[PR #214] [MERGED] Security Fix: Enforce strict validation for FFmpeg binary paths #529

New issue

Closed

opened 2026-02-27 19:04:14 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 19:04:14 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/afkarxyz/SpotiFLAC/pull/214
Author: @RinZ27
Created: 1/1/2026
Status: ✅ Merged
Merged: 1/8/2026
Merged by: @afkarxyz

Base: main ← Head: fix/hardening-data-flow

📝 Commits (1)

02583ee Security: Enforce strict validation for FFmpeg binary paths

📊 Changes

3 files changed (+60 additions, -5 deletions)

View changed files

📝 backend/ffmpeg.go (+52 -5)
📝 backend/filemanager.go (+4 -0)
📝 backend/metadata.go (+4 -0)

📄 Description

Fixes a potential command injection vulnerability by enforcing strict validation on external binary paths.

Previously, exec.Command accepted paths without verification, creating an attack vector if variables were compromised. I've introduced a ValidateExecutable function to ensure that:

Paths are absolute and point to existing files.
Files have executable permissions (on *nix).
Filenames match strictly allowlisted binaries (ffmpeg, ffprobe).

This validation is now applied across ffmpeg.go, filemanager.go, and metadata.go before any subprocess execution.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/afkarxyz/SpotiFLAC/pull/214 **Author:** [@RinZ27](https://github.com/RinZ27) **Created:** 1/1/2026 **Status:** ✅ Merged **Merged:** 1/8/2026 **Merged by:** [@afkarxyz](https://github.com/afkarxyz) **Base:** `main` ← **Head:** `fix/hardening-data-flow` --- ### 📝 Commits (1) - [`02583ee`](https://github.com/afkarxyz/SpotiFLAC/commit/02583ee615af9bb094037d5ee592a1d8f5d06d1b) Security: Enforce strict validation for FFmpeg binary paths ### 📊 Changes **3 files changed** (+60 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `backend/ffmpeg.go` (+52 -5) 📝 `backend/filemanager.go` (+4 -0) 📝 `backend/metadata.go` (+4 -0) </details> ### 📄 Description Fixes a potential command injection vulnerability by enforcing strict validation on external binary paths. Previously, `exec.Command` accepted paths without verification, creating an attack vector if variables were compromised. I've introduced a `ValidateExecutable` function to ensure that: 1. Paths are absolute and point to existing files. 2. Files have executable permissions (on *nix). 3. Filenames match strictly allowlisted binaries (`ffmpeg`, `ffprobe`). This validation is now applied across `ffmpeg.go`, `filemanager.go`, and `metadata.go` before any subprocess execution. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>