ABOCN/TelegramBot
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

Fix code scanning alert no. 1: Shell command built from environment values #11

Merged
lucmsilva651 merged 1 commit from autofix/alert-1-ce74013bf2 into main 2024-09-28 21:44:00 +00:00
Conversation 0 Commits 1 Files changed 1 +6 -5
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
commands/youtube.js
View file

@ -1,7 +1,7 @@
const { getStrings } = require('../plugins/checklang.js');
const { isOnSpamWatch } = require('../plugins/lib-spamwatch/spamwatch.js');
const spamwatchMiddleware = require('../plugins/lib-spamwatch/Middleware.js')(isOnSpamWatch);
const { exec } = require('child_process');
const { execFile } = require('child_process');
const os = require('os');
const fs = require('fs');
const path = require('path');
@ -17,9 +17,9 @@ function getYtDlpPath() {
return ytDlpPaths[platform] || ytDlpPaths.linux;
};
async function downloadFromYoutube(command) {
async function downloadFromYoutube(command, args) {
return new Promise((resolve, reject) => {
exec(command, (error, stdout, stderr) => {
execFile(command, args, (error, stdout, stderr) => {
if (error) {
reject({ error, stdout, stderr });
} else {
@ -39,7 +39,8 @@ module.exports = (bot) => {
const mp4File = `tmp/${userId}.mp4`;
const cmdArgs = "--max-filesize 2G --no-playlist --merge-output-format mp4 -o";
const videoFormat = "-f bestvideo+bestaudio";
const dlpCommand = `${ytDlpPath} ${videoUrl} ${videoFormat} ${cmdArgs} ${mp4File}`;
const dlpCommand = ytDlpPath;
const dlpArgs = [videoUrl, videoFormat, ...cmdArgs.split(' '), mp4File];
const downloadingMessage = await ctx.reply(strings.ytDownloading, {
parse_mode: 'Markdown',
@ -47,7 +48,7 @@ module.exports = (bot) => {
});
try {
await downloadFromYoutube(dlpCommand);
await downloadFromYoutube(dlpCommand, dlpArgs);
await ctx.telegram.editMessageText(
ctx.chat.id,