[FFmpeg-devel] [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add -safe to replace the user name and password in the protocol address
Timo Rothenpieler
timo at rothenpieler.org
Sun Dec 18 03:07:17 EET 2022
On 17.12.2022 08:36, Wujian(Chin) wrote:
> The Protocol address may contain the user name and password. The ps -ef command may expose the plaintext.
> The -safe parameter option is added to replace the user name and password in the command line with the asterisk (*).
>
> Signed-off-by: wujian_nanjing <wujian2 at huawei.com>
> ---
> doc/ffmpeg.texi | 7 +++++++
> doc/ffplay.texi | 8 ++++++++
> doc/ffprobe.texi | 7 +++++++
> fftools/cmdutils.c | 47 +++++++++++++++++++++++++++++++++++++++++++----
> fftools/cmdutils.h | 15 +++++++++++++++
> fftools/ffmpeg.c | 16 +++++++++++++---
> fftools/ffplay.c | 15 +++++++++++++--
> fftools/ffprobe.c | 18 ++++++++++++++----
> 8 files changed, 120 insertions(+), 13 deletions(-)
>
> diff --git a/doc/ffmpeg.texi b/doc/ffmpeg.texi
> index 0367930..e905542 100644
> --- a/doc/ffmpeg.texi
> +++ b/doc/ffmpeg.texi
> @@ -50,6 +50,13 @@ output files. Also do not mix options which belong to different files. All
> options apply ONLY to the next input or output file and are reset between files.
>
> @itemize
> + at item -safe
> +The Protocol address may contain the user name and password. The ps -ef command may expose the plaintext.
> +The -safe parameter option is added to replace the user name and password in the command line with the asterisk (*).
> + at example
> +ffmpeg -safe -i rtsp://username@password.xxxx.com
> + at end example
> +
> @item
> To set the video bitrate of the output file to 64 kbit/s:
> @example
> diff --git a/doc/ffplay.texi b/doc/ffplay.texi
> index 5dd860b..f46ca91 100644
> --- a/doc/ffplay.texi
> +++ b/doc/ffplay.texi
> @@ -122,6 +122,14 @@ Read @var{input_url}.
>
> @section Advanced options
> @table @option
> +
> + at item -safe
> +The Protocol address may contain the user name and password. The ps -ef command may expose the plaintext.
> +The -safe parameter option is added to replace the user name and password in the command line with the asterisk (*).
> + at example
> +ffplay -safe -i rtsp://username@password.xxxx.com
> + at end example
> +
> @item -stats
> Print several playback statistics, in particular show the stream
> duration, the codec parameters, the current position in the stream and
> diff --git a/doc/ffprobe.texi b/doc/ffprobe.texi
> index 4dc9f57..92b13cf 100644
> --- a/doc/ffprobe.texi
> +++ b/doc/ffprobe.texi
> @@ -89,6 +89,13 @@ Set the output printing format.
> @var{writer_name} specifies the name of the writer, and
> @var{writer_options} specifies the options to be passed to the writer.
>
> + at item -safe
> +The Protocol address may contain the user name and password. The ps -ef command may expose the plaintext.
> +The -safe parameter option is added to replace the user name and password in the command line with the asterisk (*).
> + at example
> +ffprobe -safe -i rtsp://username@password.xxxx.com
> + at end example
> +
> For example for printing the output in JSON format, specify:
> @example
> -print_format json
> diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
> index a1de621..22407f8 100644
> --- a/fftools/cmdutils.c
> +++ b/fftools/cmdutils.c
> @@ -61,6 +61,40 @@ AVDictionary *format_opts, *codec_opts;
>
> int hide_banner = 0;
>
> +void param_masking(int argc, char **argv) {
> + int i, j;
> + for (i = 1; i < argc; i++) {
> + char *match = strstr(argv[i], "://");
> + if (match) {
> + int total = strlen(argv[i]);
> + for (j = 0; j < total; j++) {
> + argv[i][j] = '*';
> + }
> + }
> + }
> +}
Won't that replace the entire parameter, as in, the full URL, with ***?
While the documentation claims only the username/password will be replaced.
More information about the ffmpeg-devel
mailing list