[core,utils] Support unpublicised `--no-check-extensions`

pull/32841/head
dirkf 6 months ago
parent 4652109643
commit 37cea84f77

@ -21,6 +21,7 @@ from .compat import (
workaround_optparse_bug9161, workaround_optparse_bug9161,
) )
from .utils import ( from .utils import (
_UnsafeExtensionError,
DateRange, DateRange,
decodeOption, decodeOption,
DEFAULT_OUTTMPL, DEFAULT_OUTTMPL,
@ -173,6 +174,9 @@ def _real_main(argv=None):
if opts.ap_mso and opts.ap_mso not in MSO_INFO: if opts.ap_mso and opts.ap_mso not in MSO_INFO:
parser.error('Unsupported TV Provider, use --ap-list-mso to get a list of supported TV Providers') parser.error('Unsupported TV Provider, use --ap-list-mso to get a list of supported TV Providers')
if opts.no_check_extensions:
_UnsafeExtensionError.lenient = True
def parse_retries(retries): def parse_retries(retries):
if retries in ('inf', 'infinite'): if retries in ('inf', 'infinite'):
parsed_retries = float('inf') parsed_retries = float('inf')

@ -533,6 +533,10 @@ def parseOpts(overrideArguments=None):
'--no-check-certificate', '--no-check-certificate',
action='store_true', dest='no_check_certificate', default=False, action='store_true', dest='no_check_certificate', default=False,
help='Suppress HTTPS certificate validation') help='Suppress HTTPS certificate validation')
workarounds.add_option(
'--no-check-extensions',
action='store_true', dest='no_check_extensions', default=False,
help='Suppress file extension validation')
workarounds.add_option( workarounds.add_option(
'--prefer-insecure', '--prefer-insecure',
'--prefer-unsecure', action='store_true', dest='prefer_insecure', '--prefer-unsecure', action='store_true', dest='prefer_insecure',

@ -6587,7 +6587,6 @@ KNOWN_EXTENSIONS = (
class _UnsafeExtensionError(Exception): class _UnsafeExtensionError(Exception):
""" """
Mitigation exception for unwanted file overwrite/path traversal Mitigation exception for unwanted file overwrite/path traversal
This should be caught in YoutubeDL.py with a warning
Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
""" """
@ -6666,6 +6665,9 @@ class _UnsafeExtensionError(Exception):
super(_UnsafeExtensionError, self).__init__('unsafe file extension: {0!r}'.format(extension)) super(_UnsafeExtensionError, self).__init__('unsafe file extension: {0!r}'.format(extension))
self.extension = extension self.extension = extension
# support --no-check-extensions
lenient = False
@classmethod @classmethod
def sanitize_extension(cls, extension, **kwargs): def sanitize_extension(cls, extension, **kwargs):
# ... /, *, prepend=False # ... /, *, prepend=False
@ -6678,7 +6680,7 @@ class _UnsafeExtensionError(Exception):
last = extension.rpartition('.')[-1] last = extension.rpartition('.')[-1]
if last == 'bin': if last == 'bin':
extension = last = 'unknown_video' extension = last = 'unknown_video'
if last.lower() not in cls._ALLOWED_EXTENSIONS: if not (cls.lenient or last.lower() in cls._ALLOWED_EXTENSIONS):
raise cls(extension) raise cls(extension)
return extension return extension

Loading…
Cancel
Save