transmogrifier: reject activities lacking a valid ID

author William Pitcock <nenolod@dereferenced.org>

Thu, 23 Aug 2018 01:23:02 +0000 (01:23 +0000)

committer William Pitcock <nenolod@dereferenced.org>

Thu, 23 Aug 2018 01:25:26 +0000 (01:25 +0000)
author William Pitcock <nenolod@dereferenced.org>
Thu, 23 Aug 2018 01:23:02 +0000 (01:23 +0000)
committer William Pitcock <nenolod@dereferenced.org>
Thu, 23 Aug 2018 01:25:26 +0000 (01:25 +0000)
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex

index 5e07d5ea95344c2da0df8919f95c2fe29d2014cb..1367bc7e3b276d6a4bca2f15267a8f4cf255f3de 100644 (file)
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -177,6 +177,12 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
  
    def fix_content_map(object), do: object
  
+  # disallow objects with bogus IDs
+  def handle_incoming(%{"id" => nil}), do: :error
+  def handle_incoming(%{"id" => ""}), do: :error
+  # length of https:// = 8, should validate better, but good enough for now.
+  def handle_incoming(%{"id" => id}) when not (is_binary(id) and length(id) > 8), do: :error
+
    # TODO: validate those with a Ecto scheme
    # - tags
    # - emoji
author	William Pitcock <nenolod@dereferenced.org>
	Thu, 23 Aug 2018 01:23:02 +0000 (01:23 +0000)
committer	William Pitcock <nenolod@dereferenced.org>
	Thu, 23 Aug 2018 01:25:26 +0000 (01:25 +0000)