From patchwork Tue Jan  3 11:05:48 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Wujian(Chin)" <wujian2@huawei.com>
X-Patchwork-Id: 39839
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:bc95:b0:ad:ade2:bfd2 with SMTP id
 fx21csp8022464pzb;
        Tue, 3 Jan 2023 04:12:51 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvrEKhmT6ycc9dCqYi5H5xa3HCZE0N4UIAIgcUrrtcmCxbnyOAUz85J3QPkP9pGfONEsmfz
X-Received: by 2002:a17:906:6896:b0:7c1:4c46:30a0 with SMTP id
 n22-20020a170906689600b007c14c4630a0mr39604913ejr.65.1672747971151;
        Tue, 03 Jan 2023 04:12:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672747971; cv=none;
        d=google.com; s=arc-20160816;
        b=TJboQfZ9Jb2+8pQ+Ta8fi8jWdfjUGGAujLylsmE1eOoU7ED2G1f8gxKzRNJEdi9N07
         tShudSWtXzSbDKhh4Z/9XctFS/ydJB+615XX7pwubXmDbsAnkBns974futTekfYLxvCl
         O0L5WR0pFML6IVIAfUmivozsr3iBEZkXFQMoT9lGKamFSyKz6IavjMIArPBWpqDYt0gf
         iJDzxBKEUGCz3rH32+f41yhMDQEHSYtxOqB0D9vuwPEhnZeFBScEXbeAaYSKCHBlF/4b
         avWAH/EO2G/PLbtQQ+Nluad91lY9Vh3GvPrNDxoBeKC8obwZxNH3X2IUlWCkGs9LmTt3
         Sshg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:content-language:accept-language
         :message-id:date:thread-index:thread-topic:to:from:delivered-to;
        bh=twcwZuHS1ifjNWtzJQCTbzFpTLKFGTFcXXzzUE7wtFA=;
        b=t1Y4Xcb1u1OhXY590ZA+9VsV6NNVmRSQFrxF291xAK9uXw3UVMGDDi+rVMM/97K6Q9
         x3tbr/+nva/ziEvsU7lXhsdbmI+oqCBDP2KzssB+uqhsXEWRJWrjKgvKZamd4xSgYpI/
         Wx5Eo3z5cx8Ew+VU5BW+rEffmyOO2Cs54hI3Q4aevTlfVxclSNwHPhYiwQ1ne4uBAMtJ
         x48NV130tM6UTLggJWUt/jeePWqnJD8v5jfFJKq/EAYbBgWmbynlv8bpwEzm3m2v5nRi
         BDxFVLmJOeeheLYKP8XscqgLjdglC8EAahYsSlyiuNKUQLXWQH1azjgFpmLAzy8MCpmX
         VWyA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 p20-20020a1709060dd400b007ae199ea55asi20496511eji.817.2023.01.03.04.12.48;
        Tue, 03 Jan 2023 04:12:51 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9E1E068BD2C;
	Tue,  3 Jan 2023 14:12:45 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 360E068BCF1
 for <ffmpeg-devel@ffmpeg.org>; Tue,  3 Jan 2023 14:12:37 +0200 (EET)
Received: from kwepemi500014.china.huawei.com (unknown [172.30.72.56])
 by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4NmVH60zwczRqSr
 for <ffmpeg-devel@ffmpeg.org>; Tue,  3 Jan 2023 19:04:18 +0800 (CST)
Received: from kwepemi500014.china.huawei.com (7.221.188.232) by
 kwepemi500014.china.huawei.com (7.221.188.232) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.34; Tue, 3 Jan 2023 19:05:48 +0800
Received: from kwepemi500014.china.huawei.com ([7.221.188.232]) by
 kwepemi500014.china.huawei.com ([7.221.188.232]) with mapi id 15.01.2375.034;
 Tue, 3 Jan 2023 19:05:48 +0800
From: "Wujian(Chin)" <wujian2@huawei.com>
To: "ffmpeg-devel@ffmpeg.org" <ffmpeg-devel@ffmpeg.org>
Thread-Topic: [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add -mask_url to
 replace the protocol address in the command with the asterisk (*)
Thread-Index: AdkfYw5/rxpaoLpYQD6sXThKxfAweA==
Date: Tue, 3 Jan 2023 11:05:48 +0000
Message-ID: <6f7e65856c584ac99ef2354b477b69ab@huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.136.102.143]
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: [FFmpeg-devel] [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add
 -mask_url to replace the protocol address in the command with the asterisk
 (*)
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: l5QP/tSj54CK

Please review it again, thanks!!

Signed-off-by: wujian_nanjing <wujian2@huawei.com>
---
 doc/fftools-common-opts.texi | 11 +++++++++
 fftools/cmdutils.c           | 57 ++++++++++++++++++++++++++++++++++++++++++++
 fftools/cmdutils.h           | 21 ++++++++++++++++
 fftools/ffmpeg.c             |  7 +++---
 fftools/ffplay.c             |  6 +++--
 fftools/ffprobe.c            |  7 +++---
 fftools/opt_common.h         |  1 +
 7 files changed, 102 insertions(+), 8 deletions(-)

diff --git a/doc/fftools-common-opts.texi b/doc/fftools-common-opts.texi
index d914570..724c028 100644
--- a/doc/fftools-common-opts.texi
+++ b/doc/fftools-common-opts.texi
@@ -363,6 +363,17 @@ for testing. Do not use it unless you know what you're doing.
 ffmpeg -cpucount 2
 @end example
 
+@item -mask_url -i @var{url} (@emph{output})
+If the protocol address contains the user name and password, the ps -ef
+command exposes plaintext. You can add the -mask_url parameter option is
+added to replace the protocol address in the command line with the
+asterisk (*). Because other users can run the ps -ef command to view sensitive
+information such as the user name and password in the protocol address,
+which is insecure.
+@example
+ffmpeg -mask_url -i rtsp://username:password-ip:port/stream/test
+@end example
+
 @item -max_alloc @var{bytes}
 Set the maximum size limit for allocating a block on the heap by ffmpeg's
 family of malloc functions. Exercise @strong{extreme caution} when using
diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
index a1de621..7946303 100644
--- a/fftools/cmdutils.c
+++ b/fftools/cmdutils.c
@@ -60,6 +60,59 @@ AVDictionary *swr_opts;
 AVDictionary *format_opts, *codec_opts;
 
 int hide_banner = 0;
+int mask_url = 0;
+
+void mask_param(int argc, char **argv)
+{
+    int i, j;
+    for (i = 1; i < argc; i++) {
+        char *match = strstr(argv[i], "://");
+        if (match) {
+            int total = strlen(argv[i]);
+            for (j = 0; j < total; j++) {
+                argv[i][j] = '*';
+            }
+        }
+    }
+}
+
+char **copy_argv(int argc, char **argv)
+{
+    char **argv_copy;
+    argv_copy = av_mallocz((argc + 1) * sizeof(char *));
+    if (!argv_copy) {
+        av_log(NULL, AV_LOG_FATAL, "argv_copy malloc failed\n");
+        exit_program(1);
+    }
+
+    for (int i = 0; i < argc; i++) {
+        int length = strlen(argv[i]) + 1;
+        argv_copy[i] = av_mallocz(length * sizeof(*argv_copy));
+        if (!argv_copy[i]) {
+            av_log(NULL, AV_LOG_FATAL, "argv_copy[%d] malloc failed\n", i);
+            exit_program(1);
+        }
+        memcpy(argv_copy[i], argv[i], length);
+    }
+    argv_copy[argc] = NULL;
+    return argv_copy;
+}
+
+char **handle_arg_param(int argc, char **argv)
+{
+    char **argv_copy;
+    argv_copy = copy_argv(argc, argv);
+    if (mask_url)
+        mask_param(argc, argv);
+    return argv_copy;
+}
+
+void free_argv_copy(int argc, char **argv)
+{
+    for (int i = 0; i < argc; i++)
+        av_free(argv[i]);
+    av_free(argv);
+}
 
 void uninit_opts(void)
 {
@@ -501,6 +554,10 @@ void parse_loglevel(int argc, char **argv, const OptionDef *options)
     idx = locate_option(argc, argv, options, "hide_banner");
     if (idx)
         hide_banner = 1;
+
+    idx = locate_option(argc, argv, options, "mask_url");
+    if (idx)
+        mask_url = 1;
 }
 
 static const AVOption *opt_find(void *obj, const char *name, const char *unit,
diff --git a/fftools/cmdutils.h b/fftools/cmdutils.h
index 4496221..66babbd 100644
--- a/fftools/cmdutils.h
+++ b/fftools/cmdutils.h
@@ -48,6 +48,27 @@ extern AVDictionary *sws_dict;
 extern AVDictionary *swr_opts;
 extern AVDictionary *format_opts, *codec_opts;
 extern int hide_banner;
+extern int mask_url;
+
+/**
+ * Using to mask sensitive info.
+ */
+void mask_param(int argc, char **argv);
+
+/**
+ * Using to copy ori argv.
+ */
+char **copy_argv(int argc, char **argv);
+
+/**
+ * Handle argv and argv_copy.
+ */
+char **handle_arg_param(int argc, char **argv);
+
+/**
+ * Free argv.
+ */
+void free_argv_copy(int argc, char **argv);
 
 /**
  * Register a program-specific cleanup routine.
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index 881d6f0..9f3b261 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -3867,7 +3867,7 @@ int main(int argc, char **argv)
 {
     int ret;
     BenchmarkTimeStamps ti;
-
+    char **argv_copy;
     init_dynload();
 
     register_exit(ffmpeg_cleanup);
@@ -3883,9 +3883,10 @@ int main(int argc, char **argv)
     avformat_network_init();
 
     show_banner(argc, argv, options);
-
+    argv_copy = handle_arg_param(argc, argv);
     /* parse options and open all input/output files */
-    ret = ffmpeg_parse_options(argc, argv);
+    ret = ffmpeg_parse_options(argc, argv_copy);
+    free_argv_copy(argc, argv_copy);
     if (ret < 0)
         exit_program(1);
 
diff --git a/fftools/ffplay.c b/fftools/ffplay.c
index fc7e1c2..203db5e 100644
--- a/fftools/ffplay.c
+++ b/fftools/ffplay.c
@@ -3664,6 +3664,7 @@ void show_help_default(const char *opt, const char *arg)
 int main(int argc, char **argv)
 {
     int flags;
+    char **argv_copy;
     VideoState *is;
 
     init_dynload();
@@ -3682,8 +3683,9 @@ int main(int argc, char **argv)
 
     show_banner(argc, argv, options);
 
-    parse_options(NULL, argc, argv, options, opt_input_file);
-
+    argv_copy = handle_arg_param(argc, argv);
+    parse_options(NULL, argc, argv_copy, options, opt_input_file);
+    free_argv_copy(argc, argv_copy);
     if (!input_filename) {
         show_usage();
         av_log(NULL, AV_LOG_FATAL, "An input file must be specified\n");
diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c
index d2f126d..17e9759 100644
--- a/fftools/ffprobe.c
+++ b/fftools/ffprobe.c
@@ -4036,7 +4036,7 @@ int main(int argc, char **argv)
     char *buf;
     char *w_name = NULL, *w_args = NULL;
     int ret, input_ret, i;
-
+    char **argv_copy;
     init_dynload();
 
 #if HAVE_THREADS
@@ -4056,8 +4056,8 @@ int main(int argc, char **argv)
 #endif
 
     show_banner(argc, argv, options);
-    parse_options(NULL, argc, argv, options, opt_input_file);
-
+    argv_copy = handle_arg_param(argc, argv);
+    parse_options(NULL, argc, argv_copy, options, opt_input_file);
     if (do_show_log)
         av_log_set_callback(log_callback);
 
@@ -4173,6 +4173,7 @@ end:
     av_freep(&print_format);
     av_freep(&read_intervals);
     av_hash_freep(&hash);
+    free_argv_copy(argc, argv_copy);
 
     uninit_opts();
     for (i = 0; i < FF_ARRAY_ELEMS(sections); i++)
diff --git a/fftools/opt_common.h b/fftools/opt_common.h
index ea1d16e..5185cf3 100644
--- a/fftools/opt_common.h
+++ b/fftools/opt_common.h
@@ -226,6 +226,7 @@ int opt_cpucount(void *optctx, const char *opt, const char *arg);
     { "cpuflags",    HAS_ARG | OPT_EXPERT, { .func_arg = opt_cpuflags },     "force specific cpu flags", "flags" },     \
     { "cpucount",    HAS_ARG | OPT_EXPERT, { .func_arg = opt_cpucount },     "force specific cpu count", "count" },     \
     { "hide_banner", OPT_BOOL | OPT_EXPERT, {&hide_banner},     "do not show program banner", "hide_banner" },          \
+    { "mask_url",    OPT_BOOL,              {&mask_url},                      "mask the url", "flags" },                    \
     CMDUTILS_COMMON_OPTIONS_AVDEVICE                                                                                    \
 
 #endif /* FFTOOLS_OPT_COMMON_H */