python/cherry-picker

Bandit 1.7.5 found missing request timeout

rffontenelle opened this issue · 0 comments

Bandit 1.7.5 adds B113:request_without_timeout and the following issue was found in this workflow run:

>> Issue: [B113:request_without_timeout] Requests call without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html
   Location: ./cherry_picker/cherry_picker.py:443:19
442	        url = CREATE_PR_URL_TEMPLATE.format(config=self.config)
443	        response = requests.post(url, headers=request_headers, json=data)
444	        if response.status_code == requests.codes.created: