This project demonstrates a Secure File Upload System built using Flask. It provides a safe and user-friendly way to upload files while implementing robust security measures to mitigate vulnerabilities. Key features include file validation, secure storage, and vulnerability testing.
- Supported File Types:
.png,.jpg,.jpeg,.gif,.pdf,.txt. - File Size Limit: Restricts uploads to a maximum of 5 MB.
- Filename Sanitization: Utilizes
secure_filenameto prevent path traversal attacks.
- File Type Validation: Ensures uploaded files have allowed extensions.
- Content Verification: Placeholder for validating that file content matches the claimed type (e.g., MIME type).
- Storage Location: Stores files in a non-public directory (
uploads/) to prevent unauthorized access. - Malware Scanning: Placeholder for implementing antivirus or malware scans.
- Simulates vulnerabilities by testing with malicious and safe files.
- Includes mitigation strategies to prevent file upload attacks:
- Validate file extensions and MIME types.
- Limit file sizes.
- Store files outside the web root.
- Sanitize filenames.
- Perform malware scans on uploaded files.
- Provides a simple web page (
index.html) for uploading files. - Returns informative JSON responses for errors or successful uploads.
Renders the homepage for file uploads.
Handles secure file uploads via POST requests and returns success or error messages in JSON format.
Lists mitigation strategies for file upload vulnerabilities and provides guidance for secure file handling practices.
Simulates uploads of test files (malicious and safe) for vulnerability testing to demonstrate the system's behavior.
- Flask: Backend framework for HTTP request handling and rendering templates.
- Werkzeug: Provides utilities for secure filename handling.
- Python: Implements server-side logic and validations.
- Clone the Repository:
git clone https://github.com/rahul07890-dev/File-Upload-Security
cd File-Upload-Security- Install Dependencies:
pip install -r requirements.txt- Run the Application:
python app.py- Access the Web Interface:
Open your browser and go to
http://127.0.0.1:5000/to start using the app.
secure-file-upload/
|
├── app.py # Main Flask application
├── uploads/ # Directory for storing uploaded files
├── templates/ # HTML templates
| └── index.html # Frontend template for file uploads
├── requirements.txt # Python dependencies
└── README.md # Project documentation
- Real-Time Malware Scanning: Integrate a malware detection system.
- Logging and Monitoring: Track suspicious file uploads.
- Cloud Integration: Add support for uploading files to cloud storage (e.g., AWS S3, Google Cloud Storage).
- Improved Frontend: Enhance the user interface for better user experience.
Contributions are welcome! Feel free to fork this repository, create a branch, and submit a pull request with your improvements or new features.
This project is licensed under the Apache License 2.0. See the LICENSE file for details.
- Flask Documentation: For guidance on secure file handling.
- Open-Source Community: For inspiration and tools to build secure web applications.