From: Ariadne Conill <ariadne@dereferenced.org>
Date: Sun, 14 Jul 2019 17:49:12 +0000 (+0000)
Subject: tests: fix object containment violations in the transmogrifier tests
X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=841314c2d504ad108f6a85713546b188096ad735;p=akkoma

tests: fix object containment violations in the transmogrifier tests

Some objects were not completely rewritten in the tests, which caused object
containment violations.  Fix them by rewriting the object IDs to be in an
appropriate namespace.
---

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0cec3bf5c..e7d7e0ef5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,6 +42,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Admin API: changed json structure for saving config settings.
 - RichMedia: parsers and their order are configured in `rich_media` config.
 
+## [1.0.1] - 2019-07-14
+### Security
+- OStatus: fix an object spoofing vulnerability.
+
 ## [1.0.0] - 2019-06-29
 ### Security
 - Mastodon API: Fix display names not being sanitized
diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index b896a532b..cabe925f9 100644
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -416,6 +416,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
         |> Map.put("attributedTo", user.ap_id)
         |> Map.put("to", ["https://www.w3.org/ns/activitystreams#Public"])
         |> Map.put("cc", [])
+        |> Map.put("id", user.ap_id <> "/activities/12345678")
 
       data = Map.put(data, "object", object)
 
@@ -439,6 +440,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
         |> Map.put("attributedTo", user.ap_id)
         |> Map.put("to", nil)
         |> Map.put("cc", nil)
+        |> Map.put("id", user.ap_id <> "/activities/12345678")
 
       data = Map.put(data, "object", object)