Recently I added a static analysis tool (Bandit – which is an excellent tool and deserves it’s own post) to our Python microservices CI pipeline at work. Upon doing this, I discovered that our requests calls didn’t have timeouts set on them. By default, requests don’t have a timeout set.
At first, I thought it was going to be straight forward to just put a timeout on the remote calls, but upon reading the documentation I discovered that the timeout value was not quite what you’d expect – it’s not the wall time to complete the request.
https://requests.readthedocs.io/en/latest/user/quickstart/#timeouts
timeoutis not a time limit on the entire response download; rather, an exception is raised if the server has not issued a response fortimeoutseconds (more precisely, if no bytes have been received on the underlying socket fortimeoutseconds). If no timeout is specified explicitly, requests do not time out.
Ok, so that then left me concerned about whether I’d really understood the documentation properly (or whether it was just plain wrong – which I doubted, but had to make sure so as to not screw everything up)… But how?
Then I discovered something really, really useful – https://httpbin.org/ . This is a bunch of fake API endpoints that behave as you request them to – eg, take 5 seconds to respond with a 200 code, or take 3s between each byte being sent. Great! I used this to prove that the timeouts do indeed behave as documented.
Definitely one to bookmark!