A library that overrides the default behaviors of the ``requests`` library, and adds new security features.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for NyanKiyoshi from gravatar.com NyanKiyoshi Avatar for patrys from gravatar.com patrys

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Saleor Commerce
  • Requires: Python >=3.8
Classifiers

Project description

requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features.

Features

Overrides of Defaults

This library allows to override some default values from the requests library that can have a security impact:

  • Config.never_allow_redirects = False always reject HTTP redirects

  • Config.default_timeout = (2, 10) sets the default timeout value when no value or None is passed

SSRF Filters

A SSRF IP filter can be used to reject HTTP(S) requests targeting private and loopback IP addresses.

Settings:

  • Config.ip_filter_enable whether or not to filter the IP addresses

  • ip_filter_allow_localhost whether or not to allow loopback IP addresses

Example Usage

from requests_hardened import Config, Manager

# Creates a global "manager" that can be used to create ``requests.Session``
# objects with hardening in place.
DefaultManager = Manager(
    Config(
        default_timeout=(2, 10),
        never_allow_redirects=False,
        ip_filter_enable=True,
        ip_filter_allow_localhost=False,
    )
)

# Sends an HTTP request without re-using ``requests.Session``:
resp = DefaultManager.send_request("GET", "https://example.com")
print(resp)

# Sends HTTP requests with reusable ``requests.Session``:
with DefaultManager.get_session() as sess:
    sess.request("GET", "https://example.com")
    sess.request("POST", "https://example.com", json={"foo": "bar"})

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for NyanKiyoshi from gravatar.com NyanKiyoshi Avatar for patrys from gravatar.com patrys

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Saleor Commerce
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

1.0.0b4 pre-release

1.0.0b3 pre-release

1.0.0b2 pre-release

1.0.0b1 pre-release

This version

1.0.0b0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requests-hardened-1.0.0b0.tar.gz (11.6 kB view details)

Uploaded Source

File details

Details for the file requests-hardened-1.0.0b0.tar.gz.

File metadata

  • Download URL: requests-hardened-1.0.0b0.tar.gz
  • Upload date:
  • Size: 11.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/4.0.2 CPython/3.11.5

File hashes

Hashes for requests-hardened-1.0.0b0.tar.gz
Algorithm Hash digest
SHA256 7c8934bb3918235ecaba14f7890d678fe556584c154a1ab511838897649e10c9
MD5 4e97d02c7ca75821a42570dbe2213e5e
BLAKE2b-256 7487986d31f3ab4b91efdaad9a086728ca3004d27764ab9125a9c7ce1ec1f0c8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page