update .gitignore

Author: sahildari

.gitignore

@@ -1,16 +1,58 @@
-log/
-Uploads/
-build/
+# Python
+__pycache__/
+*.py[cod]
+*.pyo
+*.pyd
 *.egg-info/
 *.egg
-*.log
+*.env/
+*.venv/
+venv/
+.env
+.Python
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Java
 target/
-!**/.mvn/** */
-!**/src/main/**/target/
-!**/src/test/**/target/
-!**/target/** */
+*.class
+*.jar
+*.war
+*.ear
+*.iml
+.gradle/
+.mvn/
+.mvn/wrapper/
+
+# Logs and temp files
+*.log
+*.tmp
+*.swp
+*.swo
 
-!**/src/main/**/build/
-!**/src/test/**/build/
+# OS-specific files
+.DS_Store
+Thumbs.db
+ehthumbs.db
+*.bak
 
+# Editor and IDE files
 .vscode/
+.idea/
+*.sublime-workspace
+
+# Flask, Django, and web framework cache
+instance/
+db.sqlite3
+*.sqlite3
+
+# Compiled files
+*.out
+*.o
+*.so
+*.dll
+
+# Ignore uploads and user-generated content
+uploads/
+media/
+staticfiles/

Unrestriced File Upload/python/build/lib/unrestricted/__init__.py

@@ -0,0 +1,5 @@
+from .src.pathmanipulation import(
+    is_valid_name,
+    is_valid_extension,
+    valid_filename
+)

Unrestriced File Upload/python/build/lib/unrestricted/fileupload/__init__.py

@@ -0,0 +1,80 @@
+#!/usr/bin/env python3
+
+from flask import Flask, request, jsonify, render_template
+import os
+import tempfile
+from werkzeug.exceptions import RequestEntityTooLarge
+import logging
+from .pathmanipulation import is_valid_name, is_valid_extension, valid_filename, get_unique_filename, get_magic_number, is_valid_magic_number
+
+app = Flask(__name__)
+TEMPDIR = tempfile.gettempdir()
+UPLOADDIR = os.path.join(TEMPDIR + "/uploads/")
+LOGDIR = os.path.join(TEMPDIR + "/logs/")
+
+os.makedirs(UPLOADDIR, exist_ok=True)
+os.makedirs(LOGDIR, exist_ok=True)
+
+app.config["UPLOAD_DIRECTORY"] = UPLOADDIR
+app.config["MAX_CONTENT_LENGTH"] = 5 * 1024 * 1024  # 5 MB
+loglocation = os.path.join(LOGDIR + "app.log")
+logging.basicConfig(
+    level=logging.INFO,
+    handlers= [
+        logging.FileHandler(loglocation),
+        logging.StreamHandler()
+        ]
+    )
+
+logger = logging.getLogger(__name__)
+
+@app.route("/", methods=["GET"])
+def main():
+    """Render the index.html page."""
+    return render_template("index.html")
+
+@app.errorhandler(413)
+def request_entity_too_large(error):
+    return jsonify({"error": "File size exceeds the limit"}), 413
+
+@app.route("/upload_file", methods=["POST"])
+def upload_file():
+    max_length = request.max_content_length
+    """Handles file upload with validation."""
+    try:
+        logger.info("upload_file() method started")
+
+        if "file" not in request.files:
+            return jsonify({"error": "No file part"}), 400
+
+        file = request.files["file"]
+        if file.filename == "":
+            return jsonify({"error": "No selected file"}), 400
+        
+        if request.content_length > max_length:
+            return jsonify({"error": "File size exceeds the limit"}), 400
+        
+        if (file is None or not is_valid_name(file.filename)):
+            return jsonify({"error" : "Invalid Filename"}), 400
+        
+        if (file is None or not is_valid_extension(file.filename)):
+            return jsonify({"error" : "Invalid Extension"}), 400
+
+        if file and is_valid_name(file.filename) and is_valid_extension(file.filename):
+            ext = valid_filename(file.filename).rsplit(".", 1)[1].lower()
+            if (is_valid_magic_number(file, ext) or is_valid_magic_number(file, ext) or is_valid_magic_number(file, ext)):
+                unique_filename = get_unique_filename(app.config["UPLOAD_DIRECTORY"], valid_filename(file.filename))
+                safe_file_path = os.path.join(app.config["UPLOAD_DIRECTORY"], unique_filename)
+                file.save(safe_file_path)
+                logger.info(f"File '{unique_filename}' uploaded successfully at {safe_file_path}")
+                return jsonify({"success": "File uploaded successfully"}), 200
+            else:
+                return jsonify({"error" : "Invalid File Type"}), 400
+        else:
+            return jsonify({"error": "Invalid file format"}), 400
+    except RequestEntityTooLarge as e:
+        logger.error(f"File upload error: {str(e)}")
+        return jsonify({"error": "File size exceeds the limit"}), 413
+    except Exception as e:
+        logger.error(f"File upload error: {str(e)}")
+        return jsonify({"error": "Internal server error"}), 500

Unrestriced File Upload/python/build/lib/unrestricted/fileupload/src/__init__.py

@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+
+import re
+import os
+
+# Define Magic Numbers for allowed  file types
+MAGIC_NUMBERS = {
+    "png" : bytes([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A]),
+    "jpg" : bytes([0xFF, 0xD8, 0xFF]),
+    "pdf" : bytes([0x25, 0x50, 0x44, 0x46])
+}
+
+FILENAME_REGEX_PATTERN = r"^[a-zA-Z0-9\-\_]+$"
+ALLOWED_EXTENSIONS = set(MAGIC_NUMBERS.keys()) # this example allows the text and pdf files
+MAX_READ_SIZE = max(len(m) for m in MAGIC_NUMBERS.values()) 
+
+"""This function checks if the filename is valid and doesn't contain any dot character in the name."""
+def is_valid_name(filename: str) -> bool:
+    name = filename.rsplit('.', 1)[0]
+    regex_match = re.search(FILENAME_REGEX_PATTERN, name)
+    return True if(regex_match != None) else False
+
+"""This function checks for the valid file extensions."""
+def is_valid_extension(filename: str) -> bool:
+    ext = filename.rsplit(".", 1)[1].lower()
+    return True if (ext in ALLOWED_EXTENSIONS) else False
+
+def valid_filename(filename: str) -> str:
+    name, ext = filename.rsplit('.', 1)
+    name = re.sub(r"\.", "", name)
+    if "%" in name:
+        name = re.sub(r"\%", "", name)
+    if "%" in ext:
+        ext = re.sub(r"\%", "", ext).lower()
+    regex_match = re.search(FILENAME_REGEX_PATTERN, name)
+    return f"{regex_match.group(0)}.{ext}" # returns the sanitized filename with the extension for upload 
+
+def get_unique_filename(directory: str, filename: str) -> str:
+    name, ext = filename.rsplit(".", 1)
+    unique_filename = f"{name}.{ext}"
+    count = 1
+
+    while os.path.exists(os.path.join(directory, unique_filename)):
+        unique_filename = f"{name}_{count}.{ext}"
+        count += 1
+
+    return unique_filename
+
+"""Reads the first few bytes of the file to determine its magic number."""
+def get_magic_number(file) -> str:
+    file.seek(0)  # Reset file pointer
+    magic_number = file.read(MAX_READ_SIZE)  # Read the first 8 bytes (maximum magic number length)
+    file.seek(0)  # Reset pointer again after reading
+    return magic_number
+
+"""Checks if the file's magic number matches the expected magic number."""
+def is_valid_magic_number(file, extension: str) -> bool:
+    expected_magic = MAGIC_NUMBERS.get(extension)
+    if expected_magic:
+        return get_magic_number(file).startswith(expected_magic)
+    return False