From ba251185d759e3223a30c64d1b1809f2a7f9f7ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tr=E1=BA=A7n=20B=C3=A1ch?=
 <45133811+barttran2k@users.noreply.github.com>
Date: Tue, 7 Apr 2026 13:07:44 +0700
Subject: [PATCH] fix(security): no timeout on http requests leading to
 potential d
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Multiple scripts make HTTP requests using `requests.get()` and `requests.post()` without specifying a `timeout` parameter. If the remote server is unresponsive, the script will block indefinitely, potentially causing resource exhaustion or hanging CI/CD pipelines.

Affected files: Identify_Old_Issue_And_PR.py

Signed-off-by: Trần Bách <45133811+barttran2k@users.noreply.github.com>
---
 scripts/Identify_Old_Issue_And_PR.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/Identify_Old_Issue_And_PR.py b/scripts/Identify_Old_Issue_And_PR.py
index f2c418f6e9..cf6b36948f 100644
--- a/scripts/Identify_Old_Issue_And_PR.py
+++ b/scripts/Identify_Old_Issue_And_PR.py
@@ -51,7 +51,7 @@ def is_old_pull_request(issue):
 
 # Grab the list of open Issues/PR
 buffer = "Grab the list of open Issues/PR via the GitHub API...\n"
-response = requests.get(ISSUE_API)
+response = requests.get(ISSUE_API, timeout=30)
 if response.status_code != 200:
     print("Cannot load the list of Issues/PR content: HTTP %s received!" % response.status_code)
     sys.exit(1)
@@ -91,7 +91,7 @@ def is_old_pull_request(issue):
         color = "warning"
     message = "{\"text\": \"Old PR and Issue identification watchdog\",\"attachments\": [ {\"fallback\": \"%s\",\"color\":\"%s\",\"title\": \"Status\",\"text\": \"%s\"}]}" % (color, buffer, buffer)
     request_headers = {"Content-Type": "application/json"}
-    response = requests.post(sys.argv[1], headers=request_headers, data=message)
+    response = requests.post(sys.argv[1], headers=request_headers, data=message, timeout=30)
     if response.status_code != 200:
         print("Cannot send notification to slack: HTTP %s received!" % response.status_code)
         sys.exit(2)
\ No newline at end of file