Insecure Request Timeout
Description
The application uses the `requests` module without configuring a timeout value for connections, which could lead to uncontrolled resource consumption and a Denial of Service (DoS).
Examples
Insecure Code
python
response = requests.get('https://example.com')Secure Code
python
response = requests.get('https://example.com', timeout=10)Remediation
Pass in a `timeout=` argument to each `requests` call.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0159 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-770 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | Denial of Service, DoS |
| OWASP | A6:2017-Security Misconfiguration, A05:2021-Security Misconfiguration |