{"id":23158,"library":"requests-hardened","title":"requests-hardened","description":"A security-hardened wrapper around the Python requests library that overrides default behaviors to prevent SSRF attacks, enforce TLS best practices, restrict IP ranges, and add safety features. Current version 1.2.2, supports Python >=3.10, <4.0, and is maintained actively by Saleor.","status":"active","version":"1.2.2","language":"python","source_language":"en","source_url":"https://github.com/saleor/requests-hardened","tags":["requests","security","ssrf","tls","http","harden","middleware"],"install":[{"cmd":"pip install requests-hardened","lang":"bash","label":"Install from PyPI"}],"dependencies":[{"reason":"Core library that is overridden and patched.","package":"requests","optional":false}],"imports":[{"note":"Correct initialisation.","wrong":"","symbol":"Session","correct":"from requests_hardened import Session"},{"note":"Correct configuration class.","wrong":"","symbol":"Config","correct":"from requests_hardened import Config"},{"note":"IPFilter for custom IP filtering, if needed.","wrong":"","symbol":"ip_filter","correct":"from requests_hardened.ip_filter import IPFilter"}],"quickstart":{"code":"from requests_hardened import Session, Config\n\nconfig = Config(\n    user_agent='MyApp/1.0',\n    ip_filter_enabled=True,\n    ip_filter_allow_loopback=True,\n    force_tls_1_3=True\n)\n\nsession = Session(config=config)\nresponse = session.get('https://example.com')\nprint(response.status_code)","lang":"python","description":"Create a hardened requests Session with a Config object to enforce TLS and IP restrictions."},"warnings":[{"fix":"pip install 'requests-hardened>=1.2.1'","message":"Version 1.2.1 fixed CVE-2026-42175 (SSRF bypass via shared address space 100.64.0.0/10). Users on <1.2.1 are vulnerable and must upgrade.","severity":"breaking","affected_versions":"<1.2.1"},{"fix":"Use Python 3.10 or newer, or pin to <1.2.0 if stuck on 3.9.","message":"Python 3.9 support dropped in v1.2.0. Python 3.10+ required.","severity":"deprecated","affected_versions":">=1.2.0"},{"fix":"Use the provided Session class instead of relying on monkey-patched functions. Avoid mixing with other requests wrappers.","message":"The library monkey-patches the global requests module when imported. This may break other code that expects the standard requests behavior.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"pip install requests-hardened, then import as 'from requests_hardened import Session'.","cause":"Library not installed or wrong import name.","error":"ModuleNotFoundError: No module named 'requests_hardened'"},{"fix":"Ensure you import requests_hardened (or a submodule) before any requests usage. E.g., 'import requests_hardened; requests.get(...)'","cause":"Monkey-patching may not have taken effect because import order is incorrect or the library was not imported.","error":"AttributeError: module 'requests' has no attribute 'Session'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}