chore(pre-commit): autoupdate hooks

.pre-commit-config.yaml

@@ -48,7 +48,7 @@ repos:
           - python
 
   - repo: https://github.com/pycqa/bandit
-    rev: 1.7.4
+    rev: 1.7.5
     hooks:
       - id: bandit
         args: ["-ll"]

benefits/core/analytics.py

@@ -128,7 +128,12 @@ def send(self, event):
             payload = self._payload(event)
             logger.debug(f"Sending event payload: {payload}")
 
-            r = requests.post(self.url, headers=self.headers, json=payload)
+            r = requests.post(
+                self.url,
+                headers=self.headers,
+                json=payload,
+                timeout=settings.REQUESTS_TIMEOUT,
+            )
             if r.status_code == 200:
                 logger.debug(f"Event sent successfully: {r.json()}")
             elif r.status_code == 400:

benefits/core/models.py

@@ -3,6 +3,7 @@
 """
 import logging
 
+from django.conf import settings
 from django.db import models
 from django.urls import reverse
 
@@ -31,7 +32,7 @@ def data(self):
         if self.text:
             return self.text
         elif self.remote_url:
-            self.text = requests.get(self.remote_url).text
+            self.text = requests.get(self.remote_url, timeout=settings.REQUESTS_TIMEOUT).text
 
         self.save()
         return self.text

benefits/core/recaptcha.py

@@ -26,6 +26,6 @@ def verify(form_data: dict) -> bool:
         return False
 
     payload = dict(secret=settings.RECAPTCHA_SECRET_KEY, response=form_data[DATA_FIELD])
-    response = requests.post(settings.RECAPTCHA_VERIFY_URL, payload).json()
+    response = requests.post(settings.RECAPTCHA_VERIFY_URL, payload, timeout=settings.REQUESTS_TIMEOUT).json()
 
     return bool(response["success"])

benefits/enrollment/api.py

@@ -5,6 +5,7 @@
 from tempfile import NamedTemporaryFile
 import time
 
+from django.conf import settings
 import requests
 
 
@@ -123,15 +124,42 @@ def _make_url(self, *parts):
 
     def _get(self, url, payload, headers=None):
         h = self._headers(headers)
-        return self._cert_request(lambda verify, cert: requests.get(url, headers=h, params=payload, verify=verify, cert=cert))
+        return self._cert_request(
+            lambda verify, cert: requests.get(
+                url,
+                headers=h,
+                params=payload,
+                verify=verify,
+                cert=cert,
+                timeout=settings.REQUESTS_TIMEOUT,
+            )
+        )
 
     def _patch(self, url, payload, headers=None):
         h = self._headers(headers)
-        return self._cert_request(lambda verify, cert: requests.patch(url, headers=h, json=payload, verify=verify, cert=cert))
+        return self._cert_request(
+            lambda verify, cert: requests.patch(
+                url,
+                headers=h,
+                json=payload,
+                verify=verify,
+                cert=cert,
+                timeout=settings.REQUESTS_TIMEOUT,
+            )
+        )
 
     def _post(self, url, payload, headers=None):
         h = self._headers(headers)
-        return self._cert_request(lambda verify, cert: requests.post(url, headers=h, json=payload, verify=verify, cert=cert))
+        return self._cert_request(
+            lambda verify, cert: requests.post(
+                url,
+                headers=h,
+                json=payload,
+                verify=verify,
+                cert=cert,
+                timeout=settings.REQUESTS_TIMEOUT,
+            )
+        )
 
     def _cert_request(self, request_func):
         """

benefits/settings.py

@@ -309,3 +309,10 @@ def _filter_empty(ls):
 ]
 env_style_src = _filter_empty(os.environ.get("DJANGO_CSP_STYLE_SRC", "").split(","))
 CSP_STYLE_SRC.extend(env_style_src)
+
+# Configuration for requests
+# https://requests.readthedocs.io/en/latest/user/advanced/#timeouts
+
+REQUESTS_CONNECT_TIMEOUT = os.environ.get("REQUESTS_CONNECT_TIMEOUT", 3)
+REQUESTS_READ_TIMEOUT = os.environ.get("REQUESTS_READ_TIMEOUT", 1)
+REQUESTS_TIMEOUT = (REQUESTS_CONNECT_TIMEOUT, REQUESTS_READ_TIMEOUT)

docs/configuration/environment-variables.md

@@ -153,6 +153,20 @@ Comma-separated list of hosts which are trusted origins for unsafe requests (e.g
 
 Comma-separated list of User-Agent strings which, when present as an HTTP header, should only receive healthcheck responses. Used by our `HealthcheckUserAgents` middleware.
 
+## `requests` configuration
+
+!!! tldr "`requests` docs"
+
+    [Docs for timeouts](https://requests.readthedocs.io/en/latest/user/advanced/#timeouts)
+
+### `REQUESTS_CONNECT_TIMEOUT`
+
+The number of seconds `requests` will wait for the client to establish a connection to a remote machine. Defaults to 3 seconds.
+
+### `REQUESTS_READ_TIMEOUT`
+
+The number of seconds the client will wait for the server to send a response. Defaults to 1 second.
+
 ## Cypress tests
 
 !!! tldr "Cypress docs"

tests/pytest/core/test_models.py

@@ -1,3 +1,4 @@
+from django.conf import settings
 import pytest
 
 from benefits.core.models import EligibilityType, EligibilityVerifier, TransitAgency
@@ -29,7 +30,7 @@ def test_PemData_data_remote(model_PemData, mocker):
     assert model_PemData.text
     assert data == "PEM text"
     assert data == model_PemData.text
-    requests_spy.assert_called_once_with(model_PemData.remote_url)
+    requests_spy.assert_called_once_with(model_PemData.remote_url, timeout=settings.REQUESTS_TIMEOUT)
 
 
 @pytest.mark.django_db