Skip to content

Fix code scanning alert - Add timeout parameter to all requests calls #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 2 commits into from
Closed

Fix code scanning alert - Add timeout parameter to all requests calls #62

Copilot wants to merge 2 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Oct 7, 2025
edited
Loading

Problem

GitHub Code Scanning Alert #70 identified multiple HTTP requests calls without timeout parameters. Requests without timeouts can hang indefinitely if the remote server becomes unresponsive, leading to:

  • Resource exhaustion and memory leaks
  • Application hangs and poor user experience
  • Potential denial of service vulnerabilities
  • Difficulty debugging network issues

Solution

Added timeout=30 parameter to all requests library calls that were missing it. The 30-second timeout value is:

  • Consistent with DEFAULT_TIMEOUT constant in src/rapid7/constants.py
  • Appropriate for API operations
  • Aligned with existing timeout patterns in the codebase (e.g., src/paloalto/api_pa_xdr.py)

Changes

Fixed 9 requests calls across 4 files:

1. OLD/add_smtp_alerts.py (3 calls)

  • requests.get() for retrieving SMTP alerts
  • requests.put() for updating SMTP alerts
  • requests.post() for creating SMTP alerts

2. src/rapid7/api/insightvm-api-examples-master/v3/python/run-scan/run-scan.py (2 calls)

  • requests.post() for initiating scans
  • requests.get() for checking scan status

3. src/rapid7/api/insightvm-api-examples-master/v3/python/add-asset-groups/add-asset-groups.py (1 call)

  • requests.post() for creating asset groups

4. src/rapid7/api/insightvm-api-examples-master/v3/python/IVM_functions.py (3 calls)

  • requests.request("GET") in get_stuff() method
  • requests.request("POST") in post_stuff() method
  • requests.request("PUT") in put_stuff() method

Impact

Security: Prevents indefinite hanging on network failures
Reliability: Improves application resilience and error handling
Compatibility: Zero breaking changes - purely additive modification
Consistency: Aligns with existing timeout patterns in the codebase

Testing

  • Verified all modified files maintain their original functionality
  • Confirmed timeout parameters are properly formatted and positioned
  • Validated consistency with existing codebase patterns
  • No breaking changes to API interfaces

Resolves #70

Original prompt

This section details on the original issue you should resolve

<issue_title>Fix code scanning alert - Requests call without timeout</issue_title>
<issue_description>

Tracking issue for:

<agent_instructions>verify if these issues still exist or apply</agent_instructions>

Comments on the Issue (you are @copilot in this section)

Fixes #40

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@talltechy
Add timeout=30 to all requests calls to fix security alert
4c10746 
Co-authored-by: talltechy <43618761+talltechy@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix code scanning alert for requests call without timeout Fix code scanning alert - Add timeout parameter to all requests calls Oct 7, 2025
Copilot AI requested a review from talltechy October 7, 2025 21:39
@talltechy talltechy closed this Oct 7, 2025
@talltechy talltechy deleted the copilot/fix-requests-call-timeout branch October 7, 2025 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@talltechy talltechy Awaiting requested review from talltechy

Assignees

@talltechy talltechy

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Sprint 4] Implement Vulnerabilities API Module Fix code scanning alert - Requests call without timeout

2 participants

@talltechy