Codiga has joined Datadog!

Read the Blog·

Interested in our Static Analysis?

Sign up
← All posts
Julien Delange Thursday, October 13, 2022

Python Best Practices: always use a timeout with the requests library

Share

AUTHOR

Julien Delange, Founder and CEO

Julien is the CEO of Codiga. Before starting Codiga, Julien was a software engineer at Twitter and Amazon Web Services.

Julien has a PhD in computer science from Universite Pierre et Marie Curie in Paris, France.

See all articles

The requests Python package is the reference Python library to interact with API and distributed systems. The library is well-tested, and there are plenty of code snippets and examples for how to use it.

However, if used improperly, the requests library can cause issues and make your program behaves differently that you would expect. Today, we look specifically at why using a timeout parameter is important for system performance.

Why using a timeout when using requests is important?

When using requests.get, requests.put (or any method to connect to a remote server) without a timeout parameter, the request may hang for minutes before returning, especially if the server is slow or if the machine issuing the request has some connectivity issues.

This is an important issue, especially for backend systems that need to quickly process data and get responses from remote servers.

To overcome this issue, the best way is to set a timeout in the requests.get or requests.put call. If the timeout occurs, a TimeoutException needs to be correctly handled. In this case, the best way is to catch and handle the error, as shown below.

The following code block shows how to use requests.get properly with a timeout argument and handle the exception.

import requests
import logging

try:
  requests.get("https://api.service/endpoint", timeout=1)
except requests.exceptions.Timeout:
  logging.error("timeout raised, recovering")

Note that this error applies to all methods from the requests library: requests.get, requests.put, requests.post, etc.

How to ensure you always use a timeout when using the requests library?

We often forget good coding practices, especially when they are specific to a particular library. Codiga automatically detects when the timeout argument is missing for each requests library call. Not only Codiga detects when the timeout is missing but it also adds the timeout to your code in a single click.

Codiga Rule to check usage of timeout parameter

Codiga also provides more code analysis rules for Python and reports all OWASP10 and CWE25 issues in Python. If you want to be sure to detect any issue in your code:

  1. install the Codiga plugin (for VS Code or JetBrains)
  2. create a codiga.yml file at the root of your project with the following content.
rulesets:
  - python-security

You can also use other analysis rules, the Codiga community shares code analysis publicly on the Codiga Hub.

Learn More

Are you interested in Datadog Static Analysis?

Sign up