diff options
author | Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp> | 2023-03-18 00:35:47 +0900 |
---|---|---|
committer | Hiromu Asahina <hiromu.asahina.az@hco.ntt.co.jp> | 2023-03-18 01:11:53 +0900 |
commit | 92cdf8a0a5df0a7862eaa950060794a43b8ad4ec (patch) | |
tree | 84b2fe998a6e84363fa1f105d507f61a2b677f12 | |
parent | a59020fdab670314ac1ab3d0b77e89b352d7cf27 (diff) | |
download | keystonemiddleware-92cdf8a0a5df0a7862eaa950060794a43b8ad4ec.tar.gz |
Bandit emits errors for request methods without the timeout parameter.
It's better to follow the instruction to avoid hanging.
Added timeout parameters and config options to set timeout.
[1] https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html
Change-Id: I0c022c3cc57f30530ebdef6e434753ece2bdf912
-rw-r--r-- | keystonemiddleware/ec2_token.py | 9 | ||||
-rw-r--r-- | keystonemiddleware/s3_token.py | 12 |
2 files changed, 17 insertions, 4 deletions
diff --git a/keystonemiddleware/ec2_token.py b/keystonemiddleware/ec2_token.py index faa5968..3e00646 100644 --- a/keystonemiddleware/ec2_token.py +++ b/keystonemiddleware/ec2_token.py @@ -44,6 +44,8 @@ keystone_ec2_opts = [ 'CAs.'), cfg.BoolOpt('insecure', default=False, help='Disable SSL certificate verification.'), + cfg.IntOpt('timeout', default=60, + help='Timeout to obtain token.'), ] CONF = cfg.CONF @@ -172,9 +174,10 @@ class EC2Token(object): elif CONF.keystone_ec2_token.certfile: cert = CONF.keystone_ec2_token.certfile - response = requests.request('POST', CONF.keystone_ec2_token.url, - data=creds_json, headers=headers, - verify=verify, cert=cert) + response = requests.post(CONF.keystone_ec2_token.url, + data=creds_json, headers=headers, + verify=verify, cert=cert, + timeout=CONF.keystone_ec2_token.timeout) # NOTE(vish): We could save a call to keystone by # having keystone return token, tenant, diff --git a/keystonemiddleware/s3_token.py b/keystonemiddleware/s3_token.py index d8d8e78..ad27aff 100644 --- a/keystonemiddleware/s3_token.py +++ b/keystonemiddleware/s3_token.py @@ -33,12 +33,21 @@ This WSGI component: import webob +from oslo_config import cfg from oslo_log import log as logging from oslo_serialization import jsonutils from oslo_utils import strutils import requests import six +s3_opts = [ + cfg.IntOpt('timeout', default=60, + help='Timeout to obtain token.'), +] + +CONF = cfg.CONF +CONF.register_opts(s3_opts, group='s3_token') + PROTOCOL_NAME = 'S3 Token Authentication' @@ -113,7 +122,8 @@ class S3Token(object): try: response = requests.post('%s/v2.0/s3tokens' % self._request_uri, headers=headers, data=creds_json, - verify=self._verify) + verify=self._verify, + timeout=CONF.s3_token.timeout) except requests.exceptions.RequestException as e: self._logger.info('HTTP connection exception: %s', e) resp = self._deny_request('InvalidURI') |