drb-driver-http 1.3.7__tar.gz → 1.3.8__tar.gz

{drb_driver_http-1.3.7/drb_driver_http.egg-info → drb_driver_http-1.3.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: drb-driver-http
-Version: 1.3.7
+Version: 1.3.8
 Summary: DRB Http driver
 Author: GAEL Systems
 Author-email: drb-python@gael.fr

{drb_driver_http-1.3.7 → drb_driver_http-1.3.8}/drb/drivers/http/_version.py

@@ -8,11 +8,11 @@ import json
 
 version_json = '''
 {
- "date": "2025-12-03T14:08:32+0100",
+ "date": "2026-06-10T18:50:43+0200",
  "dirty": false,
  "error": null,
- "full-revisionid": "7f16365dce55500f72150e6270825fae5d0fbbc3",
- "version": "1.3.7"
+ "full-revisionid": "beaa911202e6cffa54953c69039b9cd65ce53d5c",
+ "version": "1.3.8"
 }
 '''  # END VERSION_JSON
 

{drb_driver_http-1.3.7 → drb_driver_http-1.3.8}/drb/drivers/http/http.py

@@ -21,6 +21,12 @@ from tenacity import retry, stop_after_attempt, stop_after_delay, \
 from drb.exceptions.http import DrbHttpServerException, \
     DrbHttpNodeException, DrbHttpAuthException
 
+# Default (connect, read) timeout in seconds for outbound HTTP requests.
+# Without it a slow or malicious server blocks the calling thread forever.
+# This driver is the OGC/odata trunk, so the timeout propagates to the
+# wms/wcs/wmts/wxs/odata drivers built on top of it.
+_HTTP_TIMEOUT = (10, 60)
+
 
 class EmptyAuth(AuthBase):
     """
@@ -40,7 +46,8 @@ class EmptyAuth(AuthBase):
        retry=retry_if_exception_type(DrbHttpNodeException))
 def get(path: str, auth: AuthBase, redirect, headers, params: Dict[str, Any]):
     return requests.get(path, stream=True, auth=auth, allow_redirects=redirect,
-                        headers=headers, params=params)
+                        headers=headers, params=params,
+                        timeout=_HTTP_TIMEOUT)
 
 
 @retry(stop=stop_after_attempt(5),
@@ -54,6 +61,7 @@ def head(path: str, auth: AuthBase, redirect, params: Dict[str, Any]):
         path,
         auth=auth,
         allow_redirects=redirect,
+        timeout=_HTTP_TIMEOUT,
         **params
     )
 
@@ -261,11 +269,12 @@ class DrbHttpNode(AbstractNode):
 
     def __init__(self, path, auth: AuthBase = None,
                  redirect=True,
-                 params: Dict[str, Any] = {}):
+                 params: Dict[str, Any] = None):
         super().__init__()
         self._path = path
         self._auth = auth
-        self._params = params
+        # Avoid a shared mutable default (B006): a new dict per instance.
+        self._params = params if params is not None else {}
         self._children = []
         self._redirect = redirect
         self.add_impl(io.BytesIO, _to_stream)
@@ -389,7 +398,8 @@ class DrbHttpNode(AbstractNode):
                                  headers=headers,
                                  json=data,
                                  allow_redirects=redirect,
-                                 auth=auth)
+                                 auth=auth,
+                                 timeout=_HTTP_TIMEOUT)
         return DrbHttpResponse(path=url, response=response)
 
 

{drb_driver_http-1.3.7 → drb_driver_http-1.3.8/drb_driver_http.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: drb-driver-http
-Version: 1.3.7
+Version: 1.3.8
 Summary: DRB Http driver
 Author: GAEL Systems
 Author-email: drb-python@gael.fr

{drb_driver_http-1.3.7 → drb_driver_http-1.3.8}/drb_driver_http.egg-info/SOURCES.txt

@@ -25,6 +25,7 @@ tests/test_drb_http_basic_auth.py
 tests/test_drb_http_bearer.py
 tests/test_drb_http_factory.py
 tests/test_drb_http_keyring.py
+tests/test_drb_http_security.py
 tests/test_drb_http_signature.py
 tests/test_drb_https_signature.py
 tests/test_drb_impl_http.py

drb_driver_http-1.3.8/tests/test_drb_http_security.py

@@ -0,0 +1,45 @@
+import unittest
+from unittest.mock import patch, MagicMock
+
+from drb.drivers.http import DrbHttpNode
+from drb.drivers.http.http import get, head, EmptyAuth, _HTTP_TIMEOUT
+
+
+class TestHttpTimeout(unittest.TestCase):
+    """Every outbound request must carry an explicit timeout (SEC-001)."""
+
+    @patch('drb.drivers.http.http.requests')
+    def test_get_passes_timeout(self, mock_requests):
+        get('http://example.org', EmptyAuth(), True, None, {})
+        self.assertEqual(_HTTP_TIMEOUT,
+                         mock_requests.get.call_args.kwargs['timeout'])
+
+    @patch('drb.drivers.http.http.requests')
+    def test_head_passes_timeout(self, mock_requests):
+        head('http://example.org', EmptyAuth(), True, {})
+        self.assertEqual(_HTTP_TIMEOUT,
+                         mock_requests.head.call_args.kwargs['timeout'])
+
+    @patch('drb.drivers.http.http.requests')
+    def test_post_passes_timeout(self, mock_requests):
+        resp = MagicMock()
+        resp.headers.items.return_value = []
+        resp.content = b''
+        mock_requests.post.return_value = resp
+        DrbHttpNode.post('http://example.org', data={})
+        self.assertEqual(_HTTP_TIMEOUT,
+                         mock_requests.post.call_args.kwargs['timeout'])
+
+
+class TestHttpParamsDefault(unittest.TestCase):
+    """params must not be a shared mutable default (B006)."""
+
+    def test_params_not_shared_between_instances(self):
+        n1 = DrbHttpNode('http://a')
+        n2 = DrbHttpNode('http://b')
+        n1.params['k'] = 'v'
+        self.assertEqual({}, n2.params)
+
+
+if __name__ == '__main__':
+    unittest.main()

{drb_driver_http-1.3.7 → drb_driver_http-1.3.8}/tests/test_drb_impl_http.py

@@ -218,4 +218,5 @@ class TestDrbHttp(unittest.TestCase):
             headers={'Content-Type': 'application/json'},
             json='{"test1": "value1", "test2": "value2"}',
             allow_redirects=True,
-            auth=None)
+            auth=None,
+            timeout=(10, 60))