HttpClient builder - setReadTimeout() missing #105
Comments
|
Hi Dawid, This was a leftover artifact from my incomplete cleanup, thank you for spotting it. I wanted to collapse all the okhttpclient timeouts into a single timeout "ConnectionTimeout" to keep the API simple so that it is easier for users to configure tsunami as well as easier to switch to a different httpclient in the future. Currently all the timeouts inside okhttpclient are set to the same value as what's defined by the connection timeouts. We currently set the timeout to 180s for production tsunami runs. Let me know if you think there's a strong reason to make different types of timeout configurable as a tsunami user. Otherwise I will remove the Read & Write timeout options from tsunami cli, and only keep the connection timeout option to remove the confusion. |
Hi
I've been developing some vuln detectors / plugins.
It seems that HttpClient is currently missing setReadTimeout() method as I wasn't able to set it via:
this.httpClient = httpClient.modify().setReadTimeout(Duration.ofSeconds(15)).build();As some services take longer to respond, or to process user input, it is important to have the option to increase read timeouts to prevent false positives when attempting to exploit RCE issues etc.
I found the following reference to this issue within Tsunami scanner code in
tsunami-security-scanner/common/src/main/java/com/google/tsunami/common/net/http/OkHttpHttpClient.java:
So it appears that this issue is already being tracked under 145315535 somewhere.
Thanks
Dawid
The text was updated successfully, but these errors were encountered: