🔍 Code Extractor

function allowed_file_v1

Maturity: 34

Validates whether a given filename has an allowed file extension by checking if the extension exists in a configured whitelist.

File:
/tf/active/vicechatdev/full_smartstat/app.py
Lines:
103 - 106
Complexity:
simple

Purpose

This function provides security validation for file uploads by ensuring only files with approved extensions are accepted. It prevents potentially malicious files from being uploaded by checking the file extension against a predefined list of allowed extensions stored in app_config.ALLOWED_EXTENSIONS. This is a common pattern in web applications that handle file uploads.

Source Code

def allowed_file(filename):
    """Check if file extension is allowed"""
    return '.' in filename and \
           filename.rsplit('.', 1)[1].lower() in app_config.ALLOWED_EXTENSIONS

Parameters

Name Type Default Kind
filename - - positional_or_keyword

Parameter Details

filename: A string representing the name of the file to validate, including its extension (e.g., 'document.pdf', 'image.jpg'). The filename should contain at least one dot (.) separating the name from the extension. Can be a full path or just a filename.

Return Value

Returns a boolean value: True if the filename contains a dot AND the extension (the part after the last dot, converted to lowercase) is present in app_config.ALLOWED_EXTENSIONS; False otherwise. Returns False for filenames without extensions or with disallowed extensions.

Dependencies

  • config

Required Imports

from config import Config

Usage Example

from config import Config

# Initialize config with allowed extensions
app_config = Config()
app_config.ALLOWED_EXTENSIONS = {'pdf', 'png', 'jpg', 'jpeg', 'txt', 'csv'}

def allowed_file(filename):
    """Check if file extension is allowed"""
    return '.' in filename and \
           filename.rsplit('.', 1)[1].lower() in app_config.ALLOWED_EXTENSIONS

# Example usage
print(allowed_file('document.pdf'))  # True
print(allowed_file('image.PNG'))     # True (case-insensitive)
print(allowed_file('script.exe'))    # False
print(allowed_file('noextension'))   # False
print(allowed_file('file.tar.gz'))   # Checks only 'gz' extension

Best Practices

  • Always use this function before processing uploaded files to prevent security vulnerabilities
  • Combine with werkzeug.utils.secure_filename() to sanitize filenames before storage
  • Ensure app_config.ALLOWED_EXTENSIONS contains only lowercase extensions for consistent matching
  • This function only checks extensions, not file content - consider adding MIME type validation for stronger security
  • Be aware that this checks only the last extension (e.g., for 'file.tar.gz', only 'gz' is checked)
  • Consider the security implications of each allowed extension - avoid executable file types
  • This is a first-line defense; implement additional server-side validation and virus scanning for production systems

Tags

file-validation security file-upload extension-check whitelist input-validation web-security flask

Similar Components

AI-powered semantic similarity - components with related functionality:

  • function allowed_file 91.3% similar

    Validates whether a filename has an allowed file extension by checking if it contains a dot and if the extension (case-insensitive) exists in a predefined ALLOWED_EXTENSIONS collection.

    From: /tf/active/vicechatdev/leexi/app.py

  • function is_valid_document_file 59.9% similar

    Validates whether a given filename has an extension corresponding to a supported document type by checking against a predefined list of valid document extensions.

    From: /tf/active/vicechatdev/CDocs/utils/__init__.py

  • function api_upload_document_v1 51.5% similar

    Flask API endpoint that handles document file uploads, validates file type and size, stores the file temporarily, and extracts basic text content for processing.

    From: /tf/active/vicechatdev/vice_ai/new_app.py

  • function test_multiple_file_upload 49.9% similar

    A test function that validates multiple file upload functionality to a Flask application endpoint by sending a transcript file and multiple previous report files.

    From: /tf/active/vicechatdev/leexi/test_flask_upload.py

  • function api_upload 49.0% similar

    Flask API endpoint that handles file uploads, validates file types, saves files to a configured directory structure, and automatically indexes the uploaded document for search/retrieval.

    From: /tf/active/vicechatdev/docchat/app.py
← Back to Browse