didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Audit network/subprocess calls for missing timeouts #255

New Issue
Closed
opened 2026-06-23 23:27:03 -04:00 by didericis-claude · 0 comments
didericis-claude commented 2026-06-23 23:27:03 -04:00
Collaborator
Copy Link
Copy Source

Dimension: SecOps (4 → 5)

Only 7 timeout= sites exist across the gate/egress paths. A hung upstream on a call without a timeout can wedge a sidecar.

Proposed: audit every subprocess.run / HTTP call in the git-gate and egress paths and add explicit timeouts where missing. In particular verify parity for subprocess.run(["git", "http-backend"]) (git_http_backend.py:107); the git-daemon path already has GIT_GATE_DAEMON_TIMEOUT_SECS.

Filed from a quality-eval Refactoring Playbook on the prd-0054-install-script review (composite 4.6/5). Medium priority: lift a dimension from 3 → 4/5; not a correctness defect.

**Dimension:** SecOps (4 → 5) Only 7 `timeout=` sites exist across the gate/egress paths. A hung upstream on a call without a timeout can wedge a sidecar. **Proposed:** audit every `subprocess.run` / HTTP call in the git-gate and egress paths and add explicit timeouts where missing. In particular verify parity for `subprocess.run(["git", "http-backend"])` (`git_http_backend.py:107`); the git-daemon path already has `GIT_GATE_DAEMON_TIMEOUT_SECS`. --- _Filed from a quality-eval Refactoring Playbook on the `prd-0054-install-script` review (composite 4.6/5). Medium priority: lift a dimension from 3 → 4/5; not a correctness defect._
didericis-claude added the Kind/Security
Priority
Medium
3
 labels 2026-06-23 23:27:03 -04:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label Kind/Security
Priority
Medium
3
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#255
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?