Cybersecurityknowledge~30 mins

File upload security in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

File Upload Security

📖 Scenario: You are working on a website that allows users to upload files. To keep the website safe, you need to understand how to check and control the files users upload.

🎯 Goal: Build a simple checklist and rules to ensure uploaded files are safe and do not harm the website or its users.

📋 What You'll Learn

Create a list of allowed file types

Set a maximum file size limit

Check the file extension against allowed types

Add a final rule to reject files that do not meet the criteria

💡 Why This Matters

🌍 Real World

Websites and apps often let users upload pictures or documents. Checking file types and sizes helps keep these platforms safe from harmful files.

💼 Career

Understanding file upload security is important for web developers, security analysts, and IT professionals to protect systems from attacks and data loss.

Progress0 / 4 steps

Create a list of allowed file types

Create a list called allowed_types that contains these exact strings: 'jpg', 'png', 'gif', and 'pdf'.

Cybersecurity

# Create the list allowed_types with 'jpg', 'png', 'gif', and 'pdf'
# Your code here

Need a hint?

Think of allowed_types as a list of file endings that are safe to accept.

Set a maximum file size limit

Create a variable called max_file_size and set it to 5_000_000 to represent 5 megabytes in bytes.

Cybersecurity

allowed_types = ['jpg', 'png', 'gif', 'pdf']
# Set max_file_size to 5,000,000 bytes
# Your code here

Need a hint?

5 megabytes is 5 million bytes. Use underscores to make the number easier to read.

Check the file extension against allowed types

Write a function called is_allowed_file that takes a parameter filename. Inside the function, get the file extension by splitting filename at the last dot and converting it to lowercase. Return True if the extension is in allowed_types, otherwise False.

Cybersecurity

allowed_types = ['jpg', 'png', 'gif', 'pdf']
max_file_size = 5_000_000

# Define is_allowed_file function
# Your code here

Need a hint?

Use rsplit('.', 1) to split from the right and get the extension.

Add the final rule to reject unsafe files

Write a function called is_file_safe that takes filename and filesize. It should return True only if is_allowed_file(filename) is True and filesize is less than or equal to max_file_size. Otherwise, return False.

Cybersecurity

allowed_types = ['jpg', 'png', 'gif', 'pdf']
max_file_size = 5_000_000

def is_allowed_file(filename):
    ext = filename.rsplit('.', 1)[-1].lower()
    return ext in allowed_types

# Define is_file_safe function
# Your code here

Need a hint?

Combine the checks for file type and size with and.