Merge branch 'main' into py3.13

ericwb · Oct 16, 2024 · c4af4a8 · c4af4a8
2 parents 17ffe7e + 8e6dc1b
commit c4af4a8
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 10 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,7 +8,7 @@ repos:
   - id: end-of-file-fixer
   - id: trailing-whitespace
 - repo: https://github.com/asottile/reorder-python-imports
-  rev: v3.13.0
+  rev: v3.14.0
   hooks:
   - id: reorder-python-imports
     args: [--application-directories, '.:src', --py38-plus]
@@ -18,7 +18,7 @@ repos:
   - id: black
     args: [--line-length=79, --target-version=py38]
 - repo: https://github.com/asottile/pyupgrade
-  rev: v3.17.0
+  rev: v3.18.0
   hooks:
   - id: pyupgrade
     args: [--py38-plus]

diff --git a/bandit/plugins/request_without_timeout.py b/bandit/plugins/request_without_timeout.py
@@ -59,12 +59,7 @@ def request_without_timeout(context):
     HTTPX_ATTRS = {"request", "stream", "Client", "AsyncClient"} | HTTP_VERBS
     qualname = context.call_function_name_qual.split(".")[0]
 
-    if (
-        qualname == "requests"
-        and context.call_function_name in HTTP_VERBS
-        or qualname == "httpx"
-        and context.call_function_name in HTTPX_ATTRS
-    ):
+    if qualname == "requests" and context.call_function_name in HTTP_VERBS:
         # check for missing timeout
         if context.check_call_arg_value("timeout") is None:
             return bandit.Issue(
@@ -73,6 +68,12 @@ def request_without_timeout(context):
                 cwe=issue.Cwe.UNCONTROLLED_RESOURCE_CONSUMPTION,
                 text=f"Call to {qualname} without timeout",
             )
+    if (
+        qualname == "requests"
+        and context.call_function_name in HTTP_VERBS
+        or qualname == "httpx"
+        and context.call_function_name in HTTPX_ATTRS
+    ):
         # check for timeout=None
         if context.check_call_arg_value("timeout", "None"):
             return bandit.Issue(

diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
@@ -368,8 +368,8 @@ def test_requests_ssl_verify_disabled(self):
     def test_requests_without_timeout(self):
         """Test for the `requests` library missing timeouts."""
         expect = {
-            "SEVERITY": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 36, "HIGH": 0},
-            "CONFIDENCE": {"UNDEFINED": 0, "LOW": 36, "MEDIUM": 0, "HIGH": 0},
+            "SEVERITY": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 25, "HIGH": 0},
+            "CONFIDENCE": {"UNDEFINED": 0, "LOW": 25, "MEDIUM": 0, "HIGH": 0},
         }
         self.check_example("requests-missing-timeout.py", expect)