mirror of
https://github.com/yt-dlp/yt-dlp
synced 2024-12-27 21:59:17 +01:00
[ie/douyutv] Do not use dangerous javascript source/URL (#10347)
Some checks failed
CodeQL / Analyze (python) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, 3.10) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, 3.11) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, 3.12) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, 3.9) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, pypy-3.10) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, pypy-3.8) (push) Has been cancelled
Core Tests / Core Tests (windows-latest, 3.12) (push) Has been cancelled
Core Tests / Core Tests (windows-latest, 3.8) (push) Has been cancelled
Core Tests / Core Tests (windows-latest, pypy-3.9) (push) Has been cancelled
Download Tests / Quick Download Tests (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, 3.10) (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, 3.11) (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, 3.12) (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, pypy-3.10) (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, pypy-3.8) (push) Has been cancelled
Download Tests / Full Download Tests (windows-latest, 3.8) (push) Has been cancelled
Download Tests / Full Download Tests (windows-latest, pypy-3.9) (push) Has been cancelled
Quick Test / Core Test (push) Has been cancelled
Quick Test / Code check (push) Has been cancelled
Release (master) / release (push) Has been cancelled
Some checks failed
CodeQL / Analyze (python) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, 3.10) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, 3.11) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, 3.12) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, 3.9) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, pypy-3.10) (push) Has been cancelled
Core Tests / Core Tests (ubuntu-latest, pypy-3.8) (push) Has been cancelled
Core Tests / Core Tests (windows-latest, 3.12) (push) Has been cancelled
Core Tests / Core Tests (windows-latest, 3.8) (push) Has been cancelled
Core Tests / Core Tests (windows-latest, pypy-3.9) (push) Has been cancelled
Download Tests / Quick Download Tests (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, 3.10) (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, 3.11) (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, 3.12) (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, pypy-3.10) (push) Has been cancelled
Download Tests / Full Download Tests (ubuntu-latest, pypy-3.8) (push) Has been cancelled
Download Tests / Full Download Tests (windows-latest, 3.8) (push) Has been cancelled
Download Tests / Full Download Tests (windows-latest, pypy-3.9) (push) Has been cancelled
Quick Test / Core Test (push) Has been cancelled
Quick Test / Code check (push) Has been cancelled
Release (master) / release (push) Has been cancelled
Ref: https://sansec.io/research/polyfill-supply-chain-attack Authored by: LeSuisse
This commit is contained in:
parent
cc767e9490
commit
6075a029db
1 changed files with 4 additions and 2 deletions
|
@ -24,8 +24,9 @@ from ..utils import (
|
||||||
class DouyuBaseIE(InfoExtractor):
|
class DouyuBaseIE(InfoExtractor):
|
||||||
def _download_cryptojs_md5(self, video_id):
|
def _download_cryptojs_md5(self, video_id):
|
||||||
for url in [
|
for url in [
|
||||||
|
# XXX: Do NOT use cdn.bootcdn.net; ref: https://sansec.io/research/polyfill-supply-chain-attack
|
||||||
'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js',
|
'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js',
|
||||||
'https://cdn.bootcdn.net/ajax/libs/crypto-js/3.1.2/rollups/md5.js',
|
'https://unpkg.com/cryptojslib@3.1.2/rollups/md5.js',
|
||||||
]:
|
]:
|
||||||
js_code = self._download_webpage(
|
js_code = self._download_webpage(
|
||||||
url, video_id, note='Downloading signing dependency', fatal=False)
|
url, video_id, note='Downloading signing dependency', fatal=False)
|
||||||
|
@ -35,7 +36,8 @@ class DouyuBaseIE(InfoExtractor):
|
||||||
raise ExtractorError('Unable to download JS dependency (crypto-js/md5)')
|
raise ExtractorError('Unable to download JS dependency (crypto-js/md5)')
|
||||||
|
|
||||||
def _get_cryptojs_md5(self, video_id):
|
def _get_cryptojs_md5(self, video_id):
|
||||||
return self.cache.load('douyu', 'crypto-js-md5') or self._download_cryptojs_md5(video_id)
|
return self.cache.load(
|
||||||
|
'douyu', 'crypto-js-md5', min_ver='2024.07.04') or self._download_cryptojs_md5(video_id)
|
||||||
|
|
||||||
def _calc_sign(self, sign_func, video_id, a):
|
def _calc_sign(self, sign_func, video_id, a):
|
||||||
b = uuid.uuid4().hex
|
b = uuid.uuid4().hex
|
||||||
|
|
Loading…
Reference in a new issue