0
0
Flaskframework~20 mins

Secure filename handling in Flask - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Secure Filename Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What does this Flask code output when uploading a file named '../../secret.txt'?

Consider this Flask snippet that uses secure_filename from werkzeug.utils to sanitize uploaded filenames.

from flask import Flask, request
from werkzeug.utils import secure_filename

app = Flask(__name__)

@app.route('/upload', methods=['POST'])
def upload():
    file = request.files['file']
    filename = secure_filename(file.filename)
    return filename

If a user uploads a file named ../../secret.txt, what will be the returned filename?

Flask
from flask import Flask, request
from werkzeug.utils import secure_filename

app = Flask(__name__)

@app.route('/upload', methods=['POST'])
def upload():
    file = request.files['file']
    filename = secure_filename(file.filename)
    return filename
Asecret-txt
B../../secret.txt
Csecret_txt
Dsecret.txt
Attempts:
2 left
💡 Hint

Think about how secure_filename removes directory paths and unsafe characters.

📝 Syntax
intermediate
1:30remaining
Which option correctly imports and uses secure_filename in Flask?

You want to safely handle uploaded filenames in Flask. Which code snippet correctly imports and uses secure_filename?

A
from werkzeug.utils import secure_filename
filename = secure_filename(uploaded_file.filename)
B
from flask.utils import secure_filename
filename = secure_filename(uploaded_file.filename)
C
from werkzeug import secure_filename
filename = secure_filename(uploaded_file.filename)
D
import werkzeug
filename = werkzeug.utils.secure_filename(uploaded_file.filename)
Attempts:
2 left
💡 Hint

Check the correct module path for secure_filename in modern Flask/Werkzeug.

🔧 Debug
advanced
2:30remaining
Why does this Flask upload code raise a FileNotFoundError when saving?

Look at this Flask route that saves an uploaded file:

@app.route('/upload', methods=['POST'])
def upload():
    file = request.files['file']
    filename = secure_filename(file.filename)
    file.save(filename)
    return 'Saved'

Sometimes this raises FileNotFoundError. Why?

Flask
@app.route('/upload', methods=['POST'])
def upload():
    file = request.files['file']
    filename = secure_filename(file.filename)
    file.save(filename)
    return 'Saved'
AThe file object is closed before save is called.
Bsecure_filename returns None, causing save to fail.
CThe current directory may not exist or be writable, so saving without a full path fails.
DFlask requires an absolute path for file.save, relative paths are disallowed.
Attempts:
2 left
💡 Hint

Think about where the file is saved and if that location exists.

state_output
advanced
2:00remaining
What is the value of filename after this code runs?

Given this code snippet:

from werkzeug.utils import secure_filename

original = 'my..file...name.tar.gz'
filename = secure_filename(original)

What is the value of filename?

Flask
from werkzeug.utils import secure_filename

original = 'my..file...name.tar.gz'
filename = secure_filename(original)
Amy.file.name.tar.gz
Bmy..file...name.tar.gz
Cmy-file-name.tar.gz
Dmy_file_name_tar_gz
Attempts:
2 left
💡 Hint

Consider how secure_filename handles multiple dots and special characters.

🧠 Conceptual
expert
1:30remaining
Why is using secure_filename important in Flask file uploads?

Which of the following best explains why using secure_filename is critical when handling uploaded files in Flask?

AIt validates the file content type to prevent malware.
BIt prevents directory traversal attacks by removing path separators and unsafe characters from filenames.
CIt encrypts the filename to protect user privacy.
DIt compresses the file to save storage space.
Attempts:
2 left
💡 Hint

Think about what risks come from unsafe filenames in uploads.