python - Security considerations with server side urllib2.urlopen with url from user -

i'd users able upload images web providing url. don't think can client fetch image , upload due possible cors issues , hotlink prevention, i'm getting server it.

the biggest concern user entering file:///home/user/secret_image.jpg. url gets sent server , django happily fetches it, local server side file, hosting world see. there way limit requests external resources? how can approach made safe (at least -ish)?

some other concerns may user providing hostname resolves local address or providing public url redirect local address. other devices on lan wouldn't accessible.

filtering url text not option. perhaps check ip gets routed gateway , destination outside subnet before allowing urllib continue. block redirects, may useful feature in cases, write redirect handler re-check ip. starting feel patch job , not nice robust takes-care-of-all-cases solution.

i'm doing basic stuff read(max_size) in case file huuge, using python-magic check mimetype , pick extension, using django-ratelimit , setting timeout on call urlopen().

edit: related answer

give can involve significant network i/o, i'd move work "file download worker", e.g. celery, other solution homegrown part

filesystem

next part is, once separate main django deployment workers, can use different , unprivileged os user run worker, can ran inside chroot or jail equivalent. should limit worker can see on filesystem.

network interfaces

as network interfaces, can setting firewall rules, e.g. believe on linux os, iptables can set rules per user , per network interface. should allow limit worker's user can on network.

bottom line

bottom line is, i'd move task separate worker, unprivileged , restricted access computer resources, instead of inheriting permissions of main django app. privilege given worker reach out internet, grab files, write disk, nothing more.