Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Mitigation of attack vectors from external provided links for generic extractor

See original GitHub issue

Checklist

I’m asking a question
I’ve looked through the README and FAQ for similar questions
I’ve searched the bugtracker for similar questions including closed ones

Question

Are there any mitigation possibilities in place for attacks such as Slowloris or a 3 party url that will indefinitely send data without a content-length?
Does the downloader respect the content-length header and error out if the downloaded size is a mismatch?
I have noticed that there is an option for --max-filesize but does that use content-length or the actual downloaded bytes so far?
Is there anything I could do to kill the process if the download speed is lower than a threshold? Or is there any option that would help me achieve this?

Issue Analytics

State:
Created 3 years ago
Comments:5

Top GitHub Comments

1reaction

dstftwcommented, May 5, 2020

I’ve re-checked question 2 and looks like it actually silently truncates data at Content-Length border if there are more data. This happens somewhere in python internals or deeper. Browsers seem to have similar behavior. So that the actual answer to 2 is “no”.

0reactions

legraphistacommented, May 5, 2020

Thank you for your time & answers.

I have come to the conclusion that my requirements are out of the scope of youtube-dl.

We can write a custom downloader that aligns with our needs and use that when the extractor is generic, else let youtube-dl handle the heavy work.

I’ll most likely leverage --load-info-json to cache the metadata and not send out duplicate requests after the extractor checks.

Top Results From Across the Web

What is an Attack Vector? 16 Common Attack Vectors in 2022

An attack vector is a path or means by which an attacker can gain unauthorized access to a computer or network to deliver...

8 Common Types of Cyber Attack Vectors and How to Avoid ...

Learn the 8 common cyber attack vectors and the steps you can take to mitigate it.

Malicious Link - an overview | ScienceDirect Topics

This attack is known as a drive-by download attack in which target users are coerced to visit malicious domains through social engineering [6]....

Guidance for preventing, detecting, and hunting for ... - Microsoft

This blog reports our observations and analysis of attacks that take advantage of the Log4j 2 vulnerabilities. It also provides our ...

A Threat-Driven Approach to Cyber Security - Lockheed Martin

The threat actor(s) gain access to the assets via attack vectors and vulnerabilities present in the technology components that house or provide direct...