Merge a60972e253 into 37cea84f77

[core,utils] Support unpublicised --no-check-extensions
[core,utils] Implement unsafe file extension mitigation
2024-07-02 12:47:05 -05:00 · 2024-07-02 15:38:50 +01:00 · 2024-07-02 15:38:50 +01:00 · 2024-07-02 15:38:50 +01:00 · 2024-03-15 13:02:56 +01:00 · 2024-03-14 13:41:01 +01:00
7 changed files with 470 additions and 713 deletions
--- a/test/test_utils.py
+++ b/test/test_utils.py
@ -14,9 +14,11 @@ sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 import io
 import itertools
 import json
 import types
 import xml.etree.ElementTree
 from youtube_dl.utils import (
    _UnsafeExtensionError,
    age_restricted,
    args_to_str,
    base_url,
@ -270,6 +272,27 @@ class TestUtil(unittest.TestCase):
            expand_path('~/%s' % env('YOUTUBE_DL_EXPATH_PATH')),
            '%s/expanded' % compat_getenv('HOME'))
    _uncommon_extensions = [
        ('exe', 'abc.exe.ext'),
        ('de', 'abc.de.ext'),
        ('../.mp4', None),
        ('..\\.mp4', None),
    ]
    def assertUnsafeExtension(self, ext=None):
        assert_raises = self.assertRaises(_UnsafeExtensionError)
        assert_raises.ext = ext
        orig_exit = assert_raises.__exit__
        def my_exit(self_, exc_type, exc_val, exc_tb):
            did_raise = orig_exit(exc_type, exc_val, exc_tb)
            if did_raise and assert_raises.ext is not None:
                self.assertEqual(assert_raises.ext, assert_raises.exception.extension, 'Unsafe extension  not as unexpected')
            return did_raise
        assert_raises.__exit__ = types.MethodType(my_exit, assert_raises)
        return assert_raises
    def test_prepend_extension(self):
        self.assertEqual(prepend_extension('abc.ext', 'temp'), 'abc.temp.ext')
        self.assertEqual(prepend_extension('abc.ext', 'temp', 'ext'), 'abc.temp.ext')
@ -278,6 +301,19 @@ class TestUtil(unittest.TestCase):
        self.assertEqual(prepend_extension('.abc', 'temp'), '.abc.temp')
        self.assertEqual(prepend_extension('.abc.ext', 'temp'), '.abc.temp.ext')
        # Test uncommon extensions
        self.assertEqual(prepend_extension('abc.ext', 'bin'), 'abc.bin.ext')
        for ext, result in self._uncommon_extensions:
            with self.assertUnsafeExtension(ext):
                prepend_extension('abc', ext)
            if result:
                self.assertEqual(prepend_extension('abc.ext', ext, 'ext'), result)
            else:
                with self.assertUnsafeExtension(ext):
                    prepend_extension('abc.ext', ext, 'ext')
            with self.assertUnsafeExtension(ext):
                prepend_extension('abc.unexpected_ext', ext, 'ext')
    def test_replace_extension(self):
        self.assertEqual(replace_extension('abc.ext', 'temp'), 'abc.temp')
        self.assertEqual(replace_extension('abc.ext', 'temp', 'ext'), 'abc.temp')
@ -286,6 +322,16 @@ class TestUtil(unittest.TestCase):
        self.assertEqual(replace_extension('.abc', 'temp'), '.abc.temp')
        self.assertEqual(replace_extension('.abc.ext', 'temp'), '.abc.temp')
        # Test uncommon extensions
        self.assertEqual(replace_extension('abc.ext', 'bin'), 'abc.unknown_video')
        for ext, _ in self._uncommon_extensions:
            with self.assertUnsafeExtension(ext):
                replace_extension('abc', ext)
            with self.assertUnsafeExtension(ext):
                replace_extension('abc.ext', ext, 'ext')
            with self.assertUnsafeExtension(ext):
                replace_extension('abc.unexpected_ext', ext, 'ext')
    def test_subtitles_filename(self):
        self.assertEqual(subtitles_filename('abc.ext', 'en', 'vtt'), 'abc.en.vtt')
        self.assertEqual(subtitles_filename('abc.ext', 'en', 'vtt', 'ext'), 'abc.en.vtt')
--- a/youtube_dl/YoutubeDL.py
+++ b/youtube_dl/YoutubeDL.py
@ -7,6 +7,7 @@ import collections
 import copy
 import datetime
 import errno
 import functools
 import io
 import itertools
 import json
@ -53,6 +54,7 @@ from .compat import (
    compat_urllib_request_DataHandler,
 )
 from .utils import (
    _UnsafeExtensionError,
    age_restricted,
    args_to_str,
    bug_reports_message,
@ -129,6 +131,20 @@ if compat_os_name == 'nt':
    import ctypes
 def _catch_unsafe_file_extension(func):
    @functools.wraps(func)
    def wrapper(self, *args, **kwargs):
        try:
            return func(self, *args, **kwargs)
        except _UnsafeExtensionError as error:
            self.report_error(
                '{0} found; to avoid damaging your system, this value is disallowed.'
                ' If you believe this is an error{1}').format(
                    error.message, bug_reports_message(','))
    return wrapper
 class YoutubeDL(object):
    """YoutubeDL class.
@ -1925,6 +1941,7 @@ class YoutubeDL(object):
        if self.params.get('forcejson', False):
            self.to_stdout(json.dumps(self.sanitize_info(info_dict)))
    @_catch_unsafe_file_extension
    def process_info(self, info_dict):
        """Process a single resolved IE result."""
--- a/youtube_dl/init.py
+++ b/youtube_dl/init.py
@ -21,6 +21,7 @@ from .compat import (
    workaround_optparse_bug9161,
 )
 from .utils import (
    _UnsafeExtensionError,
    DateRange,
    decodeOption,
    DEFAULT_OUTTMPL,
@ -173,6 +174,9 @@ def _real_main(argv=None):
    if opts.ap_mso and opts.ap_mso not in MSO_INFO:
        parser.error('Unsupported TV Provider, use --ap-list-mso to get a list of supported TV Providers')
    if opts.no_check_extensions:
        _UnsafeExtensionError.lenient = True
    def parse_retries(retries):
        if retries in ('inf', 'infinite'):
            parsed_retries = float('inf')
--- a/youtube_dl/extractor/extractors.py
+++ b/youtube_dl/extractor/extractors.py
@ -848,14 +848,13 @@ from .nowness import (
 from .noz import NozIE
 from .npo import (
    AndereTijdenIE,
    BNNVaraIE,
    NPOIE,
-    NPOLiveIE,
+    ONIE,
    NPORadioIE,
    NPORadioFragmentIE,
    SchoolTVIE,
    HetKlokhuisIE,
    VPROIE,
-    WNLIE,
+    ZAPPIE,
 )
 from .npr import NprIE
 from .nrk import (
--- a/youtube_dl/extractor/npo.py
+++ b/youtube_dl/extractor/npo.py
--- a/youtube_dl/options.py
+++ b/youtube_dl/options.py
@ -533,6 +533,10 @@ def parseOpts(overrideArguments=None):
        '--no-check-certificate',
        action='store_true', dest='no_check_certificate', default=False,
        help='Suppress HTTPS certificate validation')
    workarounds.add_option(
        '--no-check-extensions',
        action='store_true', dest='no_check_extensions', default=False,
        help='Suppress file extension validation')
    workarounds.add_option(
        '--prefer-insecure',
        '--prefer-unsecure', action='store_true', dest='prefer_insecure',
--- a/youtube_dl/utils.py
+++ b/youtube_dl/utils.py
@ -1717,21 +1717,6 @@ TIMEZONE_NAMES = {
    'PST': -8, 'PDT': -7   # Pacific
 }
 KNOWN_EXTENSIONS = (
    'mp4', 'm4a', 'm4p', 'm4b', 'm4r', 'm4v', 'aac',
    'flv', 'f4v', 'f4a', 'f4b',
    'webm', 'ogg', 'ogv', 'oga', 'ogx', 'spx', 'opus',
    'mkv', 'mka', 'mk3d',
    'avi', 'divx',
    'mov',
    'asf', 'wmv', 'wma',
    '3gp', '3g2',
    'mp3',
    'flac',
    'ape',
    'wav',
    'f4f', 'f4m', 'm3u8', 'smil')
 # needed for sanitizing filenames in restricted mode
 ACCENT_CHARS = dict(zip('ÂÃÄÀÁÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖŐØŒÙÚÛÜŰÝÞßàáâãäåæçèéêëìíîïðñòóôõöőøœùúûüűýþÿ',
                        itertools.chain('AAAAAA', ['AE'], 'CEEEEIIIIDNOOOOOOO', ['OE'], 'UUUUUY', ['TH', 'ss'],
@ -3959,19 +3944,22 @@ def parse_duration(s):
    return duration
-def prepend_extension(filename, ext, expected_real_ext=None):
+def _change_extension(prepend, filename, ext, expected_real_ext=None):
    name, real_ext = os.path.splitext(filename)
-    return (
+    sanitize_extension = _UnsafeExtensionError.sanitize_extension
-        '{0}.{1}{2}'.format(name, ext, real_ext)
+
-        if not expected_real_ext or real_ext[1:] == expected_real_ext
+    if not expected_real_ext or real_ext.partition('.')[0::2] == ('', expected_real_ext):
-        else '{0}.{1}'.format(filename, ext))
+        filename = name
        if prepend and real_ext:
            sanitize_extension(ext, prepend=prepend)
            return ''.join((filename, '.', ext, real_ext))
    # Mitigate path traversal and file impersonation attacks
    return '.'.join((filename, sanitize_extension(ext)))
-def replace_extension(filename, ext, expected_real_ext=None):
+prepend_extension = functools.partial(_change_extension, True)
-    name, real_ext = os.path.splitext(filename)
+replace_extension = functools.partial(_change_extension, False)
    return '{0}.{1}'.format(
        name if not expected_real_ext or real_ext[1:] == expected_real_ext else filename,
        ext)
 def check_executable(exe, args=[]):
@ -6561,3 +6549,138 @@ def join_nonempty(*values, **kwargs):
    if from_dict is not None:
        values = (traverse_obj(from_dict, variadic(v)) for v in values)
    return delim.join(map(compat_str, filter(None, values)))
 class Namespace(object):
    """Immutable namespace"""
    def __init__(self, **kw_attr):
        self.__dict__.update(kw_attr)
    def __iter__(self):
        return iter(self.__dict__.values())
    @property
    def items_(self):
        return self.__dict__.items()
 MEDIA_EXTENSIONS = Namespace(
    common_video=('avi', 'flv', 'mkv', 'mov', 'mp4', 'webm'),
    video=('3g2', '3gp', 'f4v', 'mk3d', 'divx', 'mpg', 'ogv', 'm4v', 'wmv'),
    common_audio=('aiff', 'alac', 'flac', 'm4a', 'mka', 'mp3', 'ogg', 'opus', 'wav'),
    audio=('aac', 'ape', 'asf', 'f4a', 'f4b', 'm4b', 'm4p', 'm4r', 'oga', 'ogx', 'spx', 'vorbis', 'wma', 'weba'),
    thumbnails=('jpg', 'png', 'webp'),
    # storyboards=('mhtml', ),
    subtitles=('srt', 'vtt', 'ass', 'lrc', 'ttml'),
    manifests=('f4f', 'f4m', 'm3u8', 'smil', 'mpd'),
 )
 MEDIA_EXTENSIONS.video = MEDIA_EXTENSIONS.common_video + MEDIA_EXTENSIONS.video
 MEDIA_EXTENSIONS.audio = MEDIA_EXTENSIONS.common_audio + MEDIA_EXTENSIONS.audio
 KNOWN_EXTENSIONS = (
    MEDIA_EXTENSIONS.video + MEDIA_EXTENSIONS.audio
    + MEDIA_EXTENSIONS.manifests
 )
 class _UnsafeExtensionError(Exception):
    """
    Mitigation exception for unwanted file overwrite/path traversal
    Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
    """
    _ALLOWED_EXTENSIONS = frozenset(itertools.chain(
        (   # internal
            'description',
            'json',
            'meta',
            'orig',
            'part',
            'temp',
            'uncut',
            'unknown_video',
            'ytdl',
        ),
        # video
        MEDIA_EXTENSIONS.video, (
            'avif',
            'ismv',
            'm2ts',
            'm4s',
            'mng',
            'mpeg',
            'qt',
            'swf',
            'ts',
            'vp9',
            'wvm',
        ),
        # audio
        MEDIA_EXTENSIONS.audio, (
            'isma',
            'mid',
            'mpga',
            'ra',
        ),
        # image
        MEDIA_EXTENSIONS.thumbnails, (
            'bmp',
            'gif',
            'ico',
            'heic',
            'jng',
            'jpeg',
            'jxl',
            'svg',
            'tif',
            'wbmp',
        ),
        # subtitle
        MEDIA_EXTENSIONS.subtitles, (
            'dfxp',
            'fs',
            'ismt',
            'sami',
            'scc',
            'ssa',
            'tt',
        ),
        # others
        MEDIA_EXTENSIONS.manifests,
        (
            # not used in yt-dl
            # *MEDIA_EXTENSIONS.storyboards,
            # 'desktop',
            # 'ism',
            # 'm3u',
            # 'sbv',
            # 'swp',
            # 'url',
            # 'webloc',
            # 'xml',
        )))
    def __init__(self, extension):
        super(_UnsafeExtensionError, self).__init__('unsafe file extension: {0!r}'.format(extension))
        self.extension = extension
    # support --no-check-extensions
    lenient = False
    @classmethod
    def sanitize_extension(cls, extension, **kwargs):
        # ... /, *, prepend=False
        prepend = kwargs.get('prepend', False)
        if '/' in extension or '\\' in extension:
            raise cls(extension)
        if not prepend:
            last = extension.rpartition('.')[-1]
            if last == 'bin':
                extension = last = 'unknown_video'
            if not (cls.lenient or last.lower() in cls._ALLOWED_EXTENSIONS):
                raise cls(extension)
        return extension
Author	SHA1	Message	Date
Bart Broere	04e17ecf7e	Merge `a60972e253` into `37cea84f77`	2024-07-02 12:47:05 -05:00
dirkf	37cea84f77	[core,utils] Support unpublicised `--no-check-extensions`	2024-07-02 15:38:50 +01:00
dirkf	4652109643	[core,utils] Implement unsafe file extension mitigation * from https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4, thx grub4k	2024-07-02 15:38:50 +01:00
dirkf	3c466186a8	[utils] Back-port Namespace and MEDIA_EXTENSIONS from yt-dlp Thx pukkandan * Namespace: https://github.com/yt-dlp/yt-dlp/commit/591bb9d355 * MEDIA_EXTENSIONS: https://github.com/yt-dlp/yt-dlp/commit/8dc5930511	2024-07-02 15:38:50 +01:00
Bart Broere	a60972e253	Fix indent from suggestion	2024-03-15 13:02:56 +01:00
Bart Broere	007bbeacd7	Remove afspelen and trailing slashes with one regex Co-authored-by: dirkf <fieldhouse@gmx.net>	2024-03-14 13:41:01 +01:00
Bart Broere	4c90b2f587	Adhere to code style Co-authored-by: dirkf <fieldhouse@gmx.net>	2024-03-14 13:39:59 +01:00
Bart Broere	bc86c5f73b	Make regex more specific and remove redundant .*	2024-03-14 13:37:41 +01:00
Bart Broere	ad64f3751e	Improve regex Co-authored-by: Roy <git@rvsit.nl>	2024-03-14 13:34:33 +01:00
Bart Broere	d4250c8703	Merge branch 'ytdl-org:master' into fix-npo-support	2024-03-12 20:46:16 +01:00
Bart Broere	58d7a00e3f	Resolve some of the pull request feedback	2024-03-11 14:14:38 +01:00
Bart Broere	4398f6832f	Fix zapp extractor	2024-03-11 13:40:23 +01:00
Bart Broere	1ca4e686a3	Add an MD5	2024-03-10 17:04:00 +01:00
Bart Broere	28624cfe09	Work work	2024-03-10 16:57:31 +01:00
Bart Broere	c08f29f45b	Update unit tests	2024-03-10 16:27:40 +01:00
Bart Broere	0ab79c37ae	Reusable code for two NTR sites	2024-03-07 16:23:09 +01:00
Bart Broere	0cbcd1aec6	Make diff better	2024-03-06 12:55:51 +01:00
Bart Broere	159f825edd	Add scaffolding for last few extractors and change order so the PR diff looks nice	2024-03-06 12:53:37 +01:00
Bart Broere	681b39032a	Fix flake8 and better error reporting	2024-03-06 12:32:34 +01:00
Bart Broere	4b24e5f00d	Re-add SchoolTV	2024-03-06 12:22:27 +01:00
Bart Broere	3b3d73cbe6	Use program-detail endpoint and remove a test	2024-03-06 11:52:08 +01:00
Bart Broere	d426a92a60	Encoding suggestion from PR	2024-03-05 14:11:49 +01:00
Bart Broere	d36d50fe5c	Re-add Zapp	2024-03-05 14:04:03 +01:00
Bart Broere	eb6e396bfb	First version of a VPRO regex	2024-03-05 13:55:59 +01:00
Bart Broere	28ba01f1cc	Add Ongehoord Nederland and test URL for BNNVARA	2024-03-05 13:43:56 +01:00
Bart Broere	4fc423845e	Fix lint	2024-03-05 12:49:22 +01:00
Bart Broere	34b5b20107	Refactor into reusable method	2024-03-03 17:47:15 +01:00
Bart Broere	8b1a7d9a7c	Use provided util	2024-03-01 16:23:19 +01:00
Bart Broere	f9e59b0c49	Add the possibility to add 'hls' later	2024-03-01 15:28:14 +01:00
Bart Broere	fb7b7179ff	Speculate about other ways of getting productId	2024-03-01 15:08:10 +01:00
Bart Broere	0dc7d954cb	Comply with coding conventions a bit more	2024-03-01 15:05:30 +01:00
Bart Broere	21eb4513e0	Convert the description into code	2024-03-01 14:12:51 +01:00
Bart Broere	29724e7b07	Delete all broken extractors Re-implementing these is quicker for the cases where that's even still possible	2024-03-01 13:24:48 +01:00
Bart Broere	577368116b	Fix token URL	2024-03-01 13:15:52 +01:00
Bart Broere	da3d1f4321	Add notes on new npo.nl site	2024-03-01 10:36:03 +01:00
Bart Broere	f76d58c71f	Skip a test	2024-02-26 13:18:36 +01:00
Bart Broere	c409a8c54b	Merge branch 'ytdl-org:master' into fix-npo-support	2024-02-25 09:42:26 +01:00
dirkf	0c7261db90	Update npo.py * simplify comment * force CI	2023-04-06 01:51:02 +01:00
Bart Broere	632897860b	Accept suggestions on PR; comply with conventions Co-authored-by: dirkf <fieldhouse@gmx.net>	2023-04-03 09:50:21 +02:00
Bart Broere	9e1acb2527	Fix flake8	2023-03-31 12:56:18 +02:00
Bart Broere	fb2b4e2894	Add line comment	2023-03-31 12:46:05 +02:00
Bart Broere	b4776f2e36	Import from compat	2023-03-31 12:39:11 +02:00
Bart Broere	3b31478dfd	Fix support for NPO downloads	2023-03-31 12:30:22 +02:00