0
0
Flaskframework~5 mins

Secure filename handling in Flask - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
Why should you never trust user-uploaded filenames directly in Flask?
User-uploaded filenames can contain unsafe characters or paths that may lead to security risks like directory traversal attacks. Always sanitize filenames before saving.
Click to reveal answer
beginner
What Flask utility helps to secure filenames before saving them?
Flask provides the werkzeug.utils.secure_filename() function to clean filenames by removing unsafe characters and ensuring a safe, simple filename.
Click to reveal answer
beginner
What does secure_filename('my file.txt') return?
It returns my_file.txt, replacing spaces with underscores and removing unsafe characters.
Click to reveal answer
intermediate
How does secure_filename() protect against directory traversal?
It strips out path separators like / or \, preventing attackers from navigating outside the intended upload folder.
Click to reveal answer
intermediate
What is a good practice besides using secure_filename() when handling file uploads?
Always store uploaded files in a dedicated folder with restricted permissions and validate file types to avoid malicious content.
Click to reveal answer
Which function in Flask helps sanitize filenames for safe saving?
Asecure_filename()
Bsanitize_path()
Cclean_filename()
Dsafe_path()
What does secure_filename('..\secret.txt') return to prevent directory traversal?
Asecret.txt
B.._secret.txt
C..\secret.txt
Dsecret
Why is it unsafe to save uploaded files using their original filenames directly?
AThey might overwrite system files
BThey might contain unsafe characters or paths
CThey might be too long
DThey might be in uppercase
Which of these is NOT a recommended practice for secure file uploads in Flask?
AUsing secure_filename()
BValidating file types
CSaving files in a public folder without restrictions
DRestricting upload folder permissions
What does secure_filename() do with spaces in filenames?
ARemoves them
BReplaces them with dashes
CLeaves them as is
DReplaces them with underscores
Explain why and how you should use secure_filename() in Flask when handling file uploads.
Think about what could happen if you save files with user-given names directly.
You got /4 concepts.
    Describe additional security steps besides using secure_filename() to safely handle uploaded files in Flask.
    Consider how to protect your server and users from malicious files.
    You got /4 concepts.