Summary
The download URL generation in VOD management returns a direct path without cryptographic signing. While the comment mentions signed URLs, the implementation does not include them.
Impact
Severity: MEDIUM
An attacker who captures a download URL could share it with unauthorized users. While the original access check happened, the URL itself is not time-limited or user-bound.
Files Affected
/api/studio_vod.py (lines 449-494, specifically 483-494)
Recommended Fix
- Implement HMAC-signed URLs with expiration timestamp embedded
- Verify signature server-side before serving download
- Include user_id in the signed payload to prevent URL sharing
References
- CWE-284 (Improper Access Control)
- OWASP A01:2021 Broken Access Control
🤖 Generated by automated security review
Summary
The download URL generation in VOD management returns a direct path without cryptographic signing. While the comment mentions signed URLs, the implementation does not include them.
Impact
Severity: MEDIUM
An attacker who captures a download URL could share it with unauthorized users. While the original access check happened, the URL itself is not time-limited or user-bound.
Files Affected
/api/studio_vod.py(lines 449-494, specifically 483-494)Recommended Fix
References
🤖 Generated by automated security review