From: dirkf Date: Tue, 2 Jul 2024 13:54:25 +0000 (+0100) Subject: [core,utils] Support unpublicised `--no-check-extensions` X-Git-Url: http://git.oshgnacknak.de/?a=commitdiff_plain;h=37cea84f775129ad715b9bcd617251c831fcc980;p=youtube-dl [core,utils] Support unpublicised `--no-check-extensions` --- diff --git a/youtube_dl/__init__.py b/youtube_dl/__init__.py index cc8285eba..06bdfb689 100644 --- a/youtube_dl/__init__.py +++ b/youtube_dl/__init__.py @@ -21,6 +21,7 @@ from .compat import ( workaround_optparse_bug9161, ) from .utils import ( + _UnsafeExtensionError, DateRange, decodeOption, DEFAULT_OUTTMPL, @@ -173,6 +174,9 @@ def _real_main(argv=None): if opts.ap_mso and opts.ap_mso not in MSO_INFO: parser.error('Unsupported TV Provider, use --ap-list-mso to get a list of supported TV Providers') + if opts.no_check_extensions: + _UnsafeExtensionError.lenient = True + def parse_retries(retries): if retries in ('inf', 'infinite'): parsed_retries = float('inf') diff --git a/youtube_dl/options.py b/youtube_dl/options.py index 434f520d3..61705d1f0 100644 --- a/youtube_dl/options.py +++ b/youtube_dl/options.py @@ -533,6 +533,10 @@ def parseOpts(overrideArguments=None): '--no-check-certificate', action='store_true', dest='no_check_certificate', default=False, help='Suppress HTTPS certificate validation') + workarounds.add_option( + '--no-check-extensions', + action='store_true', dest='no_check_extensions', default=False, + help='Suppress file extension validation') workarounds.add_option( '--prefer-insecure', '--prefer-unsecure', action='store_true', dest='prefer_insecure', diff --git a/youtube_dl/utils.py b/youtube_dl/utils.py index df203b97a..3ec9d3811 100644 --- a/youtube_dl/utils.py +++ b/youtube_dl/utils.py @@ -6587,7 +6587,6 @@ KNOWN_EXTENSIONS = ( class _UnsafeExtensionError(Exception): """ Mitigation exception for unwanted file overwrite/path traversal - This should be caught in YoutubeDL.py with a warning Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j """ @@ -6666,6 +6665,9 @@ class _UnsafeExtensionError(Exception): super(_UnsafeExtensionError, self).__init__('unsafe file extension: {0!r}'.format(extension)) self.extension = extension + # support --no-check-extensions + lenient = False + @classmethod def sanitize_extension(cls, extension, **kwargs): # ... /, *, prepend=False @@ -6678,7 +6680,7 @@ class _UnsafeExtensionError(Exception): last = extension.rpartition('.')[-1] if last == 'bin': extension = last = 'unknown_video' - if last.lower() not in cls._ALLOWED_EXTENSIONS: + if not (cls.lenient or last.lower() in cls._ALLOWED_EXTENSIONS): raise cls(extension) return extension