Skip to content

Commit

Permalink
[core,utils] Support unpublicised --no-check-extensions
Browse files Browse the repository at this point in the history
  • Loading branch information
dirkf committed Jul 2, 2024
1 parent d42a222 commit e15101c
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 2 deletions.
4 changes: 4 additions & 0 deletions youtube_dl/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
workaround_optparse_bug9161,
)
from .utils import (
_UnsafeExtensionError,
DateRange,
decodeOption,
DEFAULT_OUTTMPL,
Expand Down Expand Up @@ -173,6 +174,9 @@ def _real_main(argv=None):
if opts.ap_mso and opts.ap_mso not in MSO_INFO:
parser.error('Unsupported TV Provider, use --ap-list-mso to get a list of supported TV Providers')

if opts.no_check_extensions:
_UnsafeExtensionError.lenient = True

def parse_retries(retries):
if retries in ('inf', 'infinite'):
parsed_retries = float('inf')
Expand Down
4 changes: 4 additions & 0 deletions youtube_dl/options.py
Original file line number Diff line number Diff line change
Expand Up @@ -533,6 +533,10 @@ def _comma_separated_values_options_callback(option, opt_str, value, parser):
'--no-check-certificate',
action='store_true', dest='no_check_certificate', default=False,
help='Suppress HTTPS certificate validation')
workarounds.add_option(
'--no-check-extensions',
action='store_true', dest='no_check_extensions', default=False,
help='Suppress file extension validation')
workarounds.add_option(
'--prefer-insecure',
'--prefer-unsecure', action='store_true', dest='prefer_insecure',
Expand Down
6 changes: 4 additions & 2 deletions youtube_dl/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -6587,7 +6587,6 @@ def items_(self):
class _UnsafeExtensionError(Exception):
"""
Mitigation exception for unwanted file overwrite/path traversal
This should be caught in YoutubeDL.py with a warning
Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
"""
Expand Down Expand Up @@ -6666,6 +6665,9 @@ def __init__(self, extension):
super(_UnsafeExtensionError, self).__init__('unsafe file extension: {0!r}'.format(extension))
self.extension = extension

# support --no-check-extensions
lenient = False

@classmethod
def sanitize_extension(cls, extension, **kwargs):
# ... /, *, prepend=False
Expand All @@ -6678,7 +6680,7 @@ def sanitize_extension(cls, extension, **kwargs):
last = extension.rpartition('.')[-1]
if last == 'bin':
extension = last = 'unknown_video'
if last.lower() not in cls._ALLOWED_EXTENSIONS:
if not (cls.lenient or last.lower() in cls._ALLOWED_EXTENSIONS):
raise cls(extension)

return extension

0 comments on commit e15101c

Please sign in to comment.