Overview

File python-safehttpx.spec of Package python-safehttpx

#
# spec file for package python-safehttpx
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

%{?sle15_python_module_pythons}
Name:           python-safehttpx
Version:        0.1.6
Release:        0
Summary:        A small Python library created to help developers protect their applications from Server Side Request Forgery (SSRF) attacks
License:        MIT
URL:            https://github.com/gradio-app/safehttpx
Source:         https://files.pythonhosted.org/packages/source/s/safehttpx/safehttpx-%{version}.tar.gz
BuildRequires:  python-rpm-macros
BuildRequires:  %{python_module hatchling}
BuildRequires:  %{python_module pip}
# SECTION test requirements
BuildRequires:  %{python_module httpx}
# BuildRequires:  %%{python_module pytest}
# BuildRequires:  %%{python_module pytest-asyncio >= 0.25.3}
# /SECTION
BuildRequires:  fdupes
Requires:       python-httpx
BuildArch:      noarch
%python_subpackages

%description
A small Python library created to help developers protect their applications from Server Side Request Forgery (SSRF) attacks. It implements an **asynchronous GET method** called `safehttpx.get()`, which is a wrapper around `httpx.AsyncClient.get()` while performing DNS validation on the supplied URL using [Google DNS](https://developers.google.com/speed/public-dns).
It also implements mitigation for [DNS rebinding](https://en.wikipedia.org/wiki/DNS_rebinding) attacks.

Server Side Request Forgery (SSRF) attacks can be particularly dangerous as they allow attackers to make arbitrary HTTP requests from your server, potentially accessing sensitive internal services that are normally unreachable from the internet. This could enable attackers to scan internal networks, access metadata services in cloud environments (like "AWS Instance Metadata Service"), or hit internal APIs - all while appearing to come from your trusted server. By validating URLs against public DNS servers and implementing protections against DNS rebinding, `safehttpx` helps prevent attackers from coercing your application into making requests to internal or otherwise restricted network resources.

%prep
%autosetup -p1 -n safehttpx-%{version}

%build
%pyproject_wheel

%install
%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitelib}

%check
# Tests require internet access
# %%pytest test/test.py
%nil

%files %{python_files}
%doc README.md
%license LICENSE
%{python_sitelib}/safehttpx
%{python_sitelib}/safehttpx-%{version}.dist-info

%changelog
openSUSE Build Service is sponsored by
Places