Skip to content

[flake8-bandit] fix S113 false positive for httpx without timeout argument#12213

Merged
charliermarsh merged 3 commits intoastral-sh:mainfrom
trim21:fix-s113-httpx
Jul 6, 2024
Merged

[flake8-bandit] fix S113 false positive for httpx without timeout argument#12213
charliermarsh merged 3 commits intoastral-sh:mainfrom
trim21:fix-s113-httpx

Conversation

@trim21
Copy link
Copy Markdown
Contributor

@trim21 trim21 commented Jul 6, 2024

Summary

S113 exists because requests doesn't have a default timeout, so request without timeout may hang indefinitely

B113: Test for missing requests timeout
This plugin test checks for requests or httpx calls without a timeout specified.

Nearly all production code should use this parameter in nearly all requests, Failure to do so can cause your program to hang indefinitely.

But httpx has default timeout 5s, so S113 for httpx request without timeout argument is a false positive, only valid case would be timeout=None.

https://www.python-httpx.org/advanced/timeouts/

HTTPX is careful to enforce timeouts everywhere by default.

The default behavior is to raise a TimeoutException after 5 seconds of network inactivity.

Test Plan

snap updated

This was referenced Jul 6, 2024
Closed
Merged
@mkniewallner
Copy link
Copy Markdown
Contributor

mkniewallner commented Jul 6, 2024

We should also probably update the fixture to move the calls that don't pass timeout to the "OK" section.

@trim21
Copy link
Copy Markdown
Contributor Author

trim21 commented Jul 6, 2024

We should also probably update the fixture to move the calls that don't pass timeout to the "OK" section.

make sense

@charliermarsh charliermarsh added the bug Something isn't working label Jul 6, 2024
@charliermarsh charliermarsh changed the title [flake8-bandit] fix S113 false positive for httpx without timeout argument [flake8-bandit] fix S113 false positive for httpx without timeout argument Jul 6, 2024
@charliermarsh
Copy link
Copy Markdown
Member

charliermarsh commented Jul 6, 2024

Thank you! Sorry that we missed this initially.

@charliermarsh charliermarsh merged commit 757c757 into astral-sh:main Jul 6, 2024
@trim21 trim21 deleted the fix-s113-httpx branch July 6, 2024 19:56
@MichaReiser MichaReiser mentioned this pull request Jul 8, 2024
Closed
@BrewTestBot BrewTestBot mentioned this pull request Jul 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@trim21 @mkniewallner @charliermarsh