telnetlib — no timeout
Synchronous Access of Telnet without Timeout
The telnetlib.Telnet class and the telnetlib.Telnet.open() method are
used to establish a connection to a remote server using the Telnet protocol.
By default, these operations do not enforce a timeout on the connection,
which can lead to indefinite blocking if the server is unresponsive. This
can result in resource exhaustion, application hanging, or Denial of Service
(DoS) vulnerabilities, especially in networked or production environments.
This rule ensures that a timeout parameter is provided when using
telnetlib.Telnet and telnetlib.Telnet.open() to prevent the risk of
indefinite blocking during network communications.
Failing to specify a timeout in these classes may cause the application to block indefinitely while waiting for a response from the mail server. This can lead to Denial of Service (DoS) vulnerabilities or cause the application to become unresponsive.
Example
Example Output
> precli tests/unit/rules/python/stdlib/telnetlib/examples/telnetlib_telnet_no_timeout.py
⚠️ Warning on line 9 in tests/unit/rules/python/stdlib/telnetlib/examples/telnetlib_telnet_no_timeout.py
PY044: Synchronous Access of Remote Resource without Timeout
The class 'telnetlib.Telnet' is used without a timeout, which may cause the application to block indefinitely if the remote server does not respond.
Remediation
Always provide a timeout parameter when using telnetlib.Telnet or
telnetlib.Telnet.open(). This ensures that if the mail server is unreachable
or unresponsive, the connection attempt will fail after a set period,
preventing indefinite blocking and resource exhaustion.
Alternatively, the global default timeout can be set via
socket.setdefaulttimeout(). This is a good option to enforce a consistent
timeout for any network library that uses sockets, including telnetlib.
| telnetlib_telnet_no_timeout.py | |
|---|---|
Default Configuration
See also
Info
New in version 0.6.7