Merge 9680022207 into 37cea84f77

[core,utils] Support unpublicised --no-check-extensions
[core,utils] Implement unsafe file extension mitigation
2024-07-02 18:20:20 +03:00 · 2024-07-02 15:38:50 +01:00 · 2024-07-02 15:38:50 +01:00 · 2024-07-02 15:38:50 +01:00 · 2021-12-13 00:08:02 +02:00 · 2021-11-19 08:23:55 +02:00
8 changed files with 509 additions and 25 deletions
--- a/test/test_utils.py
+++ b/test/test_utils.py
@ -14,9 +14,11 @@ sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 import io
 import itertools
 import json
+import types
 import xml.etree.ElementTree

 from youtube_dl.utils import (
+    _UnsafeExtensionError,
    age_restricted,
    args_to_str,
    base_url,
@ -270,6 +272,27 @@ class TestUtil(unittest.TestCase):
            expand_path('~/%s' % env('YOUTUBE_DL_EXPATH_PATH')),
            '%s/expanded' % compat_getenv('HOME'))

+    _uncommon_extensions = [
+        ('exe', 'abc.exe.ext'),
+        ('de', 'abc.de.ext'),
+        ('../.mp4', None),
+        ('..\\.mp4', None),
+    ]
+
+    def assertUnsafeExtension(self, ext=None):
+        assert_raises = self.assertRaises(_UnsafeExtensionError)
+        assert_raises.ext = ext
+        orig_exit = assert_raises.__exit__
+
+        def my_exit(self_, exc_type, exc_val, exc_tb):
+            did_raise = orig_exit(exc_type, exc_val, exc_tb)
+            if did_raise and assert_raises.ext is not None:
+                self.assertEqual(assert_raises.ext, assert_raises.exception.extension, 'Unsafe extension  not as unexpected')
+            return did_raise
+
+        assert_raises.__exit__ = types.MethodType(my_exit, assert_raises)
+        return assert_raises
+
    def test_prepend_extension(self):
        self.assertEqual(prepend_extension('abc.ext', 'temp'), 'abc.temp.ext')
        self.assertEqual(prepend_extension('abc.ext', 'temp', 'ext'), 'abc.temp.ext')
@ -278,6 +301,19 @@ class TestUtil(unittest.TestCase):
        self.assertEqual(prepend_extension('.abc', 'temp'), '.abc.temp')
        self.assertEqual(prepend_extension('.abc.ext', 'temp'), '.abc.temp.ext')

+        # Test uncommon extensions
+        self.assertEqual(prepend_extension('abc.ext', 'bin'), 'abc.bin.ext')
+        for ext, result in self._uncommon_extensions:
+            with self.assertUnsafeExtension(ext):
+                prepend_extension('abc', ext)
+            if result:
+                self.assertEqual(prepend_extension('abc.ext', ext, 'ext'), result)
+            else:
+                with self.assertUnsafeExtension(ext):
+                    prepend_extension('abc.ext', ext, 'ext')
+            with self.assertUnsafeExtension(ext):
+                prepend_extension('abc.unexpected_ext', ext, 'ext')
+
    def test_replace_extension(self):
        self.assertEqual(replace_extension('abc.ext', 'temp'), 'abc.temp')
        self.assertEqual(replace_extension('abc.ext', 'temp', 'ext'), 'abc.temp')
@ -286,6 +322,16 @@ class TestUtil(unittest.TestCase):
        self.assertEqual(replace_extension('.abc', 'temp'), '.abc.temp')
        self.assertEqual(replace_extension('.abc.ext', 'temp'), '.abc.temp')

+        # Test uncommon extensions
+        self.assertEqual(replace_extension('abc.ext', 'bin'), 'abc.unknown_video')
+        for ext, _ in self._uncommon_extensions:
+            with self.assertUnsafeExtension(ext):
+                replace_extension('abc', ext)
+            with self.assertUnsafeExtension(ext):
+                replace_extension('abc.ext', ext, 'ext')
+            with self.assertUnsafeExtension(ext):
+                replace_extension('abc.unexpected_ext', ext, 'ext')
+
    def test_subtitles_filename(self):
        self.assertEqual(subtitles_filename('abc.ext', 'en', 'vtt'), 'abc.en.vtt')
        self.assertEqual(subtitles_filename('abc.ext', 'en', 'vtt', 'ext'), 'abc.en.vtt')
--- a/youtube_dl/YoutubeDL.py
+++ b/youtube_dl/YoutubeDL.py
@ -7,6 +7,7 @@ import collections
 import copy
 import datetime
 import errno
+import functools
 import io
 import itertools
 import json
@ -53,6 +54,7 @@ from .compat import (
    compat_urllib_request_DataHandler,
 )
 from .utils import (
+    _UnsafeExtensionError,
    age_restricted,
    args_to_str,
    bug_reports_message,
@ -129,6 +131,20 @@ if compat_os_name == 'nt':
    import ctypes


+def _catch_unsafe_file_extension(func):
+    @functools.wraps(func)
+    def wrapper(self, *args, **kwargs):
+        try:
+            return func(self, *args, **kwargs)
+        except _UnsafeExtensionError as error:
+            self.report_error(
+                '{0} found; to avoid damaging your system, this value is disallowed.'
+                ' If you believe this is an error{1}').format(
+                    error.message, bug_reports_message(','))
+
+    return wrapper
+
+
 class YoutubeDL(object):
    """YoutubeDL class.

@ -1925,6 +1941,7 @@ class YoutubeDL(object):
        if self.params.get('forcejson', False):
            self.to_stdout(json.dumps(self.sanitize_info(info_dict)))

+    @_catch_unsafe_file_extension
    def process_info(self, info_dict):
        """Process a single resolved IE result."""

--- a/youtube_dl/init.py
+++ b/youtube_dl/init.py
@ -21,6 +21,7 @@ from .compat import (
    workaround_optparse_bug9161,
 )
 from .utils import (
+    _UnsafeExtensionError,
    DateRange,
    decodeOption,
    DEFAULT_OUTTMPL,
@ -173,6 +174,9 @@ def _real_main(argv=None):
    if opts.ap_mso and opts.ap_mso not in MSO_INFO:
        parser.error('Unsupported TV Provider, use --ap-list-mso to get a list of supported TV Providers')

+    if opts.no_check_extensions:
+        _UnsafeExtensionError.lenient = True
+
    def parse_retries(retries):
        if retries in ('inf', 'infinite'):
            parsed_retries = float('inf')
--- a/youtube_dl/extractor/extractors.py
+++ b/youtube_dl/extractor/extractors.py
@ -1078,6 +1078,10 @@ from .rutube import (
    RutubePersonIE,
    RutubePlaylistIE,
 )
+from .glomex import (
+    GlomexIE,
+    GlomexEmbedIE,
+)
 from .rutv import RUTVIE
 from .ruutu import RuutuIE
 from .ruv import RuvIE
--- a/youtube_dl/extractor/generic.py
+++ b/youtube_dl/extractor/generic.py
@ -102,6 +102,7 @@ from .ustream import UstreamIE
 from .arte import ArteTVEmbedIE
 from .videopress import VideoPressIE
 from .rutube import RutubeIE
+from .glomex import GlomexEmbedIE
 from .limelight import LimelightBaseIE
 from .anvato import AnvatoIE
 from .washingtonpost import WashingtonPostIE
@ -3400,6 +3401,12 @@ class GenericIE(InfoExtractor):
            return self.playlist_from_matches(
                rutube_urls, video_id, video_title, ie=RutubeIE.ie_key())

+        # Look for Glomex embeds
+        glomex_urls = list(GlomexEmbedIE._extract_urls(webpage, url))
+        if glomex_urls:
+            return self.playlist_from_matches(
+                glomex_urls, video_id, video_title, ie=GlomexEmbedIE.ie_key())
+
        # Look for WashingtonPost embeds
        wapo_urls = WashingtonPostIE._extract_urls(webpage)
        if wapo_urls:
--- a/youtube_dl/extractor/glomex.py
+++ b/youtube_dl/extractor/glomex.py
@ -0,0 +1,279 @@
+# coding: utf-8
+from __future__ import unicode_literals
+
+import re
+
+from .common import InfoExtractor
+from ..compat import (
+    compat_urllib_parse_urlparse,
+    compat_urllib_parse_urlencode,
+)
+from ..utils import (
+    ExtractorError,
+    determine_ext,
+    int_or_none,
+    try_get,
+    smuggle_url,
+    unsmuggle_url,
+    unescapeHTML,
+)
+
+
+class GlomexBaseIE(InfoExtractor):
+    _DEFAULT_ORIGIN_URL = 'https://player.glomex.com/'
+    _API_URL = 'https://integration-cloudfront-eu-west-1.mes.glomex.cloud/'
+
+    @staticmethod
+    def _smuggle_origin_url(url, origin_url):
+        return smuggle_url(url, {'origin': origin_url})
+
+    @classmethod
+    def _unsmuggle_origin_url(cls, url, fallback_origin_url=None):
+        defaults = {'origin': fallback_origin_url or cls._DEFAULT_ORIGIN_URL}
+        unsmuggled_url, data = unsmuggle_url(url, default=defaults)
+        return unsmuggled_url, data['origin']
+
+    def _get_videoid_type(self, video_id):
+        _VIDEOID_TYPES = {
+            'v': 'video',
+            'pl': 'playlist',
+            'rl': 'related videos playlist',
+            'cl': 'curated playlist',
+        }
+        prefix = video_id.split('-')[0]
+        return _VIDEOID_TYPES.get(prefix, 'unknown type')
+
+    def _download_api_data(self, video_id, integration, current_url=None):
+        query = {
+            'integration_id': integration,
+            'playlist_id': video_id,
+            'current_url': current_url or self._DEFAULT_ORIGIN_URL,
+        }
+        video_id_type = self._get_videoid_type(video_id)
+        return self._download_json(
+            self._API_URL,
+            video_id, 'Downloading %s JSON' % video_id_type,
+            'Unable to download %s JSON' % video_id_type,
+            query=query)
+
+    def _download_and_extract_api_data(self, video_id, integration, current_url):
+        api_data = self._download_api_data(video_id, integration, current_url)
+        videos = api_data['videos']
+        if not videos:
+            raise ExtractorError('no videos found for %s' % video_id)
+        if len(videos) == 1:
+            return self._extract_api_data(videos[0], video_id)
+        # assume some kind of playlist
+        videos = [
+            self._extract_api_data(video, video_id)
+            for video in videos
+        ]
+        return self.playlist_result(videos, video_id)
+
+    def _extract_api_data(self, video, video_id):
+        if video.get('error_code') == 'contentGeoblocked':
+            self.raise_geo_restricted(countries=video['geo_locations'])
+        info = self._extract_info(video, video_id)
+        info['formats'] = self._extract_formats(video, video_id)
+        return info
+
+    @staticmethod
+    def _extract_info(video, video_id=None, require_title=True):
+        title = video['title'] if require_title else video.get('title')
+
+        def append_image_url(url, default='profile:player-960x540'):
+            if url:
+                return '%s/%s' % (url, default)
+        thumbnail = append_image_url(try_get(video,
+                                             lambda x: x['image']['url']))
+        thumbnails = [
+            dict(width=960, height=540,
+                 **{k: append_image_url(v) if k == 'url' else v
+                    for k, v in image.items() if k in ('id', 'url')})
+            for image in video.get('images', [])
+        ] or None
+
+        return {
+            'id': video.get('clip_id') or video_id,
+            'title': title,
+            'description': video.get('description'),
+            'thumbnail': thumbnail,
+            'thumbnails': thumbnails,
+            'duration': int_or_none(video.get('clip_duration')),
+            'timestamp': video.get('created_at'),
+        }
+
+    def _extract_formats(self, options, video_id):
+        formats = []
+        for format_id, format_url in options['source'].items():
+            ext = determine_ext(format_url)
+            if ext == 'm3u8':
+                formats.extend(self._extract_m3u8_formats(
+                    format_url, video_id, 'mp4', m3u8_id=format_id,
+                    fatal=False))
+            else:
+                formats.append({
+                    'url': format_url,
+                    'format_id': format_id,
+                })
+        if options.get('language'):
+            for format in formats:
+                format['language'] = options.get('language')
+        self._sort_formats(formats)
+        return formats
+
+
+class GlomexIE(GlomexBaseIE):
+    IE_NAME = 'glomex'
+    IE_DESC = 'Glomex videos'
+    _VALID_URL = r'https?://video\.glomex\.com/[^/]+/(?P<id>v-[^-]+)'
+    # Hard-coded integration ID for video.glomex.com
+    _INTEGRATION_ID = '19syy24xjn1oqlpc'
+
+    _TEST = {
+        'url': 'https://video.glomex.com/sport/v-cb24uwg77hgh-nach-2-0-sieg-guardiola-mit-mancity-vor-naechstem-titel',
+        'md5': 'cec33a943c4240c9cb33abea8c26242e',
+        'info_dict': {
+            'id': 'v-cb24uwg77hgh',
+            'ext': 'mp4',
+            'title': 'md5:38a90cedcfadd72982c81acf13556e0c',
+            'description': 'md5:1ea6b6caff1443fcbbba159e432eedb8',
+            'duration': 29600,
+            'timestamp': 1619895017,
+            'upload_date': '20210501',
+            'age_limit': None,
+        },
+    }
+
+    def _real_extract(self, url):
+        video_id = self._match_id(url)
+        # Defer to glomex:embed IE: Build and return a player URL using the
+        # matched video ID and the hard-coded integration ID
+        return self.url_result(
+            GlomexEmbedIE.build_player_url(video_id, self._INTEGRATION_ID,
+                                           url),
+            GlomexEmbedIE.ie_key(),
+            video_id
+        )
+
+
+class GlomexEmbedIE(GlomexBaseIE):
+    IE_NAME = 'glomex:embed'
+    IE_DESC = 'Glomex embedded videos'
+    _BASE_PLAYER_URL = 'https://player.glomex.com/integration/1/iframe-player.html'
+    _VALID_URL = r'''(?x)https?://player\.glomex\.com/integration/[^/]+/iframe-player\.html
+        \?(?:(?:integrationId=(?P<integration>[^&#]+)|playlistId=(?P<id>[^&#]+)|[^&=#]+=[^&#]+)&?)+'''
+
+    _TESTS = [{
+        'url': 'https://player.glomex.com/integration/1/iframe-player.html?integrationId=4059a013k56vb2yd&playlistId=v-cfa6lye0dkdd-sf',
+        'info_dict': {
+            'id': 'v-cfa6lye0dkdd-sf',
+            'ext': 'mp4',
+            'timestamp': 1635337199,
+            'duration': 133080,
+            'upload_date': '20211027',
+            'description': 'md5:e741185fc309310ff5d0c789b437be66',
+            'title': 'md5:35647293513a6c92363817a0fb0a7961',
+        },
+        'params': {
+            'skip_download': True,
+        },
+    }, {
+        'url': 'https://player.glomex.com/integration/1/iframe-player.html?origin=fullpage&integrationId=19syy24xjn1oqlpc&playlistId=rl-vcb49w1fb592p&playlistIndex=0',
+        'info_dict': {
+            'id': 'rl-vcb49w1fb592p',
+        },
+        'playlist_count': 100,
+        'params': {
+            'skip_download': True,
+        },
+    }, {
+        'url': 'https://player.glomex.com/integration/1/iframe-player.html?playlistId=cl-bgqaata6aw8x&integrationId=19syy24xjn1oqlpc',
+        'info_dict': {
+            'id': 'cl-bgqaata6aw8x',
+        },
+        'playlist_mincount': 2,
+        'params': {
+            'skip_download': True,
+        },
+    }]
+
+    @classmethod
+    def build_player_url(cls, video_id, integration, origin_url=None):
+        query_string = compat_urllib_parse_urlencode({
+            'playlistId': video_id,
+            'integrationId': integration,
+        })
+        player_url = '%s?%s' % (cls._BASE_PLAYER_URL, query_string)
+        if origin_url is not None:
+            player_url = cls._smuggle_origin_url(player_url, origin_url)
+        return player_url
+
+    @classmethod
+    def _extract_urls(cls, webpage, origin_url):
+        # make the scheme in _VALID_URL optional
+        _URL_RE = r'(?:https?:)?//' + cls._VALID_URL.split('://', 1)[1]
+        # simplify the query string part of _VALID_URL; after extracting iframe
+        # src, the URL will be matched again
+        _URL_RE = _URL_RE.split(r'\?', 1)[0] + r'\?(?:(?!(?P=_q1)).)+'
+        # https://docs.glomex.com/publisher/video-player-integration/javascript-api/
+        EMBED_RE = r'''(?x)
+        (?:
+            <iframe[^>]+?src=(?P<_q1>%(quot_re)s)
+                (?P<url>%(url_re)s)(?P=_q1)|
+            <(?P<html_tag>glomex-player|div)(?:
+                data-integration-id=(?P<_q2>%(quot_re)s)(?P<integration_html>(?:(?!(?P=_q2)).)+)(?P=_q2)|
+                data-playlist-id=(?P<_q3>%(quot_re)s)(?P<id_html>(?:(?!(?P=_q3)).)+)(?P=_q3)|
+                data-glomex-player=(?P<_q4>%(quot_re)s)(?P<glomex_player>true)(?P=_q4)|
+                [^>]*?
+            )+>|
+            # naive parsing of inline scripts for hard-coded integration parameters
+            <(?P<script_tag>script)[^<]*?>(?:
+                (?P<_stjs1>dataset\.)?integrationId\s*(?(_stjs1)=|:)\s*
+                    (?P<_q5>%(quot_re)s)(?P<integration_js>(?:(?!(?P=_q5)).)+)(?P=_q5)\s*(?(_stjs1);|,)?|
+                (?P<_stjs2>dataset\.)?playlistId\s*(?(_stjs2)=|:)\s*
+                    (?P<_q6>%(quot_re)s)(?P<id_js>(?:(?!(?P=_q6)).)+)(?P=_q6)\s*(?(_stjs2);|,)?|
+                (?:\s|.)*?
+            )+</script>
+        )
+        ''' % {'quot_re': r'["\']', 'url_re': _URL_RE}
+        for mobj in re.finditer(EMBED_RE, webpage):
+            url, html_tag, video_id_html, integration_html, glomex_player, \
+                script_tag, video_id_js, integration_js = \
+                mobj.group('url', 'html_tag', 'id_html',
+                           'integration_html', 'glomex_player', 'script_tag',
+                           'id_js', 'integration_js')
+            if url:
+                url = unescapeHTML(url)
+                if url.startswith('//'):
+                    scheme = compat_urllib_parse_urlparse(origin_url).scheme \
+                        if origin_url else 'https'
+                    url = '%s:%s' % (scheme, url)
+                if not cls.suitable(url):
+                    continue
+                yield cls._smuggle_origin_url(url, origin_url)
+            elif html_tag:
+                if html_tag == "div" and not glomex_player:
+                    continue
+                if not video_id_html or not integration_html:
+                    continue
+                yield cls.build_player_url(video_id_html, integration_html,
+                                           origin_url)
+            elif script_tag:
+                if not video_id_js or not integration_js:
+                    continue
+                yield cls.build_player_url(video_id_js, integration_js,
+                                           origin_url)
+
+    def _real_extract(self, url):
+        url, origin_url = self._unsmuggle_origin_url(url)
+        # must return a valid match since it was already tested when selecting the IE
+        try:
+            matches = self._VALID_URL_RE.match(url).groupdict()
+        except AttributeError:
+            matches = re.match(self._VALID_URL, url).groupdict()
+        # id is not enforced in the pattern, so do it now; ditto integration
+        video_id = matches['id']
+        integration = matches['integration']
+        return self._download_and_extract_api_data(video_id, integration,
+                                                   origin_url)
--- a/youtube_dl/options.py
+++ b/youtube_dl/options.py
@ -533,6 +533,10 @@ def parseOpts(overrideArguments=None):
        '--no-check-certificate',
        action='store_true', dest='no_check_certificate', default=False,
        help='Suppress HTTPS certificate validation')
+    workarounds.add_option(
+        '--no-check-extensions',
+        action='store_true', dest='no_check_extensions', default=False,
+        help='Suppress file extension validation')
    workarounds.add_option(
        '--prefer-insecure',
        '--prefer-unsecure', action='store_true', dest='prefer_insecure',
--- a/youtube_dl/utils.py
+++ b/youtube_dl/utils.py
@ -1717,21 +1717,6 @@ TIMEZONE_NAMES = {
    'PST': -8, 'PDT': -7   # Pacific
 }

-KNOWN_EXTENSIONS = (
-    'mp4', 'm4a', 'm4p', 'm4b', 'm4r', 'm4v', 'aac',
-    'flv', 'f4v', 'f4a', 'f4b',
-    'webm', 'ogg', 'ogv', 'oga', 'ogx', 'spx', 'opus',
-    'mkv', 'mka', 'mk3d',
-    'avi', 'divx',
-    'mov',
-    'asf', 'wmv', 'wma',
-    '3gp', '3g2',
-    'mp3',
-    'flac',
-    'ape',
-    'wav',
-    'f4f', 'f4m', 'm3u8', 'smil')
-
 # needed for sanitizing filenames in restricted mode
 ACCENT_CHARS = dict(zip('ÂÃÄÀÁÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖŐØŒÙÚÛÜŰÝÞßàáâãäåæçèéêëìíîïðñòóôõöőøœùúûüűýþÿ',
                        itertools.chain('AAAAAA', ['AE'], 'CEEEEIIIIDNOOOOOOO', ['OE'], 'UUUUUY', ['TH', 'ss'],
@ -3959,19 +3944,22 @@ def parse_duration(s):
    return duration


-def prepend_extension(filename, ext, expected_real_ext=None):
+def _change_extension(prepend, filename, ext, expected_real_ext=None):
    name, real_ext = os.path.splitext(filename)
-    return (
-        '{0}.{1}{2}'.format(name, ext, real_ext)
-        if not expected_real_ext or real_ext[1:] == expected_real_ext
-        else '{0}.{1}'.format(filename, ext))
+    sanitize_extension = _UnsafeExtensionError.sanitize_extension
+
+    if not expected_real_ext or real_ext.partition('.')[0::2] == ('', expected_real_ext):
+        filename = name
+        if prepend and real_ext:
+            sanitize_extension(ext, prepend=prepend)
+            return ''.join((filename, '.', ext, real_ext))
+
+    # Mitigate path traversal and file impersonation attacks
+    return '.'.join((filename, sanitize_extension(ext)))


-def replace_extension(filename, ext, expected_real_ext=None):
-    name, real_ext = os.path.splitext(filename)
-    return '{0}.{1}'.format(
-        name if not expected_real_ext or real_ext[1:] == expected_real_ext else filename,
-        ext)
+prepend_extension = functools.partial(_change_extension, True)
+replace_extension = functools.partial(_change_extension, False)


 def check_executable(exe, args=[]):
@ -6561,3 +6549,138 @@ def join_nonempty(*values, **kwargs):
    if from_dict is not None:
        values = (traverse_obj(from_dict, variadic(v)) for v in values)
    return delim.join(map(compat_str, filter(None, values)))
+
+
+class Namespace(object):
+    """Immutable namespace"""
+
+    def __init__(self, **kw_attr):
+        self.__dict__.update(kw_attr)
+
+    def __iter__(self):
+        return iter(self.__dict__.values())
+
+    @property
+    def items_(self):
+        return self.__dict__.items()
+
+
+MEDIA_EXTENSIONS = Namespace(
+    common_video=('avi', 'flv', 'mkv', 'mov', 'mp4', 'webm'),
+    video=('3g2', '3gp', 'f4v', 'mk3d', 'divx', 'mpg', 'ogv', 'm4v', 'wmv'),
+    common_audio=('aiff', 'alac', 'flac', 'm4a', 'mka', 'mp3', 'ogg', 'opus', 'wav'),
+    audio=('aac', 'ape', 'asf', 'f4a', 'f4b', 'm4b', 'm4p', 'm4r', 'oga', 'ogx', 'spx', 'vorbis', 'wma', 'weba'),
+    thumbnails=('jpg', 'png', 'webp'),
+    # storyboards=('mhtml', ),
+    subtitles=('srt', 'vtt', 'ass', 'lrc', 'ttml'),
+    manifests=('f4f', 'f4m', 'm3u8', 'smil', 'mpd'),
+)
+MEDIA_EXTENSIONS.video = MEDIA_EXTENSIONS.common_video + MEDIA_EXTENSIONS.video
+MEDIA_EXTENSIONS.audio = MEDIA_EXTENSIONS.common_audio + MEDIA_EXTENSIONS.audio
+
+KNOWN_EXTENSIONS = (
+    MEDIA_EXTENSIONS.video + MEDIA_EXTENSIONS.audio
+    + MEDIA_EXTENSIONS.manifests
+)
+
+
+class _UnsafeExtensionError(Exception):
+    """
+    Mitigation exception for unwanted file overwrite/path traversal
+
+    Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
+    """
+    _ALLOWED_EXTENSIONS = frozenset(itertools.chain(
+        (   # internal
+            'description',
+            'json',
+            'meta',
+            'orig',
+            'part',
+            'temp',
+            'uncut',
+            'unknown_video',
+            'ytdl',
+        ),
+        # video
+        MEDIA_EXTENSIONS.video, (
+            'avif',
+            'ismv',
+            'm2ts',
+            'm4s',
+            'mng',
+            'mpeg',
+            'qt',
+            'swf',
+            'ts',
+            'vp9',
+            'wvm',
+        ),
+        # audio
+        MEDIA_EXTENSIONS.audio, (
+            'isma',
+            'mid',
+            'mpga',
+            'ra',
+        ),
+        # image
+        MEDIA_EXTENSIONS.thumbnails, (
+            'bmp',
+            'gif',
+            'ico',
+            'heic',
+            'jng',
+            'jpeg',
+            'jxl',
+            'svg',
+            'tif',
+            'wbmp',
+        ),
+        # subtitle
+        MEDIA_EXTENSIONS.subtitles, (
+            'dfxp',
+            'fs',
+            'ismt',
+            'sami',
+            'scc',
+            'ssa',
+            'tt',
+        ),
+        # others
+        MEDIA_EXTENSIONS.manifests,
+        (
+            # not used in yt-dl
+            # *MEDIA_EXTENSIONS.storyboards,
+            # 'desktop',
+            # 'ism',
+            # 'm3u',
+            # 'sbv',
+            # 'swp',
+            # 'url',
+            # 'webloc',
+            # 'xml',
+        )))
+
+    def __init__(self, extension):
+        super(_UnsafeExtensionError, self).__init__('unsafe file extension: {0!r}'.format(extension))
+        self.extension = extension
+
+    # support --no-check-extensions
+    lenient = False
+
+    @classmethod
+    def sanitize_extension(cls, extension, **kwargs):
+        # ... /, *, prepend=False
+        prepend = kwargs.get('prepend', False)
+
+        if '/' in extension or '\\' in extension:
+            raise cls(extension)
+
+        if not prepend:
+            last = extension.rpartition('.')[-1]
+            if last == 'bin':
+                extension = last = 'unknown_video'
+            if not (cls.lenient or last.lower() in cls._ALLOWED_EXTENSIONS):
+                raise cls(extension)
+
+        return extension
Author	SHA1	Message	Date
Zenon Mousmoulas	5cd319aa1b	Merge `9680022207` into `37cea84f77`	2024-07-02 18:20:20 +03:00
dirkf	37cea84f77	[core,utils] Support unpublicised `--no-check-extensions`	2024-07-02 15:38:50 +01:00
dirkf	4652109643	[core,utils] Implement unsafe file extension mitigation * from https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4, thx grub4k	2024-07-02 15:38:50 +01:00
dirkf	3c466186a8	[utils] Back-port Namespace and MEDIA_EXTENSIONS from yt-dlp Thx pukkandan * Namespace: https://github.com/yt-dlp/yt-dlp/commit/591bb9d355 * MEDIA_EXTENSIONS: https://github.com/yt-dlp/yt-dlp/commit/8dc5930511	2024-07-02 15:38:50 +01:00
Zenon Mousmoulas	9680022207	Remove unused method	2021-12-13 00:08:02 +02:00
Zenon Mousmoulas	ae8fb74131	Fix typo url -> origin_url	2021-11-19 08:23:55 +02:00
Zenon Mousmoulas	699390c40d	Remove unnecessary quote escape	2021-11-13 08:47:38 +02:00
Zenon Mousmoulas	d303e1e05f	GlomexEmbedIE: Reuse _VALID_URL in _extract_urls * Let _extract_urls reuse _VALID_URL after making scheme optional and simplifying the query string part * Upon an iframe match * Add the scheme to the matched URL, if necessary * Match the URL against the full _VALID_URL	2021-11-11 11:16:29 +02:00
Zenon Mousmoulas	4225c46d3b	Revert to _VALID_URL to match video_id and integration * Retrieve the last instance of said parameters that appears in the query string, rather than the first previously * Resolve the respective comment in #30212	2021-11-11 11:07:56 +02:00
Zenon Mousmoulas	abfc16a123	Regex fixup	2021-11-11 08:30:56 +02:00
Zenon Mousmoulas	6880bf4334	Force evaluation	2021-11-10 07:34:16 +02:00
Zenon Mousmoulas	f561e0d817	Add Glomex IEs * Add new IEs * GlomexBaseIE: Base IE class * GlomexIE: Extract videos from video.glomex.com (by deferring to glomex:embed) * GlomexEmbedIE: Extract Glomex videos by matching the player URL * Query the API to extract metadata, detect video formats and get the respective (JWT protected) stream/source URLs * The API query may return one or more videos: the latter case is treated as a playlist * As this is otherwise identically handled, a separate IE was not deemed necessary * However title and description fields are not set for playlist results * They do not exist in the parent object; obtaining them from the first entry is not indicative for the playlist content * As the playlist order is not always stable (this is true at least for related videos playlists), it makes writing test cases impossible * Let GenericIE detect embeds by matching all three integration methods: * HTML: glomex-player tag or data attributes * Javascript: naive parsing of inline scripts for string constants assigned to integration parameters * Iframe: src attribute GlomexEmbedIE._VALID_URL * Let GlomexIE and the former embed detection pass the origin URL to GlomexEmbedIE by smuggling it in the player URL, as this is an expected parameter in API requests * Add test cases for both single videos and two playlist flavors	2021-11-08 08:17:47 +02:00