ruff icon indicating copy to clipboard operation
ruff copied to clipboard
verified publisher icon astral-sh

Implement `flake8-requests`

Open takkaria opened this issue 2 years ago • 1 comments

It's really nice to have a linter catch when you don't provide a timeout to a request call (r2c-requests-use-timeout).

Though I can't find it on GitHub, only on PyPi.

takkaria avatar Jan 31 '23 13:01 takkaria

Looks like bento.dev no longer resolves and the Wayback Machine points to semgrep.dev...

Anyway, rules:

  • [ ] r2c-requests-no-auth-over-http: Alerts when auth param is possibly used over http://, which could expose credentials.
  • [ ] r2c-requests-use-scheme: Alerts when URLs passed to requests API methods don't have a URL scheme (e.g., https://), otherwise an exception will be thrown.
  • [x] r2c-requests-use-timeout: This check detects when a requests API method has been called without a timeout. requests will hang forever without a timeout; add a timeout to prevent this behavior.

ngnpope avatar Jan 31 '23 13:01 ngnpope

I was about to suggest the same for flake8-timeout, but stumbled across this. The added bonus with flake8-timeout is that it also catches cases where no timeout is passed to urllib.request.open as well.

benjamb avatar Jun 04 '24 15:06 benjamb