A library that overrides the default behaviors of the requests library, and adds new security features.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for NyanKiyoshi from gravatar.com NyanKiyoshi Avatar for patrys from gravatar.com patrys

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Saleor Commerce
  • Requires: Python >=3.8
Classifiers

Project description

Latest Version Supported Python Versions Supported Implementations

requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features.

Installation

The project is available on PyPI:

pip install requests-hardened

Features

Overrides of Defaults

This library allows to override some default values from the requests library that can have a security impact:

  • Config.never_redirect = False always reject HTTP redirects

  • Config.default_timeout = (2, 10) sets the default timeout value when no value or None is passed

SSRF Filters

A SSRF IP filter can be used to reject HTTP(S) requests targeting private and loopback IP addresses.

Settings:

  • Config.ip_filter_enable whether or not to filter the IP addresses

  • ip_filter_allow_localhost whether or not to allow loopback IP addresses

Example Usage

from requests_hardened import Config, Manager

# Creates a global "manager" that can be used to create ``requests.Session``
# objects with hardening in place.
DefaultManager = Manager(
    Config(
        default_timeout=(2, 10),
        never_redirect=False,
        ip_filter_enable=True,
        ip_filter_allow_localhost=False,
    )
)

# Sends an HTTP request without re-using ``requests.Session``:
resp = DefaultManager.send_request("GET", "https://example.com")
print(resp)

# Sends HTTP requests with reusable ``requests.Session``:
with DefaultManager.get_session() as sess:
    sess.request("GET", "https://example.com")
    sess.request("POST", "https://example.com", json={"foo": "bar"})

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for NyanKiyoshi from gravatar.com NyanKiyoshi Avatar for patrys from gravatar.com patrys

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Saleor Commerce
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

1.0.0b4 pre-release

1.0.0b3 pre-release

1.0.0b2 pre-release

This version

1.0.0b1 pre-release

1.0.0b0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requests-hardened-1.0.0b1.tar.gz (12.1 kB view details)

Uploaded Source

File details

Details for the file requests-hardened-1.0.0b1.tar.gz.

File metadata

  • Download URL: requests-hardened-1.0.0b1.tar.gz
  • Upload date:
  • Size: 12.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/4.0.2 CPython/3.11.5

File hashes

Hashes for requests-hardened-1.0.0b1.tar.gz
Algorithm Hash digest
SHA256 a8a02e1e7817017f2693f7416eef2957b6586d0dedec9bd96da3e25f92010987
MD5 7327bbb03f4ecb371bd718fee02c336b
BLAKE2b-256 b0bd476207449cf0974a4877598b55762fb3558fdef92ead7fcd96e7d84ca3a6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page