AUTHOR
Julien Delange, Founder and CEO
Julien is the CEO of Codiga. Before starting Codiga, Julien was a software engineer at Twitter and Amazon Web Services.
Julien has a PhD in computer science from Universite Pierre et Marie Curie in Paris, France.
The requests Python package is the reference Python library to interact with API and distributed systems. The library is well-tested, and there are plenty of code snippets and examples for how to use it.
However, if used improperly, the requests library can cause issues and make your program behaves differently that you would expect. Today, we look specifically at why using a timeout
parameter is important for system performance.
Why using a timeout when using requests is important?
When using requests.get
, requests.put
(or any method to connect to a remote server) without a timeout
parameter, the request may hang for minutes before returning, especially if the server is slow or if the machine issuing the request has some connectivity issues.
This is an important issue, especially for backend systems that need to quickly process data and get responses from remote servers.
To overcome this issue, the best way is to set a timeout in the requests.get or requests.put call. If the timeout occurs, a TimeoutException needs to be correctly handled. In this case, the best way is to catch and handle the error, as shown below.
The following code block shows how to use requests.get properly with a timeout argument and handle the exception.
import requests
import logging
try:
requests.get("https://api.service/endpoint", timeout=1)
except requests.exceptions.Timeout:
logging.error("timeout raised, recovering")
Note that this error applies to all methods from the requests library: requests.get
, requests.put
, requests.post
, etc.
How to ensure you always use a timeout when using the requests library?
We often forget good coding practices, especially when they are specific to a particular library. Codiga automatically detects when the timeout argument is missing for each requests library call. Not only Codiga detects when the timeout is missing but it also adds the timeout to your code in a single click.
Codiga also provides more code analysis rules for Python and reports all OWASP10 and CWE25 issues in Python. If you want to be sure to detect any issue in your code:
- install the Codiga plugin (for VS Code or JetBrains)
- create a
codiga.yml
file at the root of your project with the following content.
rulesets:
- python-security
You can also use other analysis rules, the Codiga community shares code analysis publicly on the Codiga Hub.
Learn More
- The requests Python library
- Timeout in Python requests - everything you need to know%20call%20on%20the%20socket.)
- Codiga rule to check that the timeout parameter is specified