Provides an adapter for requests that won't allow connections to "unsafe" networks.
Project description
requests-safe
This project provides an HTTPAdapter for the Requests library that will disallow connections to networks that are considered unsafe to connect to.
The primary use case is to safely be able to retrieve items from a user provided URL without potentially requesting internal or secret resources within ones own network.
Usage
It’s very simple to use this library, install it as part of your project and then the following code will protect all requests against accidentally retrieving something from an IP address in the ranges listed below!
import requests_safe
from requests import Session
with Session() as s:
requests_safe.apply(s)
s.get("https://google.com/")
There is unfortunately no global way to apply this, so using requests.get() and friends directly will not be protected by default.
IPv4 unsafe networks
These are the IPv4 networks that are blocked from being conneted to:
Name |
Network (CIDR) |
RFC1918 (private network) |
10.0.0.0/8 |
RFC1918 |
172.16.0.0/12 |
RFC1918 |
192.168.0.0/16 |
Link-Local |
169.254.0.0/16 |
CG-NAT address space |
100.64.0.0/10 |
Localhost/loopback |
127.0.0.0/8 |
Wildcard IP |
0.0.0.0/32 |
IETF Protocol Assignments |
192.0.0.0/24 |
TEST-NET-1 |
192.0.2.0/24 |
RESERVED |
192.88.99.0/24 |
Benchmark testing |
198.18.0.0/15 |
TEST-NET-2 |
198.51.100.0/24 |
TEST-NET-3 |
203.0.113.0/24 |
IP Multicast |
224.0.0.0/4 |
RESERVED |
240.0.0.0/4 |
Limited broadcast |
255.255.255.255/32 |
IPv6 unsafe networks
These are the IPv6 networks that are blocked from being connected to:
Name |
Network (CIDR) |
Localhost/unspecified address |
::/128 |
Loopback |
::1/128 |
IPv4 mapped address |
::ffff:0:0/96 |
IPv4 translated addresses |
::ffff:0:0:0/96 |
IPv4/IPv6 translation |
64:ff9b::/96 |
Discard prefix |
100::/64 |
Teredo tunneling |
2001::/32 |
Orchid v2 (abondoned) |
2001:20::/28 |
Documentation |
2001:db8::/32 |
6to4 addressing scheme |
2002::/16 |
ULA address space |
fc00::/7 |
Link-local address space |
fe80::/10 |
Global multicast |
ff00::/8 |
0.2 (2019-04-24)
Project is open sourced!
No further changes from 0.1
0.1 (2019-04-23)
Internal Crunch.io only version.
New HTTP Adapter for the Requests library.
Copyright (c) 2019 Crunch
Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for requests_safe-0.2-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4c7deeaaf6731653fa5bd046f7cd3bf5f2fc66b5d55921a64c8b94584a58f4d6 |
|
MD5 | 8b2b488e823dcf08b92c97f430dc8483 |
|
BLAKE2b-256 | 3911bf8df578b7cc5f3639e242123492578ee7083c34e2b64e80e43e2b9b9eee |