Skip to main content

Provides an adapter for requests that won't allow connections to "unsafe" networks.

Project description

requests-safe

This project provides an HTTPAdapter for the Requests library that will disallow connections to networks that are considered unsafe to connect to.

The primary use case is to safely be able to retrieve items from a user provided URL without potentially requesting internal or secret resources within ones own network.

Usage

It’s very simple to use this library, install it as part of your project and then the following code will protect all requests against accidentally retrieving something from an IP address in the ranges listed below!

import requests_safe
from requests import Session

with Session() as s:
    requests_safe.apply(s)

    s.get("https://google.com/")

There is unfortunately no global way to apply this, so using requests.get() and friends directly will not be protected by default.

IPv4 unsafe networks

These are the IPv4 networks that are blocked from being conneted to:

Name

Network (CIDR)

RFC1918 (private network)

10.0.0.0/8

RFC1918

172.16.0.0/12

RFC1918

192.168.0.0/16

Link-Local

169.254.0.0/16

CG-NAT address space

100.64.0.0/10

Localhost/loopback

127.0.0.0/8

Wildcard IP

0.0.0.0/32

IETF Protocol Assignments

192.0.0.0/24

TEST-NET-1

192.0.2.0/24

RESERVED

192.88.99.0/24

Benchmark testing

198.18.0.0/15

TEST-NET-2

198.51.100.0/24

TEST-NET-3

203.0.113.0/24

IP Multicast

224.0.0.0/4

RESERVED

240.0.0.0/4

Limited broadcast

255.255.255.255/32

IPv6 unsafe networks

These are the IPv6 networks that are blocked from being connected to:

Name

Network (CIDR)

Localhost/unspecified address

::/128

Loopback

::1/128

IPv4 mapped address

::ffff:0:0/96

IPv4 translated addresses

::ffff:0:0:0/96

IPv4/IPv6 translation

64:ff9b::/96

Discard prefix

100::/64

Teredo tunneling

2001::/32

Orchid v2 (abondoned)

2001:20::/28

Documentation

2001:db8::/32

6to4 addressing scheme

2002::/16

ULA address space

fc00::/7

Link-local address space

fe80::/10

Global multicast

ff00::/8

0.2 (2019-04-24)

Project is open sourced!

  • No further changes from 0.1

0.1 (2019-04-23)

Internal Crunch.io only version.

  • New HTTP Adapter for the Requests library.

Copyright (c) 2019 Crunch

Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Project details


Release history Release notifications | RSS feed

This version

0.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requests-safe-0.2.tar.gz (9.3 kB view hashes)

Uploaded source

Built Distribution

requests_safe-0.2-py2.py3-none-any.whl (6.4 kB view hashes)

Uploaded py2 py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page