3 files changed, 32 insertions, 22 deletions
diff --git a/libmat2/exiftool.py b/libmat2/exiftool.py
index e17d31b..331ae0c 100644
--- a/libmat2/exiftool.py
+++ b/libmat2/exiftool.py
@@ -5,7 +5,7 @@ import shutil
 import subprocess
 import tempfile
-from typing import Dict, Union, Set
+from typing import Dict, Union, Set, Callable, Any
 from . import abstract
@@ -20,27 +20,23 @@ class ExiftoolParser(abstract.AbstractParser):
    """
    meta_whitelist = set()  # type: Set[str]
-    @staticmethod
+    def _handle_problematic_filename(self, callback: Callable[[str], Any]) -> bytes:
-    def __handle_problematic_filename(filename: str, callback) -> bytes:
+        """ This method takes a filename with a potentially problematic name,
-        """ This method takes a filename with a problematic name,
+        and safely applies a `callback` to it.
-        and safely applies it a `callback`."""
+        """
+        if re.search('^[a-z0-9/]', self.filename) is not None:
+            return callback(self.filename)
        tmpdirname = tempfile.mkdtemp()
        fname = os.path.join(tmpdirname, "temp_file")
-        shutil.copy(filename, fname)
+        shutil.copy(self.filename, fname)
        out = callback(fname)
        shutil.rmtree(tmpdirname)
        return out
    def get_meta(self) -> Dict[str, Union[str, dict]]:
-        """ There is no way to escape the leading(s) dash(es) of the current
-        self.filename to prevent parameter injections, so we need to take care
-        of this.
-        """
        fun = lambda f: subprocess.check_output([_get_exiftool_path(), '-json', f])
-        if re.search('^[a-z0-9/]', self.filename) is None:
+        out = self._handle_problematic_filename(fun)
-            out = self.__handle_problematic_filename(self.filename, fun)
-        else:
-            out = fun(self.filename)
        meta = json.loads(out.decode('utf-8'))[0]
        for key in self.meta_whitelist:
            meta.pop(key, None)
diff --git a/libmat2/video.py b/libmat2/video.py
index 658affa..2fa65e8 100644
--- a/libmat2/video.py
+++ b/libmat2/video.py
@@ -1,5 +1,6 @@
 import os
 import subprocess
+import logging
 from . import exiftool
@@ -23,13 +24,10 @@ class AVIParser(exiftool.ExiftoolParser):
                      'SampleRate', 'AvgBytesPerSec', 'BitsPerSample',
                      'Duration', 'ImageSize', 'Megapixels'}
-    def remove_all(self) -> bool:
-        """
+    def __remove_all_internal(self, filename: str):
-            TODO: handle problematic filenames starting with `-` and `--`,
-            check exiftool.py
-        """
        cmd = [_get_ffmpeg_path(),
-               '-i', self.filename,      # input file
+               '-i', filename,           # input file
               '-y',                     # overwrite existing output file
               '-loglevel', 'panic',     # Don't show log
               '-hide_banner',           # hide the banner
@@ -40,10 +38,13 @@ class AVIParser(exiftool.ExiftoolParser):
               '-flags:v', '+bitexact',  # don't add any metadata
               '-flags:a', '+bitexact',  # don't add any metadata
               self.output_filename]
+        subprocess.check_call(cmd)
+    def remove_all(self) -> bool:
        try:
-            subprocess.check_call(cmd)
+            self._handle_problematic_filename(self.__remove_all_internal)
-        except subprocess.CalledProcessError:
+        except subprocess.CalledProcessError as e:
+            logging.error("Something went wrong during the processing of %s: %s", self.filename, e)
            return False
        return True
diff --git a/tests/test_libmat2.py b/tests/test_libmat2.py
index e5cc8a3..241c6eb 100644
--- a/tests/test_libmat2.py
+++ b/tests/test_libmat2.py
@@ -37,6 +37,19 @@ class TestParameterInjection(unittest.TestCase):
        self.assertEqual(meta['ModifyDate'], "2018:03:20 21:59:25")
        os.remove('-ver')
+    def test_ffmpeg_injection(self):
+        try:
+            video._get_ffmpeg_path()
+        except RuntimeError:
+            raise unittest.SkipTest
+        shutil.copy('./tests/data/dirty.avi', './--output')
+        p = video.AVIParser('--output')
+        meta = p.get_meta()
+        print(meta)
+        self.assertEqual(meta['Software'], 'MEncoder SVN-r33148-4.0.1')
+        os.remove('--output')
 class TestUnsupportedEmbeddedFiles(unittest.TestCase):
    def test_odt_with_svg(self):

diff --git a/libmat2/exiftool.py b/libmat2/exiftool.py index e17d31b..331ae0c 100644 --- a/libmat2/exiftool.py +++ b/libmat2/exiftool.py
@@ -5,7 +5,7 @@ import shutil
5	import subprocess	5	import subprocess
6	import tempfile	6	import tempfile
7		7
8	from typing import Dict, Union, Set	8	from typing import Dict, Union, Set, Callable, Any
9		9
10	from . import abstract	10	from . import abstract
11		11
@@ -20,27 +20,23 @@ class ExiftoolParser(abstract.AbstractParser):
20	"""	20	"""
21	meta_whitelist = set() # type: Set[str]	21	meta_whitelist = set() # type: Set[str]
22		22
23	@staticmethod	23	def _handle_problematic_filename(self, callback: Callable[[str], Any]) -> bytes:
24	def __handle_problematic_filename(filename: str, callback) -> bytes:	24	""" This method takes a filename with a potentially problematic name,
25	""" This method takes a filename with a problematic name,	25	and safely applies a `callback` to it.
26	and safely applies it a `callback`."""	26	"""
		27	if re.search('^[a-z0-9/]', self.filename) is not None:
		28	return callback(self.filename)
		29
27	tmpdirname = tempfile.mkdtemp()	30	tmpdirname = tempfile.mkdtemp()
28	fname = os.path.join(tmpdirname, "temp_file")	31	fname = os.path.join(tmpdirname, "temp_file")
29	shutil.copy(filename, fname)	32	shutil.copy(self.filename, fname)
30	out = callback(fname)	33	out = callback(fname)
31	shutil.rmtree(tmpdirname)	34	shutil.rmtree(tmpdirname)
32	return out	35	return out
33		36
34	def get_meta(self) -> Dict[str, Union[str, dict]]:	37	def get_meta(self) -> Dict[str, Union[str, dict]]:
35	""" There is no way to escape the leading(s) dash(es) of the current
36	self.filename to prevent parameter injections, so we need to take care
37	of this.
38	"""
39	fun = lambda f: subprocess.check_output([_get_exiftool_path(), '-json', f])	38	fun = lambda f: subprocess.check_output([_get_exiftool_path(), '-json', f])
40	if re.search('^[a-z0-9/]', self.filename) is None:	39	out = self._handle_problematic_filename(fun)
41	out = self.__handle_problematic_filename(self.filename, fun)
42	else:
43	out = fun(self.filename)
44	meta = json.loads(out.decode('utf-8'))[0]	40	meta = json.loads(out.decode('utf-8'))[0]
45	for key in self.meta_whitelist:	41	for key in self.meta_whitelist:
46	meta.pop(key, None)	42	meta.pop(key, None)


diff --git a/libmat2/video.py b/libmat2/video.py index 658affa..2fa65e8 100644 --- a/libmat2/video.py +++ b/libmat2/video.py
@@ -1,5 +1,6 @@
1	import os	1	import os
2	import subprocess	2	import subprocess
		3	import logging
3		4
4	from . import exiftool	5	from . import exiftool
5		6
@@ -23,13 +24,10 @@ class AVIParser(exiftool.ExiftoolParser):
23	'SampleRate', 'AvgBytesPerSec', 'BitsPerSample',	24	'SampleRate', 'AvgBytesPerSec', 'BitsPerSample',
24	'Duration', 'ImageSize', 'Megapixels'}	25	'Duration', 'ImageSize', 'Megapixels'}
25		26
26	def remove_all(self) -> bool:	27
27	"""	28	def __remove_all_internal(self, filename: str):
28	TODO: handle problematic filenames starting with `-` and `--`,
29	check exiftool.py
30	"""
31	cmd = [_get_ffmpeg_path(),	29	cmd = [_get_ffmpeg_path(),
32	'-i', self.filename, # input file	30	'-i', filename, # input file
33	'-y', # overwrite existing output file	31	'-y', # overwrite existing output file
34	'-loglevel', 'panic', # Don't show log	32	'-loglevel', 'panic', # Don't show log
35	'-hide_banner', # hide the banner	33	'-hide_banner', # hide the banner
@@ -40,10 +38,13 @@ class AVIParser(exiftool.ExiftoolParser):
40	'-flags:v', '+bitexact', # don't add any metadata	38	'-flags:v', '+bitexact', # don't add any metadata
41	'-flags:a', '+bitexact', # don't add any metadata	39	'-flags:a', '+bitexact', # don't add any metadata
42	self.output_filename]	40	self.output_filename]
		41	subprocess.check_call(cmd)
43		42
		43	def remove_all(self) -> bool:
44	try:	44	try:
45	subprocess.check_call(cmd)	45	self._handle_problematic_filename(self.__remove_all_internal)
46	except subprocess.CalledProcessError:	46	except subprocess.CalledProcessError as e:
		47	logging.error("Something went wrong during the processing of %s: %s", self.filename, e)
47	return False	48	return False
48	return True	49	return True
49		50


diff --git a/tests/test_libmat2.py b/tests/test_libmat2.py index e5cc8a3..241c6eb 100644 --- a/tests/test_libmat2.py +++ b/tests/test_libmat2.py
@@ -37,6 +37,19 @@ class TestParameterInjection(unittest.TestCase):
37	self.assertEqual(meta['ModifyDate'], "2018:03:20 21:59:25")	37	self.assertEqual(meta['ModifyDate'], "2018:03:20 21:59:25")
38	os.remove('-ver')	38	os.remove('-ver')
39		39
		40	def test_ffmpeg_injection(self):
		41	try:
		42	video._get_ffmpeg_path()
		43	except RuntimeError:
		44	raise unittest.SkipTest
		45
		46	shutil.copy('./tests/data/dirty.avi', './--output')
		47	p = video.AVIParser('--output')
		48	meta = p.get_meta()
		49	print(meta)
		50	self.assertEqual(meta['Software'], 'MEncoder SVN-r33148-4.0.1')
		51	os.remove('--output')
		52
40		53
41	class TestUnsupportedEmbeddedFiles(unittest.TestCase):	54	class TestUnsupportedEmbeddedFiles(unittest.TestCase):
42	def test_odt_with_svg(self):	55	def test_odt_with_svg(self):