [flake8-bandit] fix S113 false positive for httpx without timeout argument [flake8-bandit] fix S113 false positive for httpx without timeout argument Jul 6, 2024
@charliermarsh
Copy link
Member

Thank you! Sorry that we missed this initially.

@charliermarsh charliermarsh merged commit 757c757 into astral-sh:main Jul 6, 2024
20 checks passed
@trim21 trim21 deleted the fix-s113-httpx branch July 6, 2024 19:56
@MichaReiser MichaReiser mentioned this pull request Jul 8, 2024
Closed
@BrewTestBot BrewTestBot mentioned this pull request Jul 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@trim21 @mkniewallner @charliermarsh