From 52b44184b40930a4ca7b4dc463631d7439feb726 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 23 Aug 2018 01:23:02 +0000 Subject: [PATCH] transmogrifier: reject activities lacking a valid ID --- lib/pleroma/web/activity_pub/transmogrifier.ex | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 5e07d5ea9..1367bc7e3 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -177,6 +177,12 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def fix_content_map(object), do: object + # disallow objects with bogus IDs + def handle_incoming(%{"id" => nil}), do: :error + def handle_incoming(%{"id" => ""}), do: :error + # length of https:// = 8, should validate better, but good enough for now. + def handle_incoming(%{"id" => id}) when not (is_binary(id) and length(id) > 8), do: :error + # TODO: validate those with a Ecto scheme # - tags # - emoji -- 2.45.2