Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
django-middleware-fileuploadvalidation
Advanced tools
A Django middleware to validate user file uploads and detect malicious content.
This Django middleware provides robust validation and sanitization for file uploads. It is designed to ensure the security and integrity of files uploaded through Django applications by performing various checks, validations, and sanitization processes.
:warning: Breaking Changes in Version 1.0.0: We've introduced a significant update to the upload configuration method. This change transitions from a per-path basis in the settings.py to a more flexible per-view basis using decorators. You can now configure uploads directly at the view level using decorators, offering more granular control. Please update your implementations accordingly to accommodate these changes. Examples of the new configuration method can be found in the Configuration section below.
This package can be installed via pip:
pip install django-middleware-fileuploadvalidation
Then add django_middleware_fileuploadvalidation.middleware.FileUploadValidationMiddleware
to the end of your MIDDLEWARE
in settings.py.
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
...,
'django_middleware_fileuploadvalidation.middleware.FileUploadValidationMiddleware',
]
DMF supports the detection of malicious files based on custom YARA signatures.
Common document/PDF signature matching is already supported due to the integration of the QuickSand framework.
Custom YARA signatures can be placed under /vendor/yara/
. A collection of useful YARA signatures can be found in the awesome-yara repository. The validation module will scan all files in the directory and compile the respective signatures.
DMF also utilizes the ClamAV anti-virus engine. If you would like to enable ClamAV through DMF, follow our ClamAV installation instructions: ClamAV Install Guide
By default, the upload configuration is set to the following:
{
"clamav": False,
"file_size_limit": None,
"filename_length_limit": None,
"keep_original_filename": False,
"response_config": {
"error_func": HttpResponseForbidden,
"message": "File upload blocked",
"redirect_on_block": None,
"status": 403,
},
"sanitization": True,
"uploadlogs_mode": "blocked",
"whitelist_name": "RESTRICTED",
"whitelist": [],
}
The middleware can be configured by adding a decorator to the respective view function that should be protected. Each field can be individually configured by passing the respective parameter to the decorator.
from django.http import HttpResponseForbidden
from django_middleware_fileuploadvalidation.decorators import file_upload_config
@file_upload_config()
def upload_default_view(request):
# View logic for uploading files
...
@file_upload_config(
file_size_limit=2000000,
keep_original_filename=True,
response_config={
"error_func": HttpResponseForbidden,
"message": "Please upload an image.",
"status": 403,
},
whitelist=["application/pdf"]
)
def upload_pdf_view(request):
# View logic for uploading PDF files
...
@file_upload_config(
filename_length_limit=100,
response_config={
"message": "Please upload an image.",
"redirect_on_block": 'file_list',
"status": 403,
},
uploadlogs_mode='always',
whitelist_name='IMAGE_ALL',
)
def upload_image_view(request):
# View logic for uploading images
...
clamav
: ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. By default, ClamAV is disabled. However, if you want to enable it, you can do so by setting this to True.file_size_limit
: Defines the maximum allowed file size in kilobytes (kB). Files larger than this limit will be rejected. By default, there is no file size limit set.filename_length_limit
: Defines the maximum allowed character length of the file name. By default, there is no file length limit set.keep_original_filename
: By default, DMF will rename the uploaded file to a random string. If you would like to keep the original filename, set this to True.response_config
: Customizes the response behavior on file upload validation failure. Options include:
sanitization
: DMF supports sanitization of images and PDF documents. By default, DMF will block malicious files. However, activating the sanitization will instead sanitze files and upload them consequently.uploadlogs_mode
: Uploads can also be logged, to better analyze attempts afterwards. There are three different stages, which can be logged. By default, this setting is set to 'blocked'.
whitelist_name
: DMF provides pre-defined whitelists. These can be used to prevent certain files from being uploaded. Each view can use an individual whitelist. This allows to have multiple upload forms with different whitelists. The following whitelists are available. By default, the whitelist is set to 'RESTRICTIVE'.
whitelist
: If you want to use a custom whitelist, you can define it here. The whitelist must be a list of strings. Each string must be a valid MIME type. For example: ["application/pdf", "image/png"]
. This setting will override the whitelist_name
setting.FAQs
A Django middleware to validate user file uploads and detect malicious content.
We found that django-middleware-fileuploadvalidation demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.