Skip to content

REFACTOR: Specify timeout value in every calls to requests.post() and requests.get()#291

Open
ecoussoux-ansys wants to merge 2 commits intomainfrom
refactor/fix-requests-without-timeout
Open

REFACTOR: Specify timeout value in every calls to requests.post() and requests.get()#291
ecoussoux-ansys wants to merge 2 commits intomainfrom
refactor/fix-requests-without-timeout

Conversation

@ecoussoux-ansys
Copy link
Collaborator

@ecoussoux-ansys ecoussoux-ansys commented Dec 9, 2025

This PR introduces the definition of a timeout value in every calls to requests.post() and requests.get().

Using these methods without a timeout can lead to hanging requests, which can be exploited by attackers to cause denial of service (DoS) conditions. This topic is further discussed here and exemplified in the pyansys dev-guide here.

To the reviewers: The 60 seconds currently specified for the timeouts are arbitrary and can be updated if other values would make more sense!

@ecoussoux-ansys ecoussoux-ansys self-assigned this Dec 9, 2025
@ecoussoux-ansys ecoussoux-ansys added the maintenance Package and maintenance related label Dec 9, 2025
@ecoussoux-ansys
Copy link
Collaborator Author

ecoussoux-ansys commented Dec 9, 2025

I now realise that similar changes made in ansys/pyaedt-toolkits-common#285 have defined a DEFAULT_REQUESTS_TIMEOUT = 10 constant as the timeout value used in most calls to requests methods (in the ui/actions_generic.py file).
However, it seems that this value is not exactly used for all timeouts throughout the toolkits-common, so I am not sure if it should be preferred to the value of 60 defined for now..?

@SMoraisAnsys
Copy link
Collaborator

SMoraisAnsys commented Dec 9, 2025

I now realise that similar changes made in ansys/pyaedt-toolkits-common#285 have defined a DEFAULT_REQUESTS_TIMEOUT = 10 constant as the timeout value used in most calls to requests methods (in the ui/actions_generic.py file). However, it seems that this value is not exactly used for all timeouts throughout the toolkits-common, so I am not sure if it should be preferred to the value of 60 defined for now..?

I think that it mainly depends on the type of call. In some cases, a request can take a lot of time. For example, if we have an end point associated to a "solve" action then 10 seconds might not be enough. @gmalinve can you let us know if there is a reason not to leave a timeout of 60 as suggested by @ecoussoux-ansys ? Maybe magnet_loss, project_materials and design_setups can be lowered to DEFAULT_REQUESTS_TIMEOUT ?

@ecoussoux-ansys
Copy link
Collaborator Author

ecoussoux-ansys commented Jan 6, 2026

@gmalinve if I recall properly from our discussion before the vacation, you told me that you did not really have a precise overview of how complex the geometries processed by the toolkit would be and that you would therefore be fine with an undifferentiated default value for the timeouts, set to 60 seconds for now. Is that correct?

If yes, then I believe this PR would be ready from my side (failing jobs in the CI are addressed in #294 and are not related to the changes introduced here).
Thanks!

@SMoraisAnsys SMoraisAnsys mentioned this pull request Feb 3, 2026
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SMoraisAnsys SMoraisAnsys Awaiting requested review from SMoraisAnsys

At least 1 approving review is required to merge this pull request.

Assignees

@ecoussoux-ansys ecoussoux-ansys

Labels

maintenance Package and maintenance related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ecoussoux-ansys @SMoraisAnsys @pyansys-ci-bot