From 710f9490e923e32fe9f1f87f7a0561620ec0c489 Mon Sep 17 00:00:00 2001
From: Aaron Holmes <aholmes@mednet.ucla.edu>
Date: Thu, 26 Sep 2024 10:03:17 -0700
Subject: [PATCH] Resolve Bandit warnings regarding `requests` timeout.

Closes #123
---
 src/identity/Ligare/identity/SAML2/__init__.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/identity/Ligare/identity/SAML2/__init__.py b/src/identity/Ligare/identity/SAML2/__init__.py
index fb63fb51..1caba239 100644
--- a/src/identity/Ligare/identity/SAML2/__init__.py
+++ b/src/identity/Ligare/identity/SAML2/__init__.py
@@ -11,6 +11,8 @@
 from saml2.client import Saml2Client as PySaml2Client
 from saml2.config import Config as PySaml2Config
 
+_SAML2_REQUESTS_TIMEOUT = 10
+
 
 class SAML2Client:
     """
@@ -38,7 +40,10 @@ def _get_saml_client(self, serialized_settings: bytes):
         override_settings = loads(serialized_settings)
 
         if not self._metadata and self._metadata_url:
-            rv: Response = cast(Response, requests.get(self._metadata_url))  # pyright: ignore[reportUnnecessaryCast] - pyright cli reports this is unnecessary, but vscode extension says otherwise
+            rv: Response = cast(
+                Response,
+                requests.get(self._metadata_url, timeout=_SAML2_REQUESTS_TIMEOUT),
+            )  # pyright: ignore[reportUnnecessaryCast]
             self._metadata = rv.text
 
         if not self._metadata: