Secure file field, which allows you to restrict uploaded file extensions.
Project description
Secure file field, which allows you to restrict uploaded file extensions. It may be useful for user-uploaded files (attachments).
This package adds model and forms field. What this fields does:
restricts allowed file extensions (for example: only *.pdf files)
checks file extensions is correct for sent content-type
checks sent content type is correct for file content (detects by libmagic)
checks uploaded file with anti-virus software
This project continues https://github.com/rvause/django-safe-filefield.
Installation
The package can be installed using:
pip install django-safe-filefield-newAdd the following settings:
INSTALLED_APPS += [
'safe_filefield',
]django-safe-filefield-new requires libmagic to be installed.
Usage
Simply add field to your model:
from safe_filefield.models import SafeFileField
class MyModel(models.Model):
attachment = SafeFileField(
allowed_extensions=('xls', 'xlsx', 'csv')
)Or directly to your form:
from safe_filefield.forms import SafeFileField
class MyForm(forms.Form):
attachment = SafeFileField(
allowed_extensions=('xls', 'xlsx', 'csv')
)Content type checking
To check actual file content type, use check_content_type argument. This will prevent attacker from uploading malicious file just by changing its extension.
class MyForm(forms.Form):
attachment = SafeFileField(
check_content_type=True
)ClamAV support
This package has ability to check uploaded file with ClamAV antivirus.
To use anti-virus protection simply enable it in your form or model definition:
from safe_filefield.forms import SafeFileField
class MyForm(forms.Form):
attachment = SafeFileField(
scan_viruses=True,
)You can configure some ClamAV settings:
CLAMAV_SOCKET = 'unix://tmp/clamav.sock' # or tcp://127.0.0.1:3310
CLAMAV_TIMEOUT = 30 # 30 seconds timeout, None by default which means infiniteContributing
If you have any valuable contribution, suggestion or idea, please let me know as well because I will look into it.
Pull requests are welcome.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-safe-filefield-new-0.4.1.tar.gz.
File metadata
- Download URL: django-safe-filefield-new-0.4.1.tar.gz
- Upload date:
- Size: 4.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.7.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d5ace4f6985de5e566ba6db7b8141b2ff9f8e23b36300d3e3fa2d9cf29e1c9b5 |
|
| MD5 | cb50f266eecc0e0964d7c12e1ff12f8e |
|
| BLAKE2b-256 | 9a270a983ab05848ae03e437c088fd98925564af59ce71058c7130ebc680936e |
Provenance
File details
Details for the file django_safe_filefield_new-0.4.1-py3-none-any.whl.
File metadata
- Download URL: django_safe_filefield_new-0.4.1-py3-none-any.whl
- Upload date:
- Size: 6.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.7.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f39e652afe96a82d04d91c253ef426707dd472e00561a6072a3c22c7a7aa68f4 |
|
| MD5 | 61d7c4a3a144b485dcb1d7a2e904c6f6 |
|
| BLAKE2b-256 | 2f3d179d3ec2b27770f73f0b0c2ba10bac14e3d271ae9a02fff7d746e562f307 |
