django-safe-filefield
=====================
.. image:: https://github.com/mixkorshun/django-safe-filefield/actions/workflows/flake8.yml/badge.svg?branch=master
:alt: flake8
:target: https://github.com/mixkorshun/django-safe-filefield
.. image:: https://github.com/mixkorshun/django-safe-filefield/actions/workflows/pytest.yml/badge.svg?branch=master
:alt: pytest
:target: https://github.com/mixkorshun/django-safe-filefield
.. image:: https://badge.fury.io/py/django-safe-filefield.svg
:alt: pypi
:target: https://pypi.python.org/pypi/django-safe-filefield
.. image:: https://img.shields.io/badge/code%20style-pep8-orange.svg
:alt: pep8
:target: https://www.python.org/dev/peps/pep-0008/
.. image:: https://img.shields.io/badge/License-MIT-yellow.svg
:alt: MIT
:target: https://opensource.org/licenses/MIT
Secure file field, which allows you to restrict uploaded file extensions.
It may be useful for user-uploaded files (attachments).
This package adds model and forms field. What this fields does:
* restricts allowed file extensions (for example: only \*.pdf files)
* checks file extensions is correct for sent content-type
* checks sent content type is correct for file content (detects by `libmagic`)
* checks uploaded file with anti-virus software
Installation
------------
The package can be installed using:
.. code-block::
pip install django-safe-filefield
Add the following settings:
.. code-block:: python
INSTALLED_APPS += [
'safe_filefield',
]
**django-safe-filefield** requires `libmagic` to be installed.
Usage
-----
Simply add field to your model:
.. code-block:: python
from safe_filefield.models import SafeFileField
class MyModel(models.Model):
attachment = SafeFileField(
allowed_extensions=('xls', 'xlsx', 'csv')
)
Or directly to your form:
.. code-block:: python
from safe_filefield.forms import SafeFileField
class MyForm(forms.Form):
attachment = SafeFileField(
allowed_extensions=('xls', 'xlsx', 'csv')
)
Content type checking
+++++++++++++++++++++
To check actual file content type, use `check_content_type` argument. This
will prevent attacker from uploading malicious file just by changing its
extension.
.. code-block:: python
class MyForm(forms.Form):
attachment = SafeFileField(
check_content_type=True
)
ClamAV support
++++++++++++++
.. note:: To use this functionality you should have `clamd` daemon.
This package has ability to check uploaded file with ClamAV antivirus.
To use anti-virus protection simply enable it in your form or model definition:
.. code-block:: python
from safe_filefield.forms import SafeFileField
class MyForm(forms.Form):
attachment = SafeFileField(
scan_viruses=True,
)
You can configure some ClamAV settings:
.. code-block:: python
CLAMAV_SOCKET = 'unix://tmp/clamav.sock' # or tcp://127.0.0.1:3310
CLAMAV_TIMEOUT = 30 # 30 seconds timeout, None by default which means infinite
Contributing
------------
If you have any valuable contribution, suggestion or idea,
please let me know as well because I will look into it.
Pull requests are welcome.
Raw data
{
"_id": null,
"home_page": "https://github.com/mixkorshun/django-safe-filefield",
"name": "django-safe-filefield",
"maintainer": "Vladislav Bakin",
"docs_url": null,
"requires_python": "",
"maintainer_email": "mixkorshun@gmail.com",
"keywords": "django,filefield,model-field,form-field",
"author": "Vladislav Bakin",
"author_email": "mixkorshun@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/15/ef/eb5db1212eafb23e2cd6cea51c4a8c333c7ae402f2805dd268222815e3d5/django-safe-filefield-1.0.0.tar.gz",
"platform": null,
"description": "django-safe-filefield\n=====================\n.. image:: https://github.com/mixkorshun/django-safe-filefield/actions/workflows/flake8.yml/badge.svg?branch=master\n :alt: flake8\n :target: https://github.com/mixkorshun/django-safe-filefield\n.. image:: https://github.com/mixkorshun/django-safe-filefield/actions/workflows/pytest.yml/badge.svg?branch=master\n :alt: pytest\n :target: https://github.com/mixkorshun/django-safe-filefield\n.. image:: https://badge.fury.io/py/django-safe-filefield.svg\n :alt: pypi\n :target: https://pypi.python.org/pypi/django-safe-filefield\n.. image:: https://img.shields.io/badge/code%20style-pep8-orange.svg\n :alt: pep8\n :target: https://www.python.org/dev/peps/pep-0008/\n.. image:: https://img.shields.io/badge/License-MIT-yellow.svg\n :alt: MIT\n :target: https://opensource.org/licenses/MIT\n\nSecure file field, which allows you to restrict uploaded file extensions.\nIt may be useful for user-uploaded files (attachments).\n\nThis package adds model and forms field. What this fields does:\n\n * restricts allowed file extensions (for example: only \\*.pdf files)\n * checks file extensions is correct for sent content-type\n * checks sent content type is correct for file content (detects by `libmagic`)\n * checks uploaded file with anti-virus software\n\nInstallation\n------------\n\nThe package can be installed using:\n\n.. code-block::\n\n pip install django-safe-filefield\n\n\nAdd the following settings:\n\n.. code-block:: python\n\n INSTALLED_APPS += [\n 'safe_filefield',\n ]\n\n\n**django-safe-filefield** requires `libmagic` to be installed.\n\nUsage\n-----\n\nSimply add field to your model:\n\n.. code-block:: python\n\n from safe_filefield.models import SafeFileField\n\n class MyModel(models.Model):\n\n attachment = SafeFileField(\n allowed_extensions=('xls', 'xlsx', 'csv')\n )\n\nOr directly to your form:\n\n.. code-block:: python\n\n from safe_filefield.forms import SafeFileField\n\n class MyForm(forms.Form):\n\n attachment = SafeFileField(\n allowed_extensions=('xls', 'xlsx', 'csv')\n )\n\nContent type checking\n+++++++++++++++++++++\n\nTo check actual file content type, use `check_content_type` argument. This\nwill prevent attacker from uploading malicious file just by changing its\nextension.\n\n.. code-block:: python\n\n class MyForm(forms.Form):\n attachment = SafeFileField(\n check_content_type=True\n )\n\nClamAV support\n++++++++++++++\n\n.. note:: To use this functionality you should have `clamd` daemon.\n\nThis package has ability to check uploaded file with ClamAV antivirus.\n\nTo use anti-virus protection simply enable it in your form or model definition:\n\n.. code-block:: python\n\n from safe_filefield.forms import SafeFileField\n\n class MyForm(forms.Form):\n attachment = SafeFileField(\n scan_viruses=True,\n )\n\n\nYou can configure some ClamAV settings:\n\n.. code-block:: python\n\n CLAMAV_SOCKET = 'unix://tmp/clamav.sock' # or tcp://127.0.0.1:3310\n\n CLAMAV_TIMEOUT = 30 # 30 seconds timeout, None by default which means infinite\n\n\nContributing\n------------\n\nIf you have any valuable contribution, suggestion or idea,\nplease let me know as well because I will look into it.\n\nPull requests are welcome.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Secure file field, which allows you to restrict uploaded file extensions.",
"version": "1.0.0",
"project_urls": {
"Homepage": "https://github.com/mixkorshun/django-safe-filefield"
},
"split_keywords": [
"django",
"filefield",
"model-field",
"form-field"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "131437c03153aaa513e3a4ea1c215a89b26df0b810f1c0fa275f71f716a4fcd5",
"md5": "5ce70633b50ee40819afbcbba7ec4e38",
"sha256": "d08b0034e845ba78d2ab6e144b305bb5d7ee4a999c14861de22f8dc905a1ffe2"
},
"downloads": -1,
"filename": "django_safe_filefield-1.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "5ce70633b50ee40819afbcbba7ec4e38",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 6807,
"upload_time": "2023-07-02T15:58:25",
"upload_time_iso_8601": "2023-07-02T15:58:25.728492Z",
"url": "https://files.pythonhosted.org/packages/13/14/37c03153aaa513e3a4ea1c215a89b26df0b810f1c0fa275f71f716a4fcd5/django_safe_filefield-1.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "15efeb5db1212eafb23e2cd6cea51c4a8c333c7ae402f2805dd268222815e3d5",
"md5": "e4c02fa858eceea110e49b41b21743ed",
"sha256": "f27b7770693b28716a5db8bd81f83b9bd501067284f6b69bf67a9ca4f21e415d"
},
"downloads": -1,
"filename": "django-safe-filefield-1.0.0.tar.gz",
"has_sig": false,
"md5_digest": "e4c02fa858eceea110e49b41b21743ed",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 5487,
"upload_time": "2023-07-02T15:58:27",
"upload_time_iso_8601": "2023-07-02T15:58:27.392538Z",
"url": "https://files.pythonhosted.org/packages/15/ef/eb5db1212eafb23e2cd6cea51c4a8c333c7ae402f2805dd268222815e3d5/django-safe-filefield-1.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-07-02 15:58:27",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "mixkorshun",
"github_project": "django-safe-filefield",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"test_requirements": [
{
"name": "pytest",
"specs": [
[
"==",
"7.4.0"
]
]
},
{
"name": "pytest-django",
"specs": [
[
"==",
"4.5.2"
]
]
},
{
"name": "pytest-cov",
"specs": [
[
"==",
"4.1.0"
]
]
}
],
"lcname": "django-safe-filefield"
}
JSON
