From 0d8f3b1f82951d8ed3e760223a529099b475b285 Mon Sep 17 00:00:00 2001
From: Kenneth Estanislao <hacksider@gmail.com>
Date: Fri, 6 Mar 2026 23:26:48 +0800
Subject: [PATCH] Fix on vulnerability report

https://github.com/hacksider/Deep-Live-Cam/issues/1695
---
 .gitignore                       |  1 +
 modules/processors/frame/core.py |  9 +++++++++
 modules/utilities.py             | 23 ++++++++++++++++-------
 3 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 65636d7..88e7825 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,4 @@ faceswap/
 .vscode/
 switch_states.json
 /models
+install.bat
diff --git a/modules/processors/frame/core.py b/modules/processors/frame/core.py
index 2208109..80dd2c0 100644
--- a/modules/processors/frame/core.py
+++ b/modules/processors/frame/core.py
@@ -17,8 +17,17 @@ FRAME_PROCESSORS_INTERFACE = [
     'process_video'
 ]
 
+ALLOWED_PROCESSORS = {
+    'face_swapper',
+    'face_enhancer',
+    'face_enhancer_gpen256',
+    'face_enhancer_gpen512'
+}
 
 def load_frame_processor_module(frame_processor: str) -> Any:
+    if frame_processor not in ALLOWED_PROCESSORS:
+        print(f"Frame processor {frame_processor} is not allowed")
+        sys.exit()
     try:
         frame_processor_module = importlib.import_module(f'modules.processors.frame.{frame_processor}')
         for method_name in FRAME_PROCESSORS_INTERFACE:
diff --git a/modules/utilities.py b/modules/utilities.py
index dbb58c7..2638465 100644
--- a/modules/utilities.py
+++ b/modules/utilities.py
@@ -15,10 +15,6 @@ import modules.globals
 TEMP_FILE = "temp.mp4"
 TEMP_DIRECTORY = "temp"
 
-# monkey patch ssl for mac
-if platform.system().lower() == "darwin":
-    ssl._create_default_https_context = ssl._create_unverified_context
-
 
 def run_ffmpeg(args: List[str]) -> bool:
     """Run ffmpeg with hardware acceleration and optimized settings."""
@@ -286,8 +282,15 @@ def conditional_download(download_directory_path: str, urls: List[str]) -> None:
             download_directory_path, os.path.basename(url)
         )
         if not os.path.exists(download_file_path):
-            request = urllib.request.urlopen(url)  # type: ignore[attr-defined]
-            total = int(request.headers.get("Content-Length", 0))
+            request = urllib.request.Request(url)
+            
+            # Create a specific SSL context for macOS to avoid globally disabling verification
+            ctx = None
+            if platform.system().lower() == "darwin":
+                ctx = ssl._create_unverified_context()
+                
+            response = urllib.request.urlopen(request, context=ctx)
+            total = int(response.headers.get("Content-Length", 0))
             with tqdm(
                 total=total,
                 desc="Downloading",
@@ -295,7 +298,13 @@ def conditional_download(download_directory_path: str, urls: List[str]) -> None:
                 unit_scale=True,
                 unit_divisor=1024,
             ) as progress:
-                urllib.request.urlretrieve(url, download_file_path, reporthook=lambda count, block_size, total_size: progress.update(block_size))  # type: ignore[attr-defined]
+                with open(download_file_path, "wb") as f:
+                    while True:
+                        buffer = response.read(8192)
+                        if not buffer:
+                            break
+                        f.write(buffer)
+                        progress.update(len(buffer))
 
 
 def resolve_relative_path(path: str) -> str: