ABOCN/TelegramBot
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

Fix code scanning alert no. 1: Shell command built from environment values #11

Merged
lucmsilva651 merged 1 commit from autofix/alert-1-ce74013bf2 into main 2024-09-28 23:44:00 +02:00
Conversation 0 Commits 1 Files changed 1 +6 -5
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 6cd4f8b51b - Show all commits

11
commands/youtube.js
View file

@ -1,7 +1,7 @@
const { getStrings } = require('../plugins/checklang.js'); const { getStrings } = require('../plugins/checklang.js');
const { isOnSpamWatch } = require('../plugins/lib-spamwatch/spamwatch.js'); const { isOnSpamWatch } = require('../plugins/lib-spamwatch/spamwatch.js');
const spamwatchMiddleware = require('../plugins/lib-spamwatch/Middleware.js')(isOnSpamWatch); const spamwatchMiddleware = require('../plugins/lib-spamwatch/Middleware.js')(isOnSpamWatch);
const { exec } = require('child_process'); const { execFile } = require('child_process');
const os = require('os'); const os = require('os');
const fs = require('fs'); const fs = require('fs');
const path = require('path'); const path = require('path');
@ -17,9 +17,9 @@ function getYtDlpPath() {
return ytDlpPaths[platform] || ytDlpPaths.linux; return ytDlpPaths[platform] || ytDlpPaths.linux;
}; };
async function downloadFromYoutube(command) { async function downloadFromYoutube(command, args) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
exec(command, (error, stdout, stderr) => { execFile(command, args, (error, stdout, stderr) => {
if (error) { if (error) {
reject({ error, stdout, stderr }); reject({ error, stdout, stderr });
} else { } else {
@ -39,7 +39,8 @@ module.exports = (bot) => {
const mp4File = `tmp/${userId}.mp4`; const mp4File = `tmp/${userId}.mp4`;
const cmdArgs = "--max-filesize 2G --no-playlist --merge-output-format mp4 -o"; const cmdArgs = "--max-filesize 2G --no-playlist --merge-output-format mp4 -o";
const videoFormat = "-f bestvideo+bestaudio"; const videoFormat = "-f bestvideo+bestaudio";
const dlpCommand = `${ytDlpPath} ${videoUrl} ${videoFormat} ${cmdArgs} ${mp4File}`; const dlpCommand = ytDlpPath;
const dlpArgs = [videoUrl, videoFormat, ...cmdArgs.split(' '), mp4File];
const downloadingMessage = await ctx.reply(strings.ytDownloading, { const downloadingMessage = await ctx.reply(strings.ytDownloading, {
parse_mode: 'Markdown', parse_mode: 'Markdown',
@ -47,7 +48,7 @@ module.exports = (bot) => {
}); });
try { try {
await downloadFromYoutube(dlpCommand); await downloadFromYoutube(dlpCommand, dlpArgs);
await ctx.telegram.editMessageText( await ctx.telegram.editMessageText(
ctx.chat.id, ctx.chat.id,