Security: Enforce strict validation for FFmpeg binary paths (#214)

2026-01-08 12:33:50 +07:00
parent 6f6c7563a0
commit 14297171be
3 changed files with 60 additions and 5 deletions
@@ -541,6 +541,10 @@ func embedLyricsToM4A(filepath string, lyrics string) error {
 		return fmt.Errorf("ffmpeg not found: %w", err)
 	}

+	if err := ValidateExecutable(ffmpegPath); err != nil {
+		return fmt.Errorf("invalid ffmpeg executable: %w", err)
+	}
+
 	// Create temporary output file with proper extension so ffmpeg can detect format
 	tmpOutputFile := strings.TrimSuffix(filepath, pathfilepath.Ext(filepath)) + ".tmp" + pathfilepath.Ext(filepath)
 	defer func() {