django-safe-filefield

Secure file field, which allows you to restrict uploaded file extensions.

These details have not been verified by PyPI

Project links

Homepage

Project description

Secure file field, which allows you to restrict uploaded file extensions. It may be useful for user-uploaded files (attachments).

This package adds model and forms field. What this fields does:

restricts allowed file extensions (for example: only *.pdf files)

checks file extensions is correct for sent content-type

checks sent content type is correct for file content (detects by libmagic)

checks uploaded file with anti-virus software

Installation

The package can be installed using:

pip install django-safe-filefield

Add the following settings:

INSTALLED_APPS += [
    'safe_filefield',
]

django-safe-filefield requires libmagic to be installed.

Usage

Simply add field to your model:

from safe_filefield.models import SafeFileField

class MyModel(models.Model):

    attachment = SafeFileField(
        allowed_extensions=('xls', 'xlsx', 'csv')
    )

Or directly to your form:

from safe_filefield.forms import SafeFileField

class MyForm(forms.Form):

    attachment = SafeFileField(
        allowed_extensions=('xls', 'xlsx', 'csv')
    )

Content type checking

To check actual file content type, use check_content_type argument. This will prevent attacker from uploading malicious file just by changing its extension.

class MyForm(forms.Form):
    attachment = SafeFileField(
        check_content_type=True
    )

ClamAV support

This package has ability to check uploaded file with ClamAV antivirus.

To use anti-virus protection simply enable it in your form or model definition:

from safe_filefield.forms import SafeFileField

class MyForm(forms.Form):
    attachment = SafeFileField(
        scan_viruses=True,
    )

You can configure some ClamAV settings:

CLAMAV_SOCKET = 'unix://tmp/clamav.sock'  # or tcp://127.0.0.1:3310

CLAMAV_TIMEOUT = 30  # 30 seconds timeout, None by default which means infinite

Contributing

If you have any valuable contribution, suggestion or idea, please let me know as well because I will look into it.

Pull requests are welcome.

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

1.0.0

Jul 2, 2023

0.3.1

Oct 8, 2017

0.3.0

Oct 8, 2017

0.2.0

Oct 8, 2017

0.1.2

Oct 7, 2017

0.1.1

Oct 7, 2017

0.1.0

Oct 1, 2017

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-safe-filefield-1.0.0.tar.gz (5.5 kB view details)

Uploaded Jul 2, 2023 Source

Built Distribution

django_safe_filefield-1.0.0-py3-none-any.whl (6.8 kB view details)

Uploaded Jul 2, 2023 Python 3

File details

Details for the file django-safe-filefield-1.0.0.tar.gz.

File metadata

Download URL: django-safe-filefield-1.0.0.tar.gz
Upload date: Jul 2, 2023
Size: 5.5 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.11.3

File hashes

Hashes for django-safe-filefield-1.0.0.tar.gz
Algorithm	Hash digest
SHA256	`f27b7770693b28716a5db8bd81f83b9bd501067284f6b69bf67a9ca4f21e415d`
MD5	`e4c02fa858eceea110e49b41b21743ed`
BLAKE2b-256	`15efeb5db1212eafb23e2cd6cea51c4a8c333c7ae402f2805dd268222815e3d5`

See more details on using hashes here.

File details

Details for the file django_safe_filefield-1.0.0-py3-none-any.whl.

File metadata

Download URL: django_safe_filefield-1.0.0-py3-none-any.whl
Upload date: Jul 2, 2023
Size: 6.8 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.11.3

File hashes

Hashes for django_safe_filefield-1.0.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`d08b0034e845ba78d2ab6e144b305bb5d7ee4a999c14861de22f8dc905a1ffe2`
MD5	`5ce70633b50ee40819afbcbba7ec4e38`
BLAKE2b-256	`131437c03153aaa513e3a4ea1c215a89b26df0b810f1c0fa275f71f716a4fcd5`