Open Arnei opened 2 years ago
lkiesow
commented
2 years ago I would suggest to just mark this as being okay. I've done the same for pyCA.
Sure, users can pass on arbitrary files which will get passed on to FFmpeg, but that's something they could do anyway if they are allowed to execute this tool. It's not like they could get more privileges because, e.g. vosk-cli is a system service running as a different user.
vJan00
commented
2 years ago Maybe this python module would be interesting? \ https://github.com/kkroening/ffmpeg-python
Arnei
commented
2 years ago Maybe this python module would be interesting? https://github.com/kkroening/ffmpeg-python
Didn't look at this super closely, but I don't see how this helps with security. Could you elaborate?
I decided to run bandit to check for potential security issues are proposed in #10.
The only thing bandit found was the usage of subprocess to run ffmpeg, although it rates the severity as "low" since subprocess.Popen is already used in fairly safe way (i.e. not spawning a command shell). So the only issue i can really see here is that the ffmpeg command accepts an arbitrary input file.
One way to "fix" the arbitrary input file issue would be to avoid running ffmpeg and instead have the user provide a valid file format, but I assume we don't want that.
Then the other thing to do is just general safety measures, like sandboxing, limiting process resources and limiting the input file to well known formats. Not sure if any of these are "worth it" though, that would be up for discussion.
Bandit logs
``` Test results: >> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module. Severity: Low Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: voskcli/transcribe.py:21:0 More Info: https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_imports.html#b404-import-subprocess 20 import os 21 import subprocess 22 import json -------------------------------------------------- >> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input. Severity: Low Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: voskcli/transcribe.py:189:14 More Info: https://bandit.readthedocs.io/en/1.7.4/plugins/b603_subprocess_without_shell_equals_true.html 188 '-ar', str(sample_rate), '-ac', '1', '-f', 's16le', '-'] 189 process = subprocess.Popen(command, stdout=subprocess.PIPE) 190 -------------------------------------------------- Code scanned: Total lines of code: 195 Total lines skipped (#nosec): 0 Run metrics: Total issues (by severity): Undefined: 0 Low: 2 Medium: 0 High: 0 Total issues (by confidence): Undefined: 0 Low: 0 Medium: 0 High: 2 ```