Add timeout for requests

Bandit emits errors for request methods without the timeout parameter. It's better to follow the instruction to avoid hanging. Added timeout parameters and config options to set timeout. [1] https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html Change-Id: I0c022c3cc57f30530ebdef6e434753ece2bdf912
2023-03-18 00:35:47 +09:00 · 2023-03-18 00:35:47 +09:00 · 92cdf8a0a5
commit 92cdf8a0a5
parent a59020fdab
2 changed files with 17 additions and 4 deletions
--- a/keystonemiddleware/ec2_token.py
+++ b/keystonemiddleware/ec2_token.py
@ -44,6 +44,8 @@ keystone_ec2_opts = [
                    'CAs.'),
    cfg.BoolOpt('insecure', default=False,
                help='Disable SSL certificate verification.'),
+    cfg.IntOpt('timeout', default=60,
+               help='Timeout to obtain token.'),
 ]

 CONF = cfg.CONF
@ -172,9 +174,10 @@ class EC2Token(object):
        elif CONF.keystone_ec2_token.certfile:
            cert = CONF.keystone_ec2_token.certfile

-        response = requests.request('POST', CONF.keystone_ec2_token.url,
-                                    data=creds_json, headers=headers,
-                                    verify=verify, cert=cert)
+        response = requests.post(CONF.keystone_ec2_token.url,
+                                 data=creds_json, headers=headers,
+                                 verify=verify, cert=cert,
+                                 timeout=CONF.keystone_ec2_token.timeout)

        # NOTE(vish): We could save a call to keystone by
        #             having keystone return token, tenant,
--- a/keystonemiddleware/s3_token.py
+++ b/keystonemiddleware/s3_token.py
@ -33,12 +33,21 @@ This WSGI component:

 import webob

+from oslo_config import cfg
 from oslo_log import log as logging
 from oslo_serialization import jsonutils
 from oslo_utils import strutils
 import requests
 import six

+s3_opts = [
+    cfg.IntOpt('timeout', default=60,
+               help='Timeout to obtain token.'),
+]
+
+CONF = cfg.CONF
+CONF.register_opts(s3_opts, group='s3_token')
+
 PROTOCOL_NAME = 'S3 Token Authentication'


@ -113,7 +122,8 @@ class S3Token(object):
        try:
            response = requests.post('%s/v2.0/s3tokens' % self._request_uri,
                                     headers=headers, data=creds_json,
-                                     verify=self._verify)
+                                     verify=self._verify,
+                                     timeout=CONF.s3_token.timeout)
        except requests.exceptions.RequestException as e:
            self._logger.info('HTTP connection exception: %s', e)
            resp = self._deny_request('InvalidURI')