A library that overrides the default behaviors of the requests library, and adds new security features.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for NyanKiyoshi from gravatar.com NyanKiyoshi Avatar for patrys from gravatar.com patrys

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Saleor Commerce
  • Requires: Python >=3.8
Classifiers

Project description

Latest Version Supported Python Versions Supported Implementations

requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features.

Installation

The project is available on PyPI:

pip install requests-hardened

Features

Overrides of Defaults

This library allows to override some default values from the requests library that can have a security impact:

  • Config.never_redirect = False always reject HTTP redirects

  • Config.default_timeout = (2, 10) sets the default timeout value when no value or None is passed

  • Config.user_agent_override = None optional config to override User-Agent header. When set to None, requests library will set its default user-agent.

SSRF Filters

A SSRF IP filter can be used to reject HTTP(S) requests targeting private and loopback IP addresses.

Settings:

  • Config.ip_filter_enable whether or not to filter the IP addresses

  • ip_filter_allow_localhost whether or not to allow loopback IP addresses

Example Usage

from requests_hardened import Config, Manager

# Creates a global "manager" that can be used to create ``requests.Session``
# objects with hardening in place.
DefaultManager = Manager(
    Config(
        default_timeout=(2, 10),
        never_redirect=False,
        ip_filter_enable=True,
        ip_filter_allow_localhost=False,
        user_agent_override=None
    )
)

# Sends an HTTP request without re-using ``requests.Session``:
resp = DefaultManager.send_request("GET", "https://example.com")
print(resp)

# Sends HTTP requests with reusable ``requests.Session``:
with DefaultManager.get_session() as sess:
    sess.request("GET", "https://example.com")
    sess.request("POST", "https://example.com", json={"foo": "bar"})

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for NyanKiyoshi from gravatar.com NyanKiyoshi Avatar for patrys from gravatar.com patrys

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Saleor Commerce
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

1.0.0b4 pre-release

This version

1.0.0b3 pre-release

1.0.0b2 pre-release

1.0.0b1 pre-release

1.0.0b0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requests-hardened-1.0.0b3.tar.gz (12.9 kB view details)

Uploaded Source

File details

Details for the file requests-hardened-1.0.0b3.tar.gz.

File metadata

  • Download URL: requests-hardened-1.0.0b3.tar.gz
  • Upload date:
  • Size: 12.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/4.0.2 CPython/3.11.9

File hashes

Hashes for requests-hardened-1.0.0b3.tar.gz
Algorithm Hash digest
SHA256 125057fb864e4283c926021f594c9e4695432036f13fd76fee3ef738510231e2
MD5 a902f7ad04ef96ecc5e8aec9d3696413
BLAKE2b-256 212f6776a62373650d8bc9cbd15037ddc59ee5b7f7886926155e1084527cbcdf

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page