π‘οΈ Sentinel: [HIGH] Fix FFmpeg Filter Injection Vulnerability#131
π‘οΈ Sentinel: [HIGH] Fix FFmpeg Filter Injection Vulnerability#131Cukurikik wants to merge 1 commit into
Conversation
Co-authored-by: Cukurikik <266119688+Cukurikik@users.noreply.github.com>
|
π Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a π emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
π WalkthroughWalkthroughThe Changes
Estimated code review effortπ― 2 (Simple) | β±οΈ ~8 minutes Poem
π₯ Pre-merge checks | β 2 | β 1β Failed checks (1 warning)
β Passed checks (2 passed)
βοΈ Tip: You can configure your own custom pre-merge checks in the settings. β¨ Finishing Touchesπ Generate docstrings
π§ͺ Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
π€ Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/modules/video-engine/engines/watermark.engine.ts`:
- Line 4: The code assumes opts.text is a string when assigning to the local
variable text (let text = (opts.text as string) || "HEAVY-TOOLS"), which can
throw later when sanitizing non-string values; change the assignment to first
guard the runtime type (e.g., check typeof opts.text === "string") and only use
opts.text if it's a string, otherwise fall back to the default "HEAVY-TOOLS"
before any sanitization; update references to text and any subsequent
sanitization logic in watermark.engine.ts (the text variable and opts.text
usage) so non-string inputs are safely handled.
βΉοΈ Review info
βοΈ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 24a64d64-4358-4659-bd5a-fc93ab620be1
π Files selected for processing (1)
src/modules/video-engine/engines/watermark.engine.ts
| export interface WatermarkOptions { [key: string]: unknown; } | ||
| export async function buildWatermarkArgs(input: string, output: string, opts: WatermarkOptions, ffmpeg?: FFmpeg, files?: File[]): Promise<string[]> { | ||
| const text = (opts.text as string) || "HEAVY-TOOLS"; | ||
| let text = (opts.text as string) || "HEAVY-TOOLS"; |
There was a problem hiding this comment.
Guard opts.text type before sanitization to prevent runtime crashes.
At Line 4, as string does not coerce runtime values. If opts.text is a truthy non-string, Line 8 will throw.
π§ Suggested fix
- let text = (opts.text as string) || "HEAVY-TOOLS";
+ let text = typeof opts.text === "string" ? opts.text : "HEAVY-TOOLS";π Committable suggestion
βΌοΈ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| let text = (opts.text as string) || "HEAVY-TOOLS"; | |
| let text = typeof opts.text === "string" ? opts.text : "HEAVY-TOOLS"; |
π€ Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@src/modules/video-engine/engines/watermark.engine.ts` at line 4, The code
assumes opts.text is a string when assigning to the local variable text (let
text = (opts.text as string) || "HEAVY-TOOLS"), which can throw later when
sanitizing non-string values; change the assignment to first guard the runtime
type (e.g., check typeof opts.text === "string") and only use opts.text if it's
a string, otherwise fall back to the default "HEAVY-TOOLS" before any
sanitization; update references to text and any subsequent sanitization logic in
watermark.engine.ts (the text variable and opts.text usage) so non-string inputs
are safely handled.
1 participant
π¨ Severity: HIGH
π‘ Vulnerability: The
watermark.engine.tsdirectly mapped unsanitized user inputs (opts.text) to an FFmpegdrawtextfilter. If a user provided text with colons or specific characters (e.g.,:textfile=/etc/passwd), they could potentially break out of the variable string and execute malicious local file reads via the FFmpeg engine.π― Impact: Exploitation could lead to local file disclosure (LFI) via the underlying FFmpeg instance. It also caused functional bugs where legit colons in timestamps would cause a crash.
π§ Fix: Sanitized the user input using standard string escaping for FFmpeg: backslashes, colons, and single quotes.
β Verification: Verified the fix mitigates injection directly at the engine layer and passes type checks.
PR created automatically by Jules for task 17547521219066521996 started by @Cukurikik
Summary by CodeRabbit
Bug Fixes