Skip to main content

Provides an adapter for requests that won't allow connections to "unsafe" networks.

Project description

requests-safe

This project provides an HTTPAdapter for the Requests library that will disallow connections to networks that are considered unsafe to connect to.

The primary use case is to safely be able to retrieve items from a user provided URL without potentially requesting internal or secret resources within ones own network.

Usage

It’s very simple to use this library, install it as part of your project and then the following code will protect all requests against accidentally retrieving something from an IP address in the ranges listed below!

import requests_safe
from requests import Session

with Session() as s:
    requests_safe.apply(s)

    s.get("https://google.com/")

There is unfortunately no global way to apply this, so using requests.get() and friends directly will not be protected by default.

IPv4 unsafe networks

These are the IPv4 networks that are blocked from being conneted to:

Name Network (CIDR)
RFC1918 (private network) 10.0.0.0/8
RFC1918 172.16.0.0/12
RFC1918 192.168.0.0/16
Link-Local 169.254.0.0/16
CG-NAT address space 100.64.0.0/10
Localhost/loopback 127.0.0.0/8
Wildcard IP 0.0.0.0/32
IETF Protocol Assignments 192.0.0.0/24
TEST-NET-1 192.0.2.0/24
RESERVED 192.88.99.0/24
Benchmark testing 198.18.0.0/15
TEST-NET-2 198.51.100.0/24
TEST-NET-3 203.0.113.0/24
IP Multicast 224.0.0.0/4
RESERVED 240.0.0.0/4
Limited broadcast 255.255.255.255/32

IPv6 unsafe networks

These are the IPv6 networks that are blocked from being connected to:

Name Network (CIDR)
Localhost/unspecified address ::/128
Loopback ::1/128
IPv4 mapped address ::ffff:0:0/96
IPv4 translated addresses ::ffff:0:0:0/96
IPv4/IPv6 translation 64:ff9b::/96
Discard prefix 100::/64
Teredo tunneling 2001::/32
Orchid v2 (abondoned) 2001:20::/28
Documentation 2001:db8::/32
6to4 addressing scheme 2002::/16
ULA address space fc00::/7
Link-local address space fe80::/10
Global multicast ff00::/8

0.2 (2019-04-24)

Project is open sourced!

  • No further changes from 0.1

0.1 (2019-04-23)

Internal Crunch.io only version.

  • New HTTP Adapter for the Requests library.

Copyright (c) 2019 Crunch

Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Project details


Release history Release notifications

This version

0.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for requests-safe, version 0.2
Filename, size File type Python version Upload date Hashes
Filename, size requests_safe-0.2-py2.py3-none-any.whl (6.4 kB) File type Wheel Python version py2.py3 Upload date Hashes View hashes
Filename, size requests-safe-0.2.tar.gz (9.3 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page