Sanitize input and output path

iiab · Jun 20, 2024 · f8c39f2 · f8c39f2
1 parent 9ef5a1d
commit f8c39f2
Showing 1 changed file with 19 additions and 7 deletions.
diff --git a/cps/uploader.py b/cps/uploader.py
@@ -20,6 +20,7 @@
 import datetime
 import os
 import hashlib
+import shlex
 import shutil
 import sqlite3
 from subprocess import run
@@ -321,17 +322,28 @@ def video_metadata(tmp_file_path, original_file_name, original_file_extension):
             identifiers=[])
         return meta
 
+def sanitize_path(path):
+    """Sanitize the file path to prevent command injection."""
+    return shlex.quote(path)
+
 def generate_video_cover(tmp_file_path):
     ffmpeg_executable = os.getenv('FFMPEG_PATH', 'ffmpeg')
-    ffmpeg_output_file = os.path.splitext(tmp_file_path)[0] + '.cover.jpg'
+    if not ffmpeg_executable:
+        log.error('FFMPEG_PATH environment variable is not set.')
+        return None
+
+    sanitized_input_path = sanitize_path(tmp_file_path)
+    output_file_path = os.path.splitext(tmp_file_path)[0] + '.cover.jpg'
+    sanitized_output_path = sanitize_path(output_file_path)
+
     ffmpeg_args = [
         ffmpeg_executable,
-        '-i', tmp_file_path,
-        '-vf', 'fps=1,thumbnail,select=gt(scene\,0.1),scale=-1:720',  # apply filters to avoid black frames and scale
-        '-frames:v', '1',  # extract only one frame
-        '-vsync', 'vfr',  # variable frame rate
-        '-y',  # overwrite output file if it exists
-        ffmpeg_output_file
+        '-i', sanitized_input_path,
+        '-vf', 'fps=1,thumbnail,select=gt(scene\,0.1),scale=-1:720',
+        '-frames:v', '1',
+        '-vsync', 'vfr',
+        '-y',
+        sanitized_output_path
     ]
 
     try: