rachel/viddl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

did some anti ssrf stuff

Browse Source
This commit is contained in:
Rachel Lambda Samuelsson 2021-07-06 14:55:56 +02:00
parent c7f5d7f0c2
commit 2ae1b60cae
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Helpers.hs
View File

@ -4,7 +4,7 @@ module Helpers where
import YTDL import YTDL
import qualified Data.Text.Lazy as TL import qualified Data.Text.Lazy as TL
import Network.URI (parseURI) import Network.URI
getRes :: TL.Text -> Maybe Resolution getRes :: TL.Text -> Maybe Resolution
getRes ("144p") = Just P144 getRes ("144p") = Just P144
@ -22,7 +22,13 @@ isRes res = case getRes res of
(Just _) -> True (Just _) -> True
_ -> False _ -> False
-- ssrf paranoia
isOkPath :: String -> Bool
isOkPath p = not $ isIPv4address p || isIPv6address p || p == "localhost"
isURL :: TL.Text -> Bool isURL :: TL.Text -> Bool
isURL uri = case parseURI (TL.unpack uri) of isURL uri = case parseURI (TL.unpack uri) of
(Just _) -> True (Just u) -> case uriAuthority u of
_ -> False (Just (URIAuth _ p _)) -> isOkPath p
_ -> False
_ -> False

1
src/Main.hs
View File

@ -27,7 +27,6 @@ downloadAction = do
setHeader "content-type" "video/mp4" setHeader "content-type" "video/mp4"
file filePath file filePath
(Left err) -> html $ errorPage (TL.pack err) (Left err) -> html $ errorPage (TL.pack err)
-- liftIO $ ytdlClean ident
else else
html $ errorPage "Invalid input!" html $ errorPage "Invalid input!"