search

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.
https://bandit.readthedocs.io
Apache License 2.0
6.52k stars 612 forks source link

Issue: [B113:request_without_timeout] #1062

Closed Rolstenhouse closed 5 months ago

Rolstenhouse commented 1 year ago

Describe the bug

Here's a code snippet of what's triggering the error. It's happening in a python codebase!

>> Issue: [B113:request_without_timeout] Requests call without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/0.0.0/plugins/b113_request_without_timeout.html
   Location: whatnot/repositories/orders.py:95:8
94      return [
95          refund_requests_by_order_ids.get(order_id)  # nosec B101
96          for order_id in str_order_ids

Reproduction steps

1. Create any python file with `requests` in a function name 
2. Run the linter

Expected behavior

It ignores requests when it's nested in a function

Bandit version

1.7.5 (Default)

Python version

3.11 (Default)

Additional context

No response

ericwb commented 5 months ago

This appears to already be fixed with PR #1011. In addition, there is a test case covering this scenario:

https://github.com/PyCQA/bandit/blob/main/examples/requests-missing-timeout.py#L48