SocketNoTimeout needs to check for 0 and negative timeouts

The SocketNoTimeout rule also needs to check for timeout values of 0 or less than 0 which also equate to no timeout. The value can also be of type float. Signed-off-by: Eric Brown <[email protected]>
securesauce · Sep 26, 2024 · 21391a8 · 21391a8
1 parent 53bd258
commit 21391a8
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 0 deletions.
diff --git a/precli/rules/python/stdlib/socket_no_timeout.py b/precli/rules/python/stdlib/socket_no_timeout.py
@@ -97,6 +97,12 @@ def analyze_call(self, context: dict, call: Call) -> Result | None:
             fix_node = argument.node
             result_node = argument.node
             content = "5"
+        elif (
+            isinstance(timeout, int) or isinstance(timeout, float)
+        ) and timeout <= 0:
+            fix_node = argument.node
+            result_node = argument.node
+            content = "5"
         else:
             return
 

diff --git a/tests/unit/rules/python/stdlib/socket/examples/socket_create_connection_timeout_0.py b/tests/unit/rules/python/stdlib/socket/examples/socket_create_connection_timeout_0.py
@@ -0,0 +1,11 @@
+# level: WARNING
+# start_line: 9
+# end_line: 9
+# start_column: 56
+# end_column: 57
+import socket
+
+
+s = socket.create_connection(("127.0.0.1", 80), timeout=0)
+s.recv(1024)
+s.close()
diff --git a/tests/unit/rules/python/stdlib/socket/test_socket_no_timeout.py b/tests/unit/rules/python/stdlib/socket/test_socket_no_timeout.py
@@ -41,6 +41,7 @@ def test_rule_meta(self):
         "filename",
         [
             "socket_create_connection.py",
+            "socket_create_connection_timeout_0.py",
             "socket_create_connection_timeout_5.py",
             "socket_create_connection_timeout_none.py",
         ],