From 409c1eef30bb20bb661c5b31cc2f111e210dbfbe Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Sat, 2 Dec 2023 14:45:28 +0100 Subject: [PATCH] Add default timeout for HTTP requests --- src/pretix/helpers/apps.py | 5 ++++- src/pretix/helpers/monkeypatching.py | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/pretix/helpers/apps.py b/src/pretix/helpers/apps.py index d78d36f886..4e93f60b1a 100644 --- a/src/pretix/helpers/apps.py +++ b/src/pretix/helpers/apps.py @@ -27,5 +27,8 @@ class PretixHelpersConfig(AppConfig): label = 'pretixhelpers' def ready(self): - from .monkeypatching import monkeypatch_all_at_ready + from .monkeypatching import ( + monkeypatch_all_at_ready, monkeypatch_requests_timeout, + ) monkeypatch_all_at_ready() + monkeypatch_requests_timeout() diff --git a/src/pretix/helpers/monkeypatching.py b/src/pretix/helpers/monkeypatching.py index a260343a49..abd00a0b6f 100644 --- a/src/pretix/helpers/monkeypatching.py +++ b/src/pretix/helpers/monkeypatching.py @@ -19,9 +19,11 @@ # You should have received a copy of the GNU Affero General Public License along with this program. If not, see # . # +import types from datetime import datetime from PIL import Image +from requests.adapters import HTTPAdapter def monkeypatch_vobject_performance(): @@ -70,3 +72,21 @@ def monkeypatch_pillow_safer(): def monkeypatch_all_at_ready(): monkeypatch_vobject_performance() monkeypatch_pillow_safer() + + +def monkeypatch_requests_timeout(): + """ + The requests package does not by default set a timeout for outgoing HTTP requests. This is dangerous especially since + celery tasks have no timeout on the task as a whole (as web requests do), so HTTP requests to a non-responding + external service could lead to a clogging of the entire celery queue. + """ + old_httpadapter_send = HTTPAdapter.send + + def httpadapter_send(self, request, timeout=None, **kwargs): + if timeout is None: + timeout = 3 + return types.MethodType(old_httpadapter_send, self)(request, timeout=timeout, **kwargs) + + HTTPAdapter.send = httpadapter_send + monkeypatch_vobject_performance() + monkeypatch_pillow_safer()