FediMovies/fedimovies
1
1
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Activity

Limit number of mentions and links in remote posts

Browse source
This commit is contained in:
silverpill 2023-03-31 17:05:41 +00:00
parent 95daa94a97
commit 6604ea8a2b
4 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [Unreleased] ## [Unreleased]
### Changed
- Limit number of mentions and links in remote posts.
## [1.19.0] - 2023-03-30 ## [1.19.0] - 2023-03-30
### Added ### Added

10
src/activitypub/handlers/create.rs
View file

@ -52,6 +52,8 @@ use crate::validators::{
ATTACHMENTS_MAX_NUM, ATTACHMENTS_MAX_NUM,
CONTENT_MAX_SIZE, CONTENT_MAX_SIZE,
EMOJIS_MAX_NUM, EMOJIS_MAX_NUM,
LINKS_MAX_NUM,
MENTIONS_MAX_NUM,
}, },
tags::validate_hashtag, tags::validate_hashtag,
}; };
@ -359,6 +361,10 @@ pub async fn get_object_tags(
}; };
}; };
} else if tag_type == MENTION { } else if tag_type == MENTION {
if mentions.len() >= MENTIONS_MAX_NUM {
log::warn!("too many mentions");
continue;
};
let tag: Tag = match serde_json::from_value(tag_value) { let tag: Tag = match serde_json::from_value(tag_value) {
Ok(tag) => tag, Ok(tag) => tag,
Err(_) => { Err(_) => {
@ -436,6 +442,10 @@ pub async fn get_object_tags(
log::warn!("failed to parse mention {}", tag_name); log::warn!("failed to parse mention {}", tag_name);
}; };
} else if tag_type == LINK { } else if tag_type == LINK {
if links.len() >= LINKS_MAX_NUM {
log::warn!("too many links");
continue;
};
let tag: LinkTag = match serde_json::from_value(tag_value) { let tag: LinkTag = match serde_json::from_value(tag_value) {
Ok(tag) => tag, Ok(tag) => tag,
Err(_) => { Err(_) => {

3
src/mastodon_api/statuses/microsyntax/links.rs
View file

@ -8,6 +8,7 @@ use mitra_models::{
}; };
use crate::activitypub::fetcher::helpers::get_post_by_object_id; use crate::activitypub::fetcher::helpers::get_post_by_object_id;
use crate::validators::posts::LINKS_MAX_NUM;
// MediaWiki-like syntax: [[url|text]] // MediaWiki-like syntax: [[url|text]]
const OBJECT_LINK_SEARCH_RE: &str = r"(?m)\[\[(?P<url>[^\s\|]+)(\|(?P<text>.+?))?\]\]"; const OBJECT_LINK_SEARCH_RE: &str = r"(?m)\[\[(?P<url>[^\s\|]+)(\|(?P<text>.+?))?\]\]";
@ -48,7 +49,7 @@ pub async fn find_linked_posts(
let mut link_map: HashMap<String, Post> = HashMap::new(); let mut link_map: HashMap<String, Post> = HashMap::new();
let mut counter = 0; let mut counter = 0;
for url in links { for url in links {
if counter > 10 { if counter > LINKS_MAX_NUM {
// Limit the number of queries // Limit the number of queries
break; break;
// TODO: single database query // TODO: single database query

2
src/validators/posts.rs
View file

@ -3,6 +3,8 @@ use mitra_utils::html::clean_html_strict;
use crate::errors::ValidationError; use crate::errors::ValidationError;
pub const ATTACHMENTS_MAX_NUM: usize = 15; pub const ATTACHMENTS_MAX_NUM: usize = 15;
pub const MENTIONS_MAX_NUM: usize = 50;
pub const LINKS_MAX_NUM: usize = 10;
pub const EMOJIS_MAX_NUM: usize = 20; pub const EMOJIS_MAX_NUM: usize = 20;
pub const CONTENT_MAX_SIZE: usize = 100000; pub const CONTENT_MAX_SIZE: usize = 100000;