0
0
Flaskframework~20 mins

Allowed file types validation in Flask - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
File Upload Validator Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the output when uploading a .txt file?
Given this Flask code snippet that validates allowed file types, what will be the response if a user uploads a file named notes.txt?
Flask
from flask import Flask, request
app = Flask(__name__)

ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif'}

def allowed_file(filename):
    return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS

@app.route('/upload', methods=['POST'])
def upload_file():
    file = request.files.get('file')
    if file and allowed_file(file.filename):
        return 'File accepted'
    else:
        return 'File type not allowed', 400
AFile type not allowed
BFile accepted
C500 Internal Server Error
DNo file uploaded
Attempts:
2 left
💡 Hint
Check the allowed extensions set and the file extension of the uploaded file.
📝 Syntax
intermediate
2:00remaining
Which option correctly checks allowed file extensions?
Which of the following functions correctly returns True only if the filename has an allowed extension from the set {'pdf', 'docx', 'txt'}?
A
def allowed_file(filename):
    return filename.split('.')[-1].lower() in {'pdf', 'docx', 'txt'}
B
}'txt' ,'xcod' ,'fdp'{ ni )(rewol.]1-[)'.'(tilps.emanelif nruter    
:)emanelif(elif_dewolla fed
C
def allowed_file(filename):
    return filename.endswith(('.pdf', '.docx', '.txt'))
D
def allowed_file(filename):
    return '.' in filename and filename.rsplit('.', 1)[1].lower() in {'pdf', 'docx', 'txt'}
Attempts:
2 left
💡 Hint
Consider case sensitivity and filenames without extensions.
🔧 Debug
advanced
2:00remaining
Why does this file validation always fail?
Consider this code snippet. Why does the file validation always reject files even if they have allowed extensions?
Flask
ALLOWED_EXTENSIONS = {'png', 'jpg'}

def allowed_file(filename):
    ext = filename.split('.')[-1]
    return ext in ALLOWED_EXTENSIONS

# Example usage:
print(allowed_file('image.PNG'))  # Returns False
ABecause the extension check is case sensitive and 'PNG' != 'png'
BBecause the split method is incorrect and does not get the extension
CBecause the allowed extensions set is empty
DBecause the function does not check if filename contains a dot
Attempts:
2 left
💡 Hint
Think about how string comparison works with uppercase and lowercase letters.
state_output
advanced
2:00remaining
What is the value of result after running this code?
Given the following Flask helper function and usage, what is the value of result?
Flask
ALLOWED_EXTENSIONS = {'pdf', 'docx'}

def allowed_file(filename):
    if '.' not in filename:
        return False
    ext = filename.rsplit('.', 1)[1].lower()
    return ext in ALLOWED_EXTENSIONS

result = [allowed_file(f) for f in ['report.PDF', 'summary.docx', 'image.png', 'README']]
A[False, True, False, False]
B[True, True, True, False]
C[True, True, False, False]
D[False, False, False, False]
Attempts:
2 left
💡 Hint
Check extension case handling and filenames without extensions.
🧠 Conceptual
expert
3:00remaining
Which approach best prevents security risks in file uploads?
When validating allowed file types in Flask uploads, which approach best reduces security risks?
ACheck only the file extension from the filename string
BCheck the file extension and also verify the file's MIME type from the request
CAllow all file types and rely on server-side antivirus scanning
DRename the file to a random name without checking its type
Attempts:
2 left
💡 Hint
Think about how attackers can disguise file types.