search

couleur-tweak-tips / Smoothie

Smoothie is python is abandonned, please see couleur-tweak-tips/smoothie-rs
https://github.com/couleur-tweak-tips/smoothie-rs
GNU General Public License v3.0
72 stars 4 forks source link

Small Bug Fix + Invoke subprocesses via Python. #6

Closed Aetopia closed 2 years ago

Aetopia commented 2 years ago
  1. Fixed a bug where Smoothie wasn't converting input videos into their absolute paths.
  2. Instead of using "shell = True" to pipe input into ffmpeg from vspipe, pipe using python itself.

Why did you remove shell = True?

You can invoke a process in 2 ways in Python either using the system shell (shell = True) or via Python itself. Using shell = True can open access to the system shell entirely and if a user somehow access to the run/Popen with shell = True, they can execute shell commands which can compromise security of the program itself. In the case of Smoothie, this access to the system shell is via this config value:

[encoding]
process=ffmpeg
args=-c:v hevc_nvenc -rc constqp -preset p7 -qp 18

Say we set up the value like this:

[encoding]
process=ffmpeg
args=-c:v hevc_nvenc -rc constqp -preset p7 -qp 18 | dir && echo "Hello from shell = True!" && pause

With shell = True: https://user-images.githubusercontent.com/41850963/158943894-3b4782d2-13b2-4ff4-babf-4dee4d494ff9.mp4

Using Python to pipe: https://user-images.githubusercontent.com/41850963/158944319-0ecf65f6-937c-472f-8fef-32c65d08e0f8.mp4

couleurm commented 2 years ago

will push on next update thank you topito :D