We already know how to upload an Image in Django and how to compress the image before storing it. In this article, we will see how to validate an image before processing it.


Why validate the uploaded image?

Whenever a web application or website accepts the user input in any form, input must be validated and sanitised before processing or storing it in database. An attacker might upload malicious image which might be used to compromise the system.


How to validate the uploaded image?

Let's say, we want to accept only JPEG and PNG images. Also we do not want images of size larger than 1 MB. Define these properties in settings.py file.


WHITELISTED_IMAGE_TYPES = {
    'jpeg': 'image/jpeg',
    'jpg': 'image/jpeg',
    'png': 'image/png'
}
UPLOAD_FILE_MAX_SIZE = 1048576  # bytes - approx 1 mb


We must perform below mentioned 4 check on the image.


(1) Size

Check the size of the image. Return 400 BAD_REQUEST response if size of the uploaded image is more than the specified limit.


import json
from django.conf import settings

headers = {'content_type': 'application/json'}

def upload_image(request):
    files = request.FILES
    images = files['images']

    # print(images.size) # prints size in bytes
    if images.size > settings.UPLOAD_FILE_MAX_SIZE:
        return HttpResponse(json.dumps({'message': 'size {} larger than 1 MB'.format(images.size)}),
                                headers=headers, status=400)


image.size returns the size of image in bytes. Here this image size is being compared against a constant value, of 1MB converted to bytes, defined in settings.py file. 


(2) Extension

Check the extension of image. If the extension in not what is expected by application, return 400 response.


extension = images.name.split('.')[-1]
if not extension or extension.lower() not in settings.WHITELISTED_IMAGE_TYPES.keys():
    return HttpResponse(json.dumps({'message': 'invalid image extension'}), headers=headers, status=400)



(3) Content type:

Image have an attribute of content-type. Check its value against the whitelisted values.


content_type = images.content_type
# print(content_type)
if content_type not in settings.WHITELISTED_IMAGE_TYPES.values():
    return HttpResponse(json.dumps({'message': 'invalid image content-type'}), headers=headers, status=400)

And now the most important check, mime-type. Extension and content-type can be spoofed by a malicious user. Hence relying only on extension and content-type check could be disastrous. 


(4) Mime-type

To check the mime-type of a file, we need to read first few bytes of it. We will be doing this using the python-magic package. Please install this package before proceeding further.

pip install python-magic


In addition to checking if mime-type is among the one whitelisted, we also check if the content-type and mime-type matches or not. 

import magic

# check mime-type
mime_type = magic.from_buffer(images.read(1024), mime=True)
# print(mime_type)
if mime_type not in settings.WHITELISTED_IMAGE_TYPES.values() and mime_type != content_type:
    return HttpResponse(json.dumps({'message': 'invalid image mime-type'}), headers=headers, status=400)


Once all of the above checks passes, we can process the image. 


Host your Django Application for free on PythonAnyWhere.
If you want complete control of your application and server, you should consider 
DigitalOcean. Create an account with this link and get $100 credits.

0 comments on 'How To Validate An Uploaded Image In Python Django'
Login to comment


Related Articles:
Text to QR code image and QR code image to text generator in Python Django
QR code image to text generator in Python Django, Text to QR code image generator in Python Django, Implementing QR code generator in Python Django. Serving static files in Django media...
How to compress the uploaded image before storing it in Django
Compressing an image in Django before storing it to the server, How to upload and compress and image in Django python, Reducing the size of an image in Django, Faster loading of Django template, Solving cannot write mode RGBA as JPEG error,...
Python Script 17: Setting bing image of the day as desktop wallpaper
Python Script to Set bing image of the day as desktop wallpaper, Automating the desktop wallpaper change to bing image of day using python code, changing desktop wallpaper using python, downloading an image using python code, updating the desktop wallpaper daily using python...
Python Script 16: Generating word cloud image of a text using python
word cloud python, generating a word cloud of a text using python code, python code to generate a word cloud image of a text. Using word frequencies to generate a word cloud image using a python script...
DigitalOcean Referral Badge

© 2022-2023 Python Circle   Contact   Sponsor   Archive   Sitemap