python.redis.missing_ttl

Stability Medium

Detects redis.set() without ex, px, exat, or pxat parameter.

Why It Matters

Keys without TTL accumulate indefinitely:

• Memory exhaustion — Redis memory grows without bound
• OOM crashes — Redis becomes unresponsive when memory fills
• Stale data — Old data persists long after it should expire
• Eviction chaos — When Redis hits maxmemory, random keys get evicted

Redis is an in-memory store. Every key without TTL is a memory leak.

Example

# ❌ Before
redis.set(f"session:{user_id}", session_data)

This key will exist forever unless explicitly deleted.

# ✅ After
redis.set(f"session:{user_id}", session_data, ex=3600)  # 1 hour

Session expires automatically after 1 hour.

What Unfault Detects

• redis.set() without TTL parameters
• redis.setex() (deprecated but OK)
• redis.hset() without later expire() call
• redis.lpush(), redis.sadd() etc. without expiration

TTL Parameters

# Seconds
redis.set("key", "value", ex=3600)  # 1 hour

# Milliseconds
redis.set("key", "value", px=500)  # 500ms

# Unix timestamp (seconds)
redis.set("key", "value", exat=1704067200)  # Jan 1, 2024

# Unix timestamp (milliseconds)
redis.set("key", "value", pxat=1704067200000)

Auto-Fix

Unfault adds ex=3600 (1 hour default). Adjust based on your data lifecycle.

Best Practices

# Cache with TTL based on data freshness needs
redis.set("user:profile:123", data, ex=300)  # 5 min for frequently updated

# Sessions with reasonable expiry
redis.set("session:abc", data, ex=86400)  # 24 hours

# Rate limiting windows
redis.set("ratelimit:user:123", count, ex=60)  # 1 minute window

# For data that should persist, use a database instead
# Redis is not a primary data store

Related Rules

• go.redis.missing_ttl
• python.unbounded_cache