External Request DoS

ID

python.external_request_dos

Severity

high

Resource

Resource Management

Language

Python

Tags

CWE:1088, NIST.SP.800-53

Description

External Request Denial of Service (DoS) occurs when an application sends requests to external services without proper control.

Rationale

This issue can affect the product’s reliability, as an outage of the remote resource may cause the product to hang. If an attacker can access the relevant code, this reliability problem could lead to a vulnerability.

import requests

def fetch_data():
    response = requests.get('https://example.com/data') # FLAW
    return response.content

Remediation

Always include a timeout when performing external requests:

import requests

def fetch_data():
    response = requests.get('https://example.com/data', timeout=60)

References