Reputation: 3
File uploads using flask looking in CWD for file to upload instead of using users sample directory
Basically my issue is, whenever I go to upload a file through Flask it wants the file that is being uploaded in the same directory as the Python file my flask server is being run from. This becomes an issue when I go to my local machine instead of my VM and it searches for /home/kali/Downloads/(sample name) instead of wherever the sample is on the windows machine ex(C:\temp(sample)). It also does this on the VM itself where it is only looking in the /home/kali/Downloads folder for the sample to be uploaded. It's almost like it skips the sample entirely.
Here is my code:
from flask import Flask, render_template, request, redirect, send_file
import os
import shutil
from flaskmalwarecheck import malwaresignature
from flaskmalwarecheck import formattedpdf
from flaskmalwarecheck import entropy
import argparse
from elastic import elasticupload
filetypes = [b'MZ']
app= Flask(__name__)
@app.route('/')
def main():
return render_template('attempt.html')
@app.route('/upload', methods = ['GET', 'POST'])
def upload():
try:
upload_folder = "/home/kali/Downloads/webserverup/"
if request.method == 'POST':
n = request.files['file']
filename = n.filename
with open(filename, 'rb') as f:
header = f.read(32)
for call in filetypes:
if call in header:
n.save(os.path.join(upload_folder,filename))
os.chdir(upload_folder)
malware_file, ISO8601, hashmethod, arch, importeddlls, imphash, fuzzyhash,warnings = malwaresignature(n.filename)
formattedpdf(n.filename,malware_file,ISO8601, hashmethod, arch, importeddlls, imphash, fuzzyhash,warnings)
download()
os.remove(n.filename)
os.chdir('..')
elasticupload()
return redirect('/download', code=302)
else:
return redirect('/download', code=302)
except FileNotFoundError as e:
return redirect('/download', code=302)
@app.route('/download')
def download():
return send_file('/home/kali/Downloads/webserverup/Sample.pdf', as_attachment=True)
@app.route('/transparent')
def transparent():
with app.open_resource('flaskmalwarecheck.py', 'r') as e:
contents = e.read()
return contents
parser = argparse.ArgumentParser()
parser.add_argument("ip", help="Enter host IP", type=str)
parser.add_argument("port", help="Port to be hosted on", type=int)
args = parser.parse_args()
if __name__ == "__main__":
app.run(host=args.ip, port=args.port, ssl_context=('cert.pem', 'key.pem'))
The code uploaded really wonky so if something is misplaced it most likely isnt in the actual code, but feel free to point it out anyways. If you also want to see the HTML page I can provide that, but I didn't think it was relevant. This is my first time working with Flask so any pointers would be greatly appreciated as well ;)
Upvotes: 0
Views: 195
Answers (1)
Reputation: 11137
You might want to use the config variable UPLOAD_FOLDER to specify where the uploaded file goes & secure_filename to strip & sanitize the path
import os
from werkzeug.utils import secure_filename
UPLOAD_FOLDER = '/path/to/the/uploads'
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
@app.route(...<route info>...)
def upload_file():
...
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
...
See Flask documentation on Uploading Files
Upvotes: 1
Related Questions
- Folder and files upload with Flask
- upload files using flask-uploads
- Uploading file in python flask
- Flask Upload How to configure file storage path
- Uploading and Downloading Files with Flask
- How do I save file in different directory upon clicking submit using flask?
- Uploading Files with Flask
- Flask: How to get uploads folder path
- Flask upload cannot find directory in server
- Upload Destination