Bug 2225453

Summary: Bandit complains B113:request_without_timeout
Product: Red Hat OpenStack Reporter: Szymon Datko <sdatko>
Component: python-keystonemiddlewareAssignee: Dave Wilde <dwilde>
Status: NEW --- QA Contact: Jeremy Agee <jagee>
Severity: medium Docs Contact:
Priority: medium    
Version: 18.0 (Zed)CC: dwilde
Target Milestone: z2Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Szymon Datko 2023-07-25 10:57:10 UTC
Hello,

we observe a failure in PEP8 job executed as part of Component CI for OSP 18

```
2023-07-20 04:45:51.631043 | container | [1000] /home/zuul/src/code.engineering.redhat.com/python-keystonemiddleware$ /home/zuul/src/code.engineering.redhat.com/python-keystonemiddleware/.tox/pep8/bin/bandit -r keystonemiddleware -x tests -n5
2023-07-20 04:45:51.840526 | container | [main]	INFO	profile include tests: None
2023-07-20 04:45:51.840603 | container | [main]	INFO	profile exclude tests: None
2023-07-20 04:45:51.840616 | container | [main]	INFO	cli include tests: None
2023-07-20 04:45:51.840625 | container | [main]	INFO	cli exclude tests: None
2023-07-20 04:45:51.841125 | container | [main]	INFO	running on Python 3.9.16
2023-07-20 04:45:52.288768 | container | Run started:2023-07-20 04:45:52.288406
2023-07-20 04:45:52.288819 | container |
2023-07-20 04:45:52.288828 | container | Test results:
2023-07-20 04:45:52.288834 | container | >> Issue: [B113:request_without_timeout] Requests call without timeout
2023-07-20 04:45:52.288841 | container |    Severity: Medium   Confidence: Low
2023-07-20 04:45:52.288868 | container |    CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
2023-07-20 04:45:52.288876 | container |    More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html
2023-07-20 04:45:52.288883 | container |    Location: keystonemiddleware/s3_token.py:114:23
2023-07-20 04:45:52.288891 | container | 112	        headers = {'Content-Type': 'application/json'}
2023-07-20 04:45:52.288897 | container | 113	        try:
2023-07-20 04:45:52.288903 | container | 114	            response = requests.post('%s/v2.0/s3tokens' % self._request_uri,
2023-07-20 04:45:52.288909 | container | 115	                                     headers=headers, data=creds_json,
2023-07-20 04:45:52.288915 | container | 116	                                     verify=self._verify)
2023-07-20 04:45:52.288921 | container | 117	        except requests.exceptions.RequestException as e:
2023-07-20 04:45:52.288927 | container | 118	            self._logger.info('HTTP connection exception: %s', e)
2023-07-20 04:45:52.288933 | container |
2023-07-20 04:45:52.288939 | container | --------------------------------------------------
2023-07-20 04:45:52.288944 | container |
2023-07-20 04:45:52.288950 | container | Code scanned:
2023-07-20 04:45:52.288956 | container | 	Total lines of code: 2738
2023-07-20 04:45:52.288962 | container | 	Total lines skipped (#nosec): 3
2023-07-20 04:45:52.288968 | container | 	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0
2023-07-20 04:45:52.288974 | container |
2023-07-20 04:45:52.288980 | container | Run metrics:
2023-07-20 04:45:52.288986 | container | 	Total issues (by severity):
2023-07-20 04:45:52.288991 | container | 		Undefined: 0
2023-07-20 04:45:52.288997 | container | 		Low: 0
2023-07-20 04:45:52.289003 | container | 		Medium: 1
2023-07-20 04:45:52.289013 | container | 		High: 0
2023-07-20 04:45:52.289019 | container | 	Total issues (by confidence):
2023-07-20 04:45:52.289024 | container | 		Undefined: 0
2023-07-20 04:45:52.289030 | container | 		Low: 1
2023-07-20 04:45:52.289036 | container | 		Medium: 0
2023-07-20 04:45:52.289061 | container | 		High: 0
2023-07-20 04:45:52.289069 | container | Files skipped (0):
2023-07-20 04:45:52.327047 | container | ERROR: InvocationError for command /home/zuul/src/code.engineering.redhat.com/python-keystonemiddleware/.tox/pep8/bin/bandit -r keystonemiddleware -x tests -n5 (exited with code 1)
```

You can use this change for debugging the issue.
https://code.engineering.redhat.com/gerrit/c/python-keystonemiddleware/+/445369

Yours,
Szymon