The requests Python package is the reference Python library to interact with API and distributed systems. The library is well-tested, and there are plenty of code snippets and examples for how to use it.
However, if used improperly, the requests library can cause issues and make your program behaves differently that you would expect. Today, we look specifically at why using a
timeout parameter is important for system performance.
Why using a timeout when using requests is important?
requests.put (or any method to connect to a remote server) without a
timeout parameter, the request may hang for minutes before returning, especially if the server is slow or if the machine issuing the request has some connectivity issues.
This is an important issue, especially for backend systems that need to quickly process data and get responses from remote servers.
To overcome this issue, the best way is to set a timeout in the requests.get or requests.put call. If the timeout occurs, a TimeoutException needs to be correctly handled. In this case, the best way is to catch and handle the error, as shown below.
The following code block shows how to use requests.get properly with a timeout argument and handle the exception.
import requests import logging try: requests.get("https://api.service/endpoint", timeout=1) except requests.exceptions.Timeout: logging.error("timeout raised, recovering")
Note that this error applies to all methods from the requests library:
How to ensure you always use a timeout when using the requests library?
We often forget good coding practices, especially when they are specific to a particular library. Codiga automatically detects when the timeout argument is missing for each requests library call. Not only Codiga detects when the timeout is missing but it also adds the timeout to your code in a single click.
Codiga also provides more code analysis rules for Python and reports all OWASP10 and CWE25 issues in Python. If you want to be sure to detect any issue in your code:
- install the Codiga plugin (for VS Code or JetBrains)
- create a
codiga.ymlfile at the root of your project with the following content.
rulesets: - python-security
You can also use other analysis rules, the Codiga community shares code analysis publicly on the Codiga Hub.
- The requests Python library
- Timeout in Python requests - everything you need to know%20call%20on%20the%20socket.)
- Codiga rule to check that the timeout parameter is specified