Disable the generic extractor entirely
It can be used for SSRF attacks even when redirects are disabled
This commit is contained in:
Pierre Rudloff
parent
148a171b24
commit
8913f27716
4 changed files with 18 additions and 18 deletions
12
patches/youtube-dl-disable-generic.diff
Normal file
12
patches/youtube-dl-disable-generic.diff
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
diff --git a/youtube_dl/extractor/__init__.py b/youtube_dl/extractor/__init__.py
|
||||
index 18d8dbcd6..4d3edfac3 100644
|
||||
--- a/youtube_dl/extractor/__init__.py
|
||||
+++ b/youtube_dl/extractor/__init__.py
|
||||
@@ -13,7 +13,6 @@ except ImportError:
|
||||
for name, klass in globals().items()
|
||||
if name.endswith('IE') and name != 'GenericIE'
|
||||
]
|
||||
- _ALL_CLASSES.append(GenericIE)
|
||||
|
||||
|
||||
def gen_extractor_classes():
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
diff --git a/youtube_dl/extractor/generic.py b/youtube_dl/extractor/generic.py
|
||||
index f99d887ca..749ed6ecf 100644
|
||||
--- a/youtube_dl/extractor/generic.py
|
||||
+++ b/youtube_dl/extractor/generic.py
|
||||
@@ -2252,6 +2252,7 @@ class GenericIE(InfoExtractor):
|
||||
|
||||
def report_following_redirect(self, new_url):
|
||||
"""Report information extraction."""
|
||||
+ raise UnsupportedError('Redirects are not allowed')
|
||||
self._downloader.to_screen('[redirect] Following redirect to %s' % new_url)
|
||||
|
||||
def _extract_rss(self, url, video_id, doc):
|
||||
Loading…
Add table
Add a link
Reference in a new issue