Metadata-Version: 2.1
Name: requests-hardened
Version: 1.0.0b5
Summary: A library that overrides the default behaviors of the requests library, and adds new security features.
License: BSD-3-Clause
Author: Saleor Commerce
Author-email: hello@saleor.io
Requires-Python: >=3.8,<4.0
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Natural Language :: English
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX
Classifier: Operating System :: POSIX :: BSD
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Security
Requires-Dist: requests (>=2.32.3,<3.0.0)
Project-URL: Changelog, https://github.com/saleor/requests-hardened/releases/
Project-URL: Homepage, https://github.com/saleor/requests-hardened/
Project-URL: Issues, https://github.com/saleor/requests-hardened/issues
Project-URL: Source, https://github.com/saleor/requests-hardened/
Description-Content-Type: text/x-rst

=================
requests-hardened
=================

|pypi-latest-version| |pypi-python-versions| |pypi-implementations|


``requests-hardened`` is a library that overrides the default behaviors of the ``requests``
library, and adds new security features.

Installation
============

The project is available on PyPI_:

.. code-block::

  pip install requests-hardened

Features
========

Overrides of Defaults
---------------------

This library allows to override some default values from the ``requests`` library
that can have a security impact:

- ``Config.never_redirect = False`` always reject HTTP redirects
- ``Config.default_timeout = (2, 10)`` sets the default timeout value when no value or ``None`` is passed
- ``Config.user_agent_override = None`` optional config to override ``User-Agent`` header. When set to ``None``, ``requests`` library will set its `default user-agent <https://github.com/psf/requests/blob/ee93fac6b2f715151f1aa9a1a06ddba9f7dcc59a/src/requests/utils.py#L886-L892>`_.

SSRF Filters
------------

A SSRF IP filter can be used to reject HTTP(S) requests targeting private and loopback
IP addresses.

Settings:

- ``Config.ip_filter_enable`` whether or not to filter the IP addresses
- ``ip_filter_allow_loopback_ips`` whether or not to allow loopback IP addresses


Example Usage
=============

.. code-block:: python

  from requests_hardened import Config, Manager

  # Creates a global "manager" that can be used to create ``requests.Session``
  # objects with hardening in place.
  DefaultManager = Manager(
      Config(
          default_timeout=(2, 10),
          never_redirect=False,
          ip_filter_enable=True,
          ip_filter_allow_loopback_ips=False,
          user_agent_override=None
      )
  )

  # Sends an HTTP request without re-using ``requests.Session``:
  resp = DefaultManager.send_request("GET", "https://example.com")
  print(resp)

  # Sends HTTP requests with reusable ``requests.Session``:
  with DefaultManager.get_session() as sess:
      sess.request("GET", "https://example.com")
      sess.request("POST", "https://example.com", json={"foo": "bar"})


.. _PyPI: https://pypi.org/project/requests-hardened

.. |pypi-latest-version| image:: https://img.shields.io/pypi/v/requests-hardened.svg
  :alt: Latest Version
  :target: `PyPI`_

.. |pypi-python-versions| image:: https://img.shields.io/pypi/pyversions/requests-hardened.svg
  :alt: Supported Python Versions
  :target: `PyPI`_

.. |pypi-implementations| image:: https://img.shields.io/pypi/implementation/requests-hardened.svg
  :alt: Supported Implementations
  :target: `PyPI`_

