Missing timeouts in HTTP requests across multiple providers #63033
Description
Description
During a deep static analysis of the provider hooks, I found that numerous HTTP requests are made using the requests library without specifying a timeout parameter.
Making HTTP requests without a timeout can cause the executing thread (and consequently, the Airflow worker task) to hang indefinitely if the remote server takes too long to respond or drops packets without closing the connection. This can lead to resource starvation, 'zombie' tasks, and reduced pipeline reliability.
Severity: Medium/Critical (depending on network environment)
Locations Found
providers/apache/druid/src/airflow/providers/apache/druid/hooks/druid.py:requests.get(Line 168) andrequests.post(Lines 145, 174)providers/databricks/src/airflow/providers/databricks/utils/openlineage.py:requests.get(Line 91)providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py:requests.get(Lines 399, 2321)providers/cncf/kubernetes/src/airflow/providers/cncf/kubernetes/hooks/kubernetes.py:requests.get(Line 781)providers/google/src/airflow/providers/google/cloud/hooks/dataprep.py:requests.getandrequests.post(Lines 102, 120, 138, 152, 175, 201, 214, 235, 250, 265, 280)
Proposed Fix
Enforce default timeouts (e.g., timeout=30) on all outbound requests.get and requests.post calls in provider hooks and utils, and/or parse standard timeout settings from connection extras where applicable.