Skip to content

hakobe/paranoidhttp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Paranoidhttp

Build Status Coverage Status MIT License GoDoc

Paranoidhttp provides a pre-configured http.Client that protects you from harm.

Description

Paranoidhttp is a factory of http.Client that is paranoid againt attackers. This is useful when you create an HTTP request using inputs from possibly malicious users.

The created http.Client protects you from connecting to internal IP ranges even though redirects or DNS tricks are used.

Synopsis

// use the default client for ease
res, err := paranoidhttp.DefaultClient.Get("http://www.hatena.ne.jp")

// or customize the client for yourself
client, transport, dialer := paranoidhttp.NewClient()
client.Timeout = 10 * time.Second
transport.DisableCompression = true
dialer.KeepAlive = 60 * time.Second

// Add an permitted ipnets with functional option
ipNet, _ := net.ParseCIDR("127.0.0.1/32")
client, _, _ := paranoidhttp.New(
    paranoidhttp.PermittedIPNets(ipNet))

Acknowledgement

I want to thank LWPx::ParanoidAgent.

License

MIT

Author

hakobe

About

Paranoidhttp provides a pre-configured http.Client that protects you from harm.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published