administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-06-21 03:41:55 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix go2rtc nested key dict

Browse Source
This commit is contained in:
Nicolas Mowen 2026-06-16 07:33:58 -06:00
parent 06e3d0ac5d
commit f4b6652f5f
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docker/main/rootfs/usr/local/go2rtc/create_config.py
View File

@ -17,7 +17,10 @@ from frigate.const import (
) )
from frigate.ffmpeg_presets import parse_preset_hardware_acceleration_encode from frigate.ffmpeg_presets import parse_preset_hardware_acceleration_encode
from frigate.util.config import find_config_file from frigate.util.config import find_config_file
from frigate.util.services import is_restricted_go2rtc_source from frigate.util.services import (
is_go2rtc_arbitrary_exec_allowed,
is_restricted_go2rtc_source,
)
sys.path.remove("/opt/frigate") sys.path.remove("/opt/frigate")
@ -159,6 +162,20 @@ for name in list(go2rtc_config.get("streams", {})):
) )
del go2rtc_config["streams"][name] del go2rtc_config["streams"][name]
elif isinstance(stream, dict):
# The map form ({"url": ...}) lets go2rtc resolve the source
# recursively, so it is effectively a dynamic way to generate the URL
# for a stream. That can only be backed by an exec source, so it cannot
# be allowed unless arbitrary exec is explicitly enabled. When it is
# enabled, leave the map untouched for go2rtc to resolve.
if not is_go2rtc_arbitrary_exec_allowed():
print(
f"[ERROR] Stream '{name}' uses a dynamic source format which is disabled by default for security. "
f"Set GO2RTC_ALLOW_ARBITRARY_EXEC=true to enable arbitrary exec sources."
)
del go2rtc_config["streams"][name]
continue
# add birdseye restream stream if enabled # add birdseye restream stream if enabled
if config.get("birdseye", {}).get("restream", False): if config.get("birdseye", {}).get("restream", False):
birdseye: dict[str, Any] = config.get("birdseye") birdseye: dict[str, Any] = config.get("birdseye")

4
frigate/util/services.py
View File

@ -556,7 +556,7 @@ def get_jetson_stats() -> Optional[dict[int, dict]]:
return results return results
def _go2rtc_arbitrary_exec_allowed() -> bool: def is_go2rtc_arbitrary_exec_allowed() -> bool:
"""Read the GO2RTC_ALLOW_ARBITRARY_EXEC override from env, docker """Read the GO2RTC_ALLOW_ARBITRARY_EXEC override from env, docker
secrets, or the Home Assistant add-on options file.""" secrets, or the Home Assistant add-on options file."""
raw: Optional[str] = None raw: Optional[str] = None
@ -588,7 +588,7 @@ def is_restricted_go2rtc_source(stream_source: str) -> bool:
and the GO2RTC_ALLOW_ARBITRARY_EXEC override is not set.""" and the GO2RTC_ALLOW_ARBITRARY_EXEC override is not set."""
if not stream_source.strip().startswith(("echo:", "expr:", "exec:")): if not stream_source.strip().startswith(("echo:", "expr:", "exec:")):
return False return False
return not _go2rtc_arbitrary_exec_allowed() return not is_go2rtc_arbitrary_exec_allowed()
def ffprobe_stream(ffmpeg, path: str, detailed: bool = False) -> sp.CompletedProcess: def ffprobe_stream(ffmpeg, path: str, detailed: bool = False) -> sp.CompletedProcess: