aboutsummaryrefslogtreecommitdiff
path: root/youtube_dl/YoutubeDL.py
diff options
context:
space:
mode:
authordirkf <fieldhouse@gmx.net>2024-06-30 18:37:25 +0100
committerdirkf <fieldhouse@gmx.net>2024-07-02 15:38:50 +0100
commit46521096433aceaa41b4caa845bed22ca6f377ce (patch)
tree9863266a93a5f946a5e79365a9234a99ae25c23f /youtube_dl/YoutubeDL.py
parent3c466186a86a22c3fc050f038c38b76ffa1a2dad (diff)
[core,utils] Implement unsafe file extension mitigation
* from https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4, thx grub4k
Diffstat (limited to 'youtube_dl/YoutubeDL.py')
-rwxr-xr-xyoutube_dl/YoutubeDL.py17
1 files changed, 17 insertions, 0 deletions
diff --git a/youtube_dl/YoutubeDL.py b/youtube_dl/YoutubeDL.py
index dad44435f..c19501915 100755
--- a/youtube_dl/YoutubeDL.py
+++ b/youtube_dl/YoutubeDL.py
@@ -7,6 +7,7 @@ import collections
import copy
import datetime
import errno
+import functools
import io
import itertools
import json
@@ -53,6 +54,7 @@ from .compat import (
compat_urllib_request_DataHandler,
)
from .utils import (
+ _UnsafeExtensionError,
age_restricted,
args_to_str,
bug_reports_message,
@@ -129,6 +131,20 @@ if compat_os_name == 'nt':
import ctypes
+def _catch_unsafe_file_extension(func):
+ @functools.wraps(func)
+ def wrapper(self, *args, **kwargs):
+ try:
+ return func(self, *args, **kwargs)
+ except _UnsafeExtensionError as error:
+ self.report_error(
+ '{0} found; to avoid damaging your system, this value is disallowed.'
+ ' If you believe this is an error{1}').format(
+ error.message, bug_reports_message(','))
+
+ return wrapper
+
+
class YoutubeDL(object):
"""YoutubeDL class.
@@ -1925,6 +1941,7 @@ class YoutubeDL(object):
if self.params.get('forcejson', False):
self.to_stdout(json.dumps(self.sanitize_info(info_dict)))
+ @_catch_unsafe_file_extension
def process_info(self, info_dict):
"""Process a single resolved IE result."""
generated by cgit v1.2.3 (git 2.26.2) at 2025-08-28 08:55:39 +0000