Skip to main content

Secure file field, which allows you to restrict uploaded file extensions.

Project description

build status code coverage pypi pep8 MIT

Secure file field, which allows you to restrict uploaded file extensions. It may be useful for user-uploaded files (attachments).

This package adds model and forms field. What this fields does:

  • restricts allowed file extensions (for example: only *.pdf files)

  • checks file extensions is correct for sent content-type

  • checks sent content type is correct for file content (detects by libmagic)

  • checks uploaded file with anti-virus software

This project continues https://github.com/rvause/django-safe-filefield.

Installation

The package can be installed using:

pip install django-safe-filefield-new

Add the following settings:

INSTALLED_APPS += [
    'safe_filefield',
]

django-safe-filefield-new requires libmagic to be installed.

Usage

Simply add field to your model:

from safe_filefield.models import SafeFileField

class MyModel(models.Model):

    attachment = SafeFileField(
        allowed_extensions=('xls', 'xlsx', 'csv')
    )

Or directly to your form:

from safe_filefield.forms import SafeFileField

class MyForm(forms.Form):

    attachment = SafeFileField(
        allowed_extensions=('xls', 'xlsx', 'csv')
    )

Content type checking

To check actual file content type, use check_content_type argument. This will prevent attacker from uploading malicious file just by changing its extension.

class MyForm(forms.Form):
    attachment = SafeFileField(
        check_content_type=True
    )

ClamAV support

This package has ability to check uploaded file with ClamAV antivirus.

To use anti-virus protection simply enable it in your form or model definition:

from safe_filefield.forms import SafeFileField

class MyForm(forms.Form):
    attachment = SafeFileField(
        scan_viruses=True,
    )

You can configure some ClamAV settings:

CLAMAV_SOCKET = 'unix://tmp/clamav.sock'  # or tcp://127.0.0.1:3310

CLAMAV_TIMEOUT = 30  # 30 seconds timeout, None by default which means infinite

Contributing

If you have any valuable contribution, suggestion or idea, please let me know as well because I will look into it.

Pull requests are welcome.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-safe-filefield-new-0.4.1.tar.gz (4.6 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file django-safe-filefield-new-0.4.1.tar.gz.

File metadata

File hashes

Hashes for django-safe-filefield-new-0.4.1.tar.gz
Algorithm Hash digest
SHA256 d5ace4f6985de5e566ba6db7b8141b2ff9f8e23b36300d3e3fa2d9cf29e1c9b5
MD5 cb50f266eecc0e0964d7c12e1ff12f8e
BLAKE2b-256 9a270a983ab05848ae03e437c088fd98925564af59ce71058c7130ebc680936e

See more details on using hashes here.

File details

Details for the file django_safe_filefield_new-0.4.1-py3-none-any.whl.

File metadata

File hashes

Hashes for django_safe_filefield_new-0.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 f39e652afe96a82d04d91c253ef426707dd472e00561a6072a3c22c7a7aa68f4
MD5 61d7c4a3a144b485dcb1d7a2e904c6f6
BLAKE2b-256 2f3d179d3ec2b27770f73f0b0c2ba10bac14e3d271ae9a02fff7d746e562f307

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page