ignore requests_mock for request-without-timeout

this is a false positive, see PyCQA#996
duncanmmacleod · Aug 8, 2023 · bd861cc · bd861cc
1 parent 3aaa2b0
commit bd861cc
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/bandit/plugins/request_without_timeout.py b/bandit/plugins/request_without_timeout.py
@@ -55,6 +55,7 @@ def request_without_timeout(context):
     if (
         "requests" in context.call_function_name_qual
         and context.call_function_name in http_verbs
+        and context.call_function_name_qual.rsplit(".", 1)[0] != "requests_mock"
     ):
         # check for missing timeout
         if context.check_call_arg_value("timeout") is None:

diff --git a/examples/requests-missing-timeout.py b/examples/requests-missing-timeout.py
@@ -21,3 +21,8 @@
 requests.head('https://gmail.com')
 requests.head('https://gmail.com', timeout=None)
 requests.head('https://gmail.com', timeout=5)
+
+import requests_mock
+requests_mock.get('https://gmail.com')
+requests_mock.get('https://gmail.com', timeout=None)
+requests_mock.get('https://gmail.com', timeout=5)
diff --git a/requirements.txt b/requirements.txt
@@ -5,4 +5,5 @@ GitPython>=1.0.1 # BSD License (3 clause)
 PyYAML>=5.3.1 # MIT
 stevedore>=1.20.0 # Apache-2.0
 colorama>=0.3.9;platform_system=="Windows" # BSD License (3 clause)
+requests-mock # Apache-2.0
 rich # MIT