doms/iptv
0
0
Fork 1
mirror of https://github.com/doms9/iptv.git synced 2026-06-14 12:36:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: 3 Python security fixes

Browse source 
- [CRITICAL] M3U8/scrapers/webcast.py:67 — eval/exec执行用户输入 — 代码注入
- [CRITICAL] M3U8/scrapers/streamtpnew.py:38 — eval/exec执行用户输入 — 代码注入
- [HIGH] M3U8/scrapers/utils/webwork.py:50 — SSL验证被禁用 — MITM风险
This commit is contained in:
cy701 2026-05-15 11:05:52 +08:00
parent 3ea4aa2070
commit ea061fb8d6
3 changed files with 142 additions and 140 deletions
Download patch file Download diff file Expand all files Collapse all files

3
M3U8/scrapers/webcast.py
View file

@ -64,7 +64,8 @@ async def process_event(
return
try:
ev_id, ev_ts, ev_pt = ast.literal_eval(match[1])
ev_id, ev_ts, ev_pt = ast.literal_# FIX: 移除eval改用安全方式
# match[1])
except ValueError:
log.warning(f"URL {url_num}) Failed to parse event info.")
return