Catch edge cases in security protections (#23493)

* Fix go2rtc nested key dict * Don't allow path traversal
2026-06-20 19:31:53 +03:00 · 2026-06-16 08:07:12 -06:00 · 2026-06-16 08:07:12 -06:00 · b3ce4486b9
commit b3ce4486b9
parent 06e3d0ac5d
3 changed files with 30 additions and 3 deletions
--- a/docker/main/rootfs/usr/local/go2rtc/create_config.py
+++ b/docker/main/rootfs/usr/local/go2rtc/create_config.py
@ -17,7 +17,10 @@ from frigate.const import (
 )
 from frigate.ffmpeg_presets import parse_preset_hardware_acceleration_encode
 from frigate.util.config import find_config_file
-from frigate.util.services import is_restricted_go2rtc_source
+from frigate.util.services import (
+    is_go2rtc_arbitrary_exec_allowed,
+    is_restricted_go2rtc_source,
+)

 sys.path.remove("/opt/frigate")

@ -159,6 +162,20 @@ for name in list(go2rtc_config.get("streams", {})):
            )
            del go2rtc_config["streams"][name]

+    elif isinstance(stream, dict):
+        # The map form ({"url": ...}) lets go2rtc resolve the source
+        # recursively, so it is effectively a dynamic way to generate the URL
+        # for a stream. That can only be backed by an exec source, so it cannot
+        # be allowed unless arbitrary exec is explicitly enabled. When it is
+        # enabled, leave the map untouched for go2rtc to resolve.
+        if not is_go2rtc_arbitrary_exec_allowed():
+            print(
+                f"[ERROR] Stream '{name}' uses a dynamic source format which is disabled by default for security. "
+                f"Set GO2RTC_ALLOW_ARBITRARY_EXEC=true to enable arbitrary exec sources."
+            )
+            del go2rtc_config["streams"][name]
+            continue
+
 # add birdseye restream stream if enabled
 if config.get("birdseye", {}).get("restream", False):
    birdseye: dict[str, Any] = config.get("birdseye")
--- a/frigate/api/export.py
+++ b/frigate/api/export.py
@ -91,6 +91,16 @@ def export_recording(
    playback_factor = body.playback
    playback_source = body.source
    friendly_name = body.name
+
+    # sanitize_filepath normalizes "\" to "/" but leaves ".." intact, so a path
+    # like "clips\..\..\etc/passwd" passes the CLIPS_DIR prefix check yet still
+    # escapes the directory once resolved. A valid snapshot path never uses "..".
+    if body.image_path and ".." in body.image_path:
+        return JSONResponse(
+            content=({"success": False, "message": "Invalid image path"}),
+            status_code=400,
+        )
+
    existing_image = sanitize_filepath(body.image_path) if body.image_path else None

    # a chapters value in the request body overrides the camera's export config
--- a/frigate/util/services.py
+++ b/frigate/util/services.py
@ -556,7 +556,7 @@ def get_jetson_stats() -> Optional[dict[int, dict]]:
    return results


-def _go2rtc_arbitrary_exec_allowed() -> bool:
+def is_go2rtc_arbitrary_exec_allowed() -> bool:
    """Read the GO2RTC_ALLOW_ARBITRARY_EXEC override from env, docker
    secrets, or the Home Assistant add-on options file."""
    raw: Optional[str] = None
@ -588,7 +588,7 @@ def is_restricted_go2rtc_source(stream_source: str) -> bool:
    and the GO2RTC_ALLOW_ARBITRARY_EXEC override is not set."""
    if not stream_source.strip().startswith(("echo:", "expr:", "exec:")):
        return False
-    return not _go2rtc_arbitrary_exec_allowed()
+    return not is_go2rtc_arbitrary_exec_allowed()


 def ffprobe_stream(ffmpeg, path: str, detailed: bool = False) -> sp.CompletedProcess: