Skip to content
This repository was archived by the owner on Apr 22, 2023. It is now read-only.

Commit 8913f27

Browse files
RudloffRudloff
committed
Disable the generic extractor entirely
It can be used for SSRF attacks even when redirects are disabled
1 parent 148a171 commit 8913f27

File tree

4 files changed

+18
-18
lines changed

4 files changed

+18
-18
lines changed

composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@
7878
],
7979
"patches": {
8080
"ytdl-org/youtube-dl": {
81-
"Disable redirects in generic extractor": "patches/youtube-dl-redirect.diff"
81+
"Disable the generic extractor": "patches/youtube-dl-disable-generic.diff"
8282
}
8383
}
8484
},

composer.lock

Lines changed: 5 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

patches/youtube-dl-disable-generic.diff

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
diff --git a/youtube_dl/extractor/__init__.py b/youtube_dl/extractor/__init__.py
2+
index 18d8dbcd6..4d3edfac3 100644
3+
--- a/youtube_dl/extractor/__init__.py
4+
+++ b/youtube_dl/extractor/__init__.py
5+
@@ -13,7 +13,6 @@ except ImportError:
6+
for name, klass in globals().items()
7+
if name.endswith('IE') and name != 'GenericIE'
8+
]
9+
- _ALL_CLASSES.append(GenericIE)
10+
11+
12+
def gen_extractor_classes():

patches/youtube-dl-redirect.diff

Lines changed: 0 additions & 12 deletions
This file was deleted.

0 commit comments

Comments
 (0)