Add a timeout for requests.get() calls that lacked one

This resolved an issue from the bandit linter.
cisagov · Dec 21, 2023 · 5539d2d · 5539d2d
1 parent 3acfc31
commit 5539d2d
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/src/pshtt/pshtt.py b/src/pshtt/pshtt.py
@@ -1569,8 +1569,12 @@ def load_preload_pending():
     pending_url = "https://hstspreload.org/api/v2/pending"
 
     try:
-        request = requests.get(pending_url)
-    except (requests.exceptions.SSLError, requests.exceptions.ConnectionError) as err:
+        request = requests.get(pending_url, timeout=TIMEOUT)
+    except (
+        requests.exceptions.SSLError,
+        requests.exceptions.ConnectionError,
+        requests.exceptions.ConnectTimeout,
+    ) as err:
         logging.exception("Failed to fetch pending preload list: %s", pending_url)
         logging.debug(err)
         return []
@@ -1601,8 +1605,12 @@ def load_preload_list():
     file_url = "https://chromium.googlesource.com/chromium/src/+/main/net/http/transport_security_state_static.json?format=TEXT"
 
     try:
-        request = requests.get(file_url)
-    except (requests.exceptions.SSLError, requests.exceptions.ConnectionError) as err:
+        request = requests.get(file_url, timeout=TIMEOUT)
+    except (
+        requests.exceptions.SSLError,
+        requests.exceptions.ConnectionError,
+        requests.exceptions.ConnectTimeout,
+    ) as err:
         logging.exception("Failed to fetch preload list: %s", file_url)
         logging.debug(err)
         return []