ref: fix types for sentry.net.socket (#93477)

I suspect our socket default code wasn't even working because it did not
match urllib3's

<!-- Describe your PR here. -->

Author: asottile-sentry

pyproject.toml

@@ -136,7 +136,6 @@ module = [
     "sentry.middleware.auth",
     "sentry.middleware.ratelimit",
     "sentry.net.http",
-    "sentry.net.socket",
     "sentry.notifications.notifications.activity.base",
     "sentry.plugins.config",
     "sentry.release_health.metrics_sessions_v2",
@@ -328,6 +327,7 @@ module = [
     "sentry.models.options.*",
     "sentry.monitors.consumers.monitor_consumer",
     "sentry.monkey.*",
+    "sentry.net.socket",
     "sentry.nodestore.*",
     "sentry.nodestore.base",
     "sentry.nodestore.bigtable.backend",

src/sentry/net/http.py

@@ -15,6 +15,7 @@
 from urllib3.exceptions import ConnectTimeoutError, NewConnectionError
 from urllib3.poolmanager import PoolManager
 from urllib3.util.connection import _set_socket_options
+from urllib3.util.timeout import _DEFAULT_TIMEOUT
 
 from sentry import VERSION as SENTRY_VERSION
 from sentry.net.socket import safe_create_connection
@@ -235,7 +236,7 @@ def _new_conn(self):
         # If provided, set socket level options before connecting.
         _set_socket_options(sock, self.socket_options)
 
-        if self.timeout is not socket._GLOBAL_DEFAULT_TIMEOUT:  # type: ignore[attr-defined]
+        if self.timeout is not _DEFAULT_TIMEOUT:
             sock.settimeout(self.timeout)
         sock.connect(self.socket_path)
         return sock

src/sentry/net/socket.py

@@ -3,13 +3,15 @@
 import functools
 import ipaddress
 import socket
+from collections.abc import Sequence
 from typing import TYPE_CHECKING
 from urllib.parse import urlparse
 
 from django.conf import settings
 from django.utils.encoding import force_str
 from urllib3.exceptions import LocationParseError
 from urllib3.util.connection import _set_socket_options, allowed_gai_family
+from urllib3.util.timeout import _DEFAULT_TIMEOUT, _TYPE_DEFAULT
 
 from sentry.exceptions import RestrictedIPAddress
 
@@ -104,12 +106,12 @@ def is_safe_hostname(hostname: str | None) -> bool:
 
 # Modifed version of urllib3.util.connection.create_connection.
 def safe_create_connection(
-    address,
-    timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
-    source_address=None,
-    socket_options=None,
+    address: tuple[str, int],
+    timeout: _TYPE_DEFAULT | float | None = _DEFAULT_TIMEOUT,
+    source_address: str | None = None,
+    socket_options: Sequence[tuple[int, int, int | bytes]] | None = None,
     is_ipaddress_permitted: IsIpAddressPermitted = None,
-):
+) -> socket.socket:
     if is_ipaddress_permitted is None:
         is_ipaddress_permitted = is_ipaddress_allowed
 
@@ -137,6 +139,7 @@ def safe_create_connection(
 
         # Begin custom code.
         ip = sa[0]
+        assert isinstance(ip, str), ip  # we aren't running ipv6-disabled python
         if not is_ipaddress_permitted(ip):
             # I am explicitly choosing to be overly aggressive here. This means
             # the first IP that matches that hits our restricted set of IP networks,
@@ -155,7 +158,7 @@ def safe_create_connection(
             # If provided, set socket level options before connecting.
             _set_socket_options(sock, socket_options)
 
-            if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT:
+            if timeout is not _DEFAULT_TIMEOUT:
                 sock.settimeout(timeout)
             if source_address:
                 sock.bind(source_address)