improve downloader/postprocessor module loading

- handle arguments of any type without propagating an exception - prevent potential security risk through relative imports
2018-09-04 22:49:57 +02:00 · 2018-09-04 22:49:57 +02:00 · e9ae6fd080
commit e9ae6fd080
parent 712b58a93b
2 changed files with 21 additions and 13 deletions
--- a/gallery_dl/downloader/init.py
+++ b/gallery_dl/downloader/init.py
@ -1,11 +1,13 @@
 # -*- coding: utf-8 -*-

-# Copyright 2015 Mike Fährmann
+# Copyright 2015-2018 Mike Fährmann
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 as
 # published by the Free Software Foundation.

+"""Downloader modules"""
+
 import importlib


@ -14,13 +16,15 @@ def find(scheme):
    try:
        return _cache[scheme]
    except KeyError:
+        klass = None
        try:
-            module = importlib.import_module("."+scheme, __package__)
-            klass = getattr(module, "Downloader")
-            _cache[scheme] = klass
-            return klass
-        except ImportError:
-            return None
+            if "." not in scheme:  # prevent relative imports
+                module = importlib.import_module("." + scheme, __package__)
+                klass = module.Downloader
+        except (ImportError, AttributeError, TypeError):
+            pass
+        _cache[scheme] = klass
+        return klass


 # --------------------------------------------------------------------
--- a/gallery_dl/postprocessor/init.py
+++ b/gallery_dl/postprocessor/init.py
@ -6,6 +6,8 @@
 # it under the terms of the GNU General Public License version 2 as
 # published by the Free Software Foundation.

+"""Post-processing modules"""
+
 import importlib
 import logging

@ -17,13 +19,15 @@ def find(name):
    try:
        return _cache[name]
    except KeyError:
+        klass = None
        try:
-            module = importlib.import_module("."+name, __package__)
-            cls = module.__postprocessor__
-            _cache[name] = cls
-            return cls
-        except (ImportError, AttributeError):
-            return None
+            if "." not in name:  # prevent relative imports
+                module = importlib.import_module("." + name, __package__)
+                klass = module.__postprocessor__
+        except (ImportError, AttributeError, TypeError):
+            pass
+        _cache[name] = klass
+        return klass


 # --------------------------------------------------------------------