Patch youtube-dl to disable redirects

In order to prevent SSRF attacks using redirects
This commit is contained in:
Pierre Rudloff 2022-02-27 12:30:15 +01:00
parent 3a4f09dda0
commit 1b099bb983
3 changed files with 1079 additions and 82 deletions

View file

@ -25,6 +25,7 @@
"aura/session": "^2.1", "aura/session": "^2.1",
"barracudanetworks/archivestream-php": "^1.0", "barracudanetworks/archivestream-php": "^1.0",
"consolidation/log": "^2.0", "consolidation/log": "^2.0",
"cweagans/composer-patches": "^1.7",
"j0k3r/httplug-ssrf-plugin": "^2.0", "j0k3r/httplug-ssrf-plugin": "^2.0",
"jawira/case-converter": "^3.4", "jawira/case-converter": "^3.4",
"jean85/pretty-package-versions": "^1.3", "jean85/pretty-package-versions": "^1.3",
@ -74,7 +75,12 @@
}, },
"installer-types": [ "installer-types": [
"library" "library"
] ],
"patches": {
"ytdl-org/youtube-dl": {
"Disable redirects in generic extractor": "patches/youtube-dl-redirect.diff"
}
}
}, },
"autoload": { "autoload": {
"psr-4": { "psr-4": {

1141
composer.lock generated

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,12 @@
diff --git a/youtube_dl/extractor/generic.py b/youtube_dl/extractor/generic.py
index f99d887ca..749ed6ecf 100644
--- a/youtube_dl/extractor/generic.py
+++ b/youtube_dl/extractor/generic.py
@@ -2252,6 +2252,7 @@ class GenericIE(InfoExtractor):
def report_following_redirect(self, new_url):
"""Report information extraction."""
+ raise UnsupportedError('Redirects are not allowed')
self._downloader.to_screen('[redirect] Following redirect to %s' % new_url)
def _extract_rss(self, url, video_id, doc):