From: "Wujian(Chin)" <wujian2@huawei.com>
To: "ffmpeg-devel@ffmpeg.org" <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add -mask_url to replace the protocol address in the command with the asterisk (*)
Date: Tue, 3 Jan 2023 11:05:48 +0000
Message-ID: <6f7e65856c584ac99ef2354b477b69ab@huawei.com> (raw)
Please review it again, thanks!!
Signed-off-by: wujian_nanjing <wujian2@huawei.com>
---
doc/fftools-common-opts.texi | 11 +++++++++
fftools/cmdutils.c | 57 ++++++++++++++++++++++++++++++++++++++++++++
fftools/cmdutils.h | 21 ++++++++++++++++
fftools/ffmpeg.c | 7 +++---
fftools/ffplay.c | 6 +++--
fftools/ffprobe.c | 7 +++---
fftools/opt_common.h | 1 +
7 files changed, 102 insertions(+), 8 deletions(-)
diff --git a/doc/fftools-common-opts.texi b/doc/fftools-common-opts.texi
index d914570..724c028 100644
--- a/doc/fftools-common-opts.texi
+++ b/doc/fftools-common-opts.texi
@@ -363,6 +363,17 @@ for testing. Do not use it unless you know what you're doing.
ffmpeg -cpucount 2
@end example
+@item -mask_url -i @var{url} (@emph{output})
+If the protocol address contains the user name and password, the ps -ef
+command exposes plaintext. You can add the -mask_url parameter option is
+added to replace the protocol address in the command line with the
+asterisk (*). Because other users can run the ps -ef command to view sensitive
+information such as the user name and password in the protocol address,
+which is insecure.
+@example
+ffmpeg -mask_url -i rtsp://username:password-ip:port/stream/test
+@end example
+
@item -max_alloc @var{bytes}
Set the maximum size limit for allocating a block on the heap by ffmpeg's
family of malloc functions. Exercise @strong{extreme caution} when using
diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
index a1de621..7946303 100644
--- a/fftools/cmdutils.c
+++ b/fftools/cmdutils.c
@@ -60,6 +60,59 @@ AVDictionary *swr_opts;
AVDictionary *format_opts, *codec_opts;
int hide_banner = 0;
+int mask_url = 0;
+
+void mask_param(int argc, char **argv)
+{
+ int i, j;
+ for (i = 1; i < argc; i++) {
+ char *match = strstr(argv[i], "://");
+ if (match) {
+ int total = strlen(argv[i]);
+ for (j = 0; j < total; j++) {
+ argv[i][j] = '*';
+ }
+ }
+ }
+}
+
+char **copy_argv(int argc, char **argv)
+{
+ char **argv_copy;
+ argv_copy = av_mallocz((argc + 1) * sizeof(char *));
+ if (!argv_copy) {
+ av_log(NULL, AV_LOG_FATAL, "argv_copy malloc failed\n");
+ exit_program(1);
+ }
+
+ for (int i = 0; i < argc; i++) {
+ int length = strlen(argv[i]) + 1;
+ argv_copy[i] = av_mallocz(length * sizeof(*argv_copy));
+ if (!argv_copy[i]) {
+ av_log(NULL, AV_LOG_FATAL, "argv_copy[%d] malloc failed\n", i);
+ exit_program(1);
+ }
+ memcpy(argv_copy[i], argv[i], length);
+ }
+ argv_copy[argc] = NULL;
+ return argv_copy;
+}
+
+char **handle_arg_param(int argc, char **argv)
+{
+ char **argv_copy;
+ argv_copy = copy_argv(argc, argv);
+ if (mask_url)
+ mask_param(argc, argv);
+ return argv_copy;
+}
+
+void free_argv_copy(int argc, char **argv)
+{
+ for (int i = 0; i < argc; i++)
+ av_free(argv[i]);
+ av_free(argv);
+}
void uninit_opts(void)
{
@@ -501,6 +554,10 @@ void parse_loglevel(int argc, char **argv, const OptionDef *options)
idx = locate_option(argc, argv, options, "hide_banner");
if (idx)
hide_banner = 1;
+
+ idx = locate_option(argc, argv, options, "mask_url");
+ if (idx)
+ mask_url = 1;
}
static const AVOption *opt_find(void *obj, const char *name, const char *unit,
diff --git a/fftools/cmdutils.h b/fftools/cmdutils.h
index 4496221..66babbd 100644
--- a/fftools/cmdutils.h
+++ b/fftools/cmdutils.h
@@ -48,6 +48,27 @@ extern AVDictionary *sws_dict;
extern AVDictionary *swr_opts;
extern AVDictionary *format_opts, *codec_opts;
extern int hide_banner;
+extern int mask_url;
+
+/**
+ * Using to mask sensitive info.
+ */
+void mask_param(int argc, char **argv);
+
+/**
+ * Using to copy ori argv.
+ */
+char **copy_argv(int argc, char **argv);
+
+/**
+ * Handle argv and argv_copy.
+ */
+char **handle_arg_param(int argc, char **argv);
+
+/**
+ * Free argv.
+ */
+void free_argv_copy(int argc, char **argv);
/**
* Register a program-specific cleanup routine.
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index 881d6f0..9f3b261 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -3867,7 +3867,7 @@ int main(int argc, char **argv)
{
int ret;
BenchmarkTimeStamps ti;
-
+ char **argv_copy;
init_dynload();
register_exit(ffmpeg_cleanup);
@@ -3883,9 +3883,10 @@ int main(int argc, char **argv)
avformat_network_init();
show_banner(argc, argv, options);
-
+ argv_copy = handle_arg_param(argc, argv);
/* parse options and open all input/output files */
- ret = ffmpeg_parse_options(argc, argv);
+ ret = ffmpeg_parse_options(argc, argv_copy);
+ free_argv_copy(argc, argv_copy);
if (ret < 0)
exit_program(1);
diff --git a/fftools/ffplay.c b/fftools/ffplay.c
index fc7e1c2..203db5e 100644
--- a/fftools/ffplay.c
+++ b/fftools/ffplay.c
@@ -3664,6 +3664,7 @@ void show_help_default(const char *opt, const char *arg)
int main(int argc, char **argv)
{
int flags;
+ char **argv_copy;
VideoState *is;
init_dynload();
@@ -3682,8 +3683,9 @@ int main(int argc, char **argv)
show_banner(argc, argv, options);
- parse_options(NULL, argc, argv, options, opt_input_file);
-
+ argv_copy = handle_arg_param(argc, argv);
+ parse_options(NULL, argc, argv_copy, options, opt_input_file);
+ free_argv_copy(argc, argv_copy);
if (!input_filename) {
show_usage();
av_log(NULL, AV_LOG_FATAL, "An input file must be specified\n");
diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c
index d2f126d..17e9759 100644
--- a/fftools/ffprobe.c
+++ b/fftools/ffprobe.c
@@ -4036,7 +4036,7 @@ int main(int argc, char **argv)
char *buf;
char *w_name = NULL, *w_args = NULL;
int ret, input_ret, i;
-
+ char **argv_copy;
init_dynload();
#if HAVE_THREADS
@@ -4056,8 +4056,8 @@ int main(int argc, char **argv)
#endif
show_banner(argc, argv, options);
- parse_options(NULL, argc, argv, options, opt_input_file);
-
+ argv_copy = handle_arg_param(argc, argv);
+ parse_options(NULL, argc, argv_copy, options, opt_input_file);
if (do_show_log)
av_log_set_callback(log_callback);
@@ -4173,6 +4173,7 @@ end:
av_freep(&print_format);
av_freep(&read_intervals);
av_hash_freep(&hash);
+ free_argv_copy(argc, argv_copy);
uninit_opts();
for (i = 0; i < FF_ARRAY_ELEMS(sections); i++)
diff --git a/fftools/opt_common.h b/fftools/opt_common.h
index ea1d16e..5185cf3 100644
--- a/fftools/opt_common.h
+++ b/fftools/opt_common.h
@@ -226,6 +226,7 @@ int opt_cpucount(void *optctx, const char *opt, const char *arg);
{ "cpuflags", HAS_ARG | OPT_EXPERT, { .func_arg = opt_cpuflags }, "force specific cpu flags", "flags" }, \
{ "cpucount", HAS_ARG | OPT_EXPERT, { .func_arg = opt_cpucount }, "force specific cpu count", "count" }, \
{ "hide_banner", OPT_BOOL | OPT_EXPERT, {&hide_banner}, "do not show program banner", "hide_banner" }, \
+ { "mask_url", OPT_BOOL, {&mask_url}, "mask the url", "flags" }, \
CMDUTILS_COMMON_OPTIONS_AVDEVICE \
#endif /* FFTOOLS_OPT_COMMON_H */
--
2.7.4
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next reply other threads:[~2023-01-03 12:12 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-03 11:05 Wujian(Chin) [this message]
2023-01-03 12:31 ` Nicolas George
-- strict thread matches above, loose matches on Subject: below --
2022-12-26 13:07 Wujian(Chin)
2022-12-26 13:21 ` Nicolas George
2022-12-27 19:49 ` Michael Niedermayer
2022-12-28 3:20 ` [FFmpeg-devel] 答复: " Wujian(Chin)
2022-12-28 8:04 ` Wujian(Chin)
2022-12-21 10:10 [FFmpeg-devel] [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils:add " Wujian(Chin)
2022-12-22 19:28 ` Nicolas George
2022-12-23 7:14 ` [FFmpeg-devel] 答复: " Wujian(Chin)
2022-12-23 9:13 ` Nicolas George
2022-12-23 11:04 ` [FFmpeg-devel] 答复: " Wujian(Chin)
2022-12-23 11:06 ` Nicolas George
2022-12-19 13:15 [FFmpeg-devel] [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add " Wujian(Chin)
2022-12-19 13:30 ` Nicolas George
2022-12-19 13:37 ` Gyan Doshi
2022-12-19 13:44 ` Nicolas George
2022-12-20 11:42 ` [FFmpeg-devel] 答复: " Wujian(Chin)
2022-12-22 19:27 ` Nicolas George
2022-12-24 8:51 ` [FFmpeg-devel] 答复: " Wujian(Chin)
2022-12-24 8:59 ` Nicolas George
2022-12-19 13:33 ` [FFmpeg-devel] " Marvin Scholz
2022-12-19 13:37 ` Nicolas George
2022-12-19 13:40 ` Marvin Scholz
2022-12-19 13:45 ` Nicolas George
2022-12-20 11:56 ` [FFmpeg-devel] 答复: " Wujian(Chin)
2022-12-19 14:51 ` [FFmpeg-devel] " "zhilizhao(赵志立)"
2022-12-22 23:14 ` Marton Balint
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6f7e65856c584ac99ef2354b477b69ab@huawei.com \
--to=wujian2@huawei.com \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git