diff --git a/videoarchiver/ffmpeg/__init__.py b/videoarchiver/ffmpeg/__init__.py index b242264..f154bb8 100644 --- a/videoarchiver/ffmpeg/__init__.py +++ b/videoarchiver/ffmpeg/__init__.py @@ -5,6 +5,7 @@ import sys import os from pathlib import Path from typing import Dict, Any, Optional +from security import safe_command # Configure logging logging.basicConfig( @@ -166,8 +167,7 @@ class FFmpeg: """Get FFmpeg version""" try: import subprocess - result = subprocess.run( - [str(self.ffmpeg_path), "-version"], + result = safe_command.run(subprocess.run, [str(self.ffmpeg_path), "-version"], capture_output=True, text=True, timeout=5 diff --git a/videoarchiver/ffmpeg/ffmpeg_downloader.py b/videoarchiver/ffmpeg/ffmpeg_downloader.py index 3c8be3e..ccf91c5 100644 --- a/videoarchiver/ffmpeg/ffmpeg_downloader.py +++ b/videoarchiver/ffmpeg/ffmpeg_downloader.py @@ -19,6 +19,7 @@ import lzma # try: # Try relative imports first from exceptions import DownloadError +from security import safe_command # except ImportError: # Fall back to absolute imports if relative imports fail @@ -352,8 +353,7 @@ class FFmpegDownloader: # Test FFmpeg functionality with enhanced error handling try: - result = subprocess.run( - [str(self.ffmpeg_path), "-version"], + result = safe_command.run(subprocess.run, [str(self.ffmpeg_path), "-version"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=5, @@ -370,8 +370,7 @@ class FFmpegDownloader: # Test FFprobe functionality with enhanced error handling try: - result = subprocess.run( - [str(self.ffprobe_path), "-version"], + result = safe_command.run(subprocess.run, [str(self.ffprobe_path), "-version"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=5, diff --git a/videoarchiver/ffmpeg/gpu_detector.py b/videoarchiver/ffmpeg/gpu_detector.py index 9dc32f2..bce6885 100644 --- a/videoarchiver/ffmpeg/gpu_detector.py +++ b/videoarchiver/ffmpeg/gpu_detector.py @@ -7,6 +7,7 @@ import platform import re from typing import Dict, List, Tuple from pathlib import Path +from security import safe_command logger = logging.getLogger("VideoArchiver") @@ -76,7 +77,7 @@ class GPUDetector: try: # Use PowerShell to get GPU info cmd = ["powershell", "-Command", "Get-WmiObject Win32_VideoController | Select-Object Name"] - result = subprocess.run(cmd, capture_output=True, text=True, timeout=10) + result = safe_command.run(subprocess.run, cmd, capture_output=True, text=True, timeout=10) if result.returncode == 0: output = result.stdout.lower() @@ -153,7 +154,7 @@ class GPUDetector: try: cmd = ["system_profiler", "SPDisplaysDataType"] - result = subprocess.run(cmd, capture_output=True, text=True, timeout=10) + result = safe_command.run(subprocess.run, cmd, capture_output=True, text=True, timeout=10) if result.returncode == 0: output = result.stdout.lower() @@ -173,7 +174,7 @@ class GPUDetector: try: # Check FFmpeg encoders cmd = [str(self.ffmpeg_path), "-hide_banner", "-encoders"] - result = subprocess.run(cmd, capture_output=True, text=True, timeout=10) + result = safe_command.run(subprocess.run, cmd, capture_output=True, text=True, timeout=10) if result.returncode == 0: output = result.stdout.lower() @@ -250,7 +251,7 @@ class GPUDetector: elif system == "windows": cmd = ["powershell", "-Command", "Get-WmiObject Win32_VideoController | Select-Object Name"] - result = subprocess.run(cmd, capture_output=True, text=True, timeout=10) + result = safe_command.run(subprocess.run, cmd, capture_output=True, text=True, timeout=10) if result.returncode == 0: for line in result.stdout.splitlines(): @@ -265,7 +266,7 @@ class GPUDetector: elif system == "darwin": cmd = ["system_profiler", "SPDisplaysDataType"] - result = subprocess.run(cmd, capture_output=True, text=True, timeout=10) + result = safe_command.run(subprocess.run, cmd, capture_output=True, text=True, timeout=10) if result.returncode == 0: current_gpu = None diff --git a/videoarchiver/ffmpeg/process_manager.py b/videoarchiver/ffmpeg/process_manager.py index 98d0974..b4d63b6 100644 --- a/videoarchiver/ffmpeg/process_manager.py +++ b/videoarchiver/ffmpeg/process_manager.py @@ -5,6 +5,7 @@ import psutil # type: ignore import subprocess import time from typing import Set, Optional +from security import safe_command logger = logging.getLogger("FFmpegProcessManager") @@ -90,8 +91,7 @@ class ProcessManager: """ process = None try: - process = subprocess.Popen( - command, + process = safe_command.run(subprocess.Popen, command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True diff --git a/videoarchiver/ffmpeg/video_analyzer.py b/videoarchiver/ffmpeg/video_analyzer.py index d2c219b..ebcca9a 100644 --- a/videoarchiver/ffmpeg/video_analyzer.py +++ b/videoarchiver/ffmpeg/video_analyzer.py @@ -9,6 +9,7 @@ from contextlib import contextmanager import tempfile import shutil import json +from security import safe_command logger = logging.getLogger("VideoArchiver") @@ -126,8 +127,7 @@ class VideoAnalyzer: ] logger.debug(f"Running ffprobe command: {' '.join(cmd)}") - result = subprocess.run( - cmd, + result = safe_command.run(subprocess.run, cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, @@ -193,8 +193,7 @@ class VideoAnalyzer: ] logger.debug(f"Running dark scene analysis: {' '.join(sample_cmd)}") - result = subprocess.run( - sample_cmd, + result = safe_command.run(subprocess.run, sample_cmd, capture_output=True, text=True, timeout=60 # Add timeout diff --git a/videoarchiver/utils/file_operations.py b/videoarchiver/utils/file_operations.py index 616ccdd..3540f96 100644 --- a/videoarchiver/utils/file_operations.py +++ b/videoarchiver/utils/file_operations.py @@ -11,6 +11,7 @@ from pathlib import Path from utils.exceptions import VideoVerificationError from utils.file_deletion import SecureFileDeleter +from security import safe_command logger = logging.getLogger("VideoArchiver") @@ -64,8 +65,7 @@ class FileOperations: file_path, ] - result = subprocess.run( - cmd, + result = safe_command.run(subprocess.run, cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, @@ -120,7 +120,7 @@ class FileOperations: "-show_format", file_path, ] - result = subprocess.run(cmd, capture_output=True, text=True) + result = safe_command.run(subprocess.run, cmd, capture_output=True, text=True) if result.returncode != 0: raise Exception(f"FFprobe failed: {result.stderr}")