Remove skipped bandit check B113 and fixed issues for "[B113:request_without_timeout] Call to requests without timeout Severity: Medium Confidence: Low"

Author: erikamov

.pre-commit-config.yaml

@@ -34,7 +34,7 @@ repos:
     rev: 1.8.6
     hooks:
       - id: bandit
-        args: ["-ll", "--skip=B608,B113"]
+        args: ["-ll", "--skip=B608"]
         files: .py$
   - repo: https://github.com/sqlfluff/sqlfluff
     rev: 3.0.6

airflow/dags/dags.py

@@ -39,11 +39,13 @@ def log_failure_to_slack(context):
 
     <{ti.log_url}| Check Log >
     """  # noqa: E221, E222
-        requests.post(slack_url, json={"text": message})
+        requests.post(slack_url, json={"text": message}, timeout=5)
 
     # This is very broad but we want to try to log _any_ exception to slack
     except Exception as e:
-        requests.post(slack_url, json={"text": f"failed to log {type(e)} to slack"})
+        requests.post(
+            slack_url, json={"text": f"failed to log {type(e)} to slack"}, timeout=5
+        )
 
 
 for dag_directory in dag_directories:

airflow/plugins/operators/scrape_state_geoportal.py

@@ -57,7 +57,7 @@ def _make_api_request(self, url: str, params: Dict[str, Any], offset: int) -> Di
         """Make API request with proper error handling."""
         try:
             params["resultOffset"] = offset
-            response = requests.get(url, params=params)
+            response = requests.get(url, params=params, timeout=5)
             response.raise_for_status()
             return response.json()
         except requests.exceptions.HTTPError as e:

apps/maps/calitp_map_utils/__init__.py

@@ -81,7 +81,7 @@ def validate_geojson(
     is_compressed = path.endswith(".gz")
 
     if path.startswith("https://"):
-        resp = requests.get(path)
+        resp = requests.get(path, timeout=5)
         resp.raise_for_status()
         d = json.loads(
             gzip.decompress(resp.content).decode() if is_compressed else resp.text
@@ -155,7 +155,7 @@ def validate_layers(
                 typer.secho(
                     f"Checking that {typer.style(layer.url, fg=typer.colors.CYAN)} exists..."
                 )
-            resp = requests.head(layer.url)
+            resp = requests.head(layer.url, timeout=5)
 
             try:
                 resp.raise_for_status()

packages/calitp-data-analysis/calitp_data_analysis/utils.py

@@ -267,6 +267,7 @@ def upload_file_to_github(
         f"{BASE}/repos/{repo}/contents/{os.path.dirname(path)}",
         params={"ref": branch},
         headers={"Authorization": f"token {token}"},
+        timeout=5,
     )
     r.raise_for_status()
     item = next(i for i in r.json() if i["path"] == path)
@@ -286,6 +287,7 @@ def upload_file_to_github(
             "sha": sha,
             "content": base64.b64encode(contents).decode("utf-8"),
         },
+        timeout=5,
     )
     r.raise_for_status()
     return

warehouse/scripts/publish.py

@@ -176,6 +176,7 @@ def ckan_request(action: str, data: Dict) -> Response:
             f"{url}/api/action/{action}",
             data=encoder,
             headers={"Content-Type": encoder.content_type, "X-CKAN-API-Key": API_KEY},  # type: ignore
+            timeout=5,
         )
 
     if fsize <= CHUNK_SIZE:
@@ -185,6 +186,7 @@ def ckan_request(action: str, data: Dict) -> Response:
             data={"id": resource_id},
             headers={"Authorization": API_KEY},  # type: ignore
             files={"upload": file},
+            timeout=5,
         )
         try:
             response.raise_for_status()