Secure file field, which allows you to restrict uploaded file extensions.
Project description
Secure file field, which allows you to restrict uploaded file extensions. It may be useful for user-uploaded files (attachments).
This package adds model and forms field. What this fields does:
restricts allowed file extensions (for example: only *.pdf files)
checks file extensions is correct for sent content-type
checks sent content type is correct for file content (detects by libmagic)
checks uploaded file with anti-virus software
This project continues https://github.com/rvause/django-safe-filefield.
Installation
The package can be installed using:
pip install django-safe-filefield-new
Add the following settings:
INSTALLED_APPS += [
'safe_filefield',
]
django-safe-filefield-new requires libmagic to be installed.
Usage
Simply add field to your model:
from safe_filefield.models import SafeFileField
class MyModel(models.Model):
attachment = SafeFileField(
allowed_extensions=('xls', 'xlsx', 'csv')
)
Or directly to your form:
from safe_filefield.forms import SafeFileField
class MyForm(forms.Form):
attachment = SafeFileField(
allowed_extensions=('xls', 'xlsx', 'csv')
)
Content type checking
To check actual file content type, use check_content_type argument. This will prevent attacker from uploading malicious file just by changing its extension.
class MyForm(forms.Form):
attachment = SafeFileField(
check_content_type=True
)
ClamAV support
This package has ability to check uploaded file with ClamAV antivirus.
To use anti-virus protection simply enable it in your form or model definition:
from safe_filefield.forms import SafeFileField
class MyForm(forms.Form):
attachment = SafeFileField(
scan_viruses=True,
)
You can configure some ClamAV settings:
CLAMAV_SOCKET = 'unix://tmp/clamav.sock' # or tcp://127.0.0.1:3310
CLAMAV_TIMEOUT = 30 # 30 seconds timeout, None by default which means infinite
Contributing
If you have any valuable contribution, suggestion or idea, please let me know as well because I will look into it.
Pull requests are welcome.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-safe-filefield-new-0.4.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | d5ace4f6985de5e566ba6db7b8141b2ff9f8e23b36300d3e3fa2d9cf29e1c9b5 |
|
MD5 | cb50f266eecc0e0964d7c12e1ff12f8e |
|
BLAKE2b-256 | 9a270a983ab05848ae03e437c088fd98925564af59ce71058c7130ebc680936e |
Hashes for django_safe_filefield_new-0.4.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f39e652afe96a82d04d91c253ef426707dd472e00561a6072a3c22c7a7aa68f4 |
|
MD5 | 61d7c4a3a144b485dcb1d7a2e904c6f6 |
|
BLAKE2b-256 | 2f3d179d3ec2b27770f73f0b0c2ba10bac14e3d271ae9a02fff7d746e562f307 |