Patch youtube-dl to disable redirects

In order to prevent SSRF attacks using redirects
2022-02-27 12:30:15 +01:00 · 2022-02-27 12:30:15 +01:00 · 1b099bb983
parent 3a4f09dda0
commit 1b099bb983
3 changed files with 1079 additions and 82 deletions
--- a/composer.json
+++ b/composer.json
@ -25,6 +25,7 @@
    "aura/session": "^2.1",
    "barracudanetworks/archivestream-php": "^1.0",
    "consolidation/log": "^2.0",
+    "cweagans/composer-patches": "^1.7",
    "j0k3r/httplug-ssrf-plugin": "^2.0",
    "jawira/case-converter": "^3.4",
    "jean85/pretty-package-versions": "^1.3",
@ -74,7 +75,12 @@
    },
    "installer-types": [
      "library"
-    ]
+    ],
+    "patches": {
+      "ytdl-org/youtube-dl": {
+        "Disable redirects in generic extractor": "patches/youtube-dl-redirect.diff"
+      }
+    }
  },
  "autoload": {
    "psr-4": {
--- a/composer.lock
+++ b/composer.lock
--- a/patches/youtube-dl-redirect.diff
+++ b/patches/youtube-dl-redirect.diff
@ -0,0 +1,12 @@
+diff --git a/youtube_dl/extractor/generic.py b/youtube_dl/extractor/generic.py
+index f99d887ca..749ed6ecf 100644
+--- a/youtube_dl/extractor/generic.py
+++ b/youtube_dl/extractor/generic.py
+@@ -2252,6 +2252,7 @@ class GenericIE(InfoExtractor):
+ 
+     def report_following_redirect(self, new_url):
+         """Report information extraction."""
+        raise UnsupportedError('Redirects are not allowed')
+         self._downloader.to_screen('[redirect] Following redirect to %s' % new_url)
+ 
+     def _extract_rss(self, url, video_id, doc):