From a92b1fbdedf1fafdc4a29993ffacd5bf70bfd84e Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Sun, 23 Feb 2025 17:51:25 +0400 Subject: [PATCH 01/30] UserRelationshipTest: Don't use Mock. --- config/test.exs | 1 + lib/pleroma/datetime.ex | 3 +++ lib/pleroma/datetime/impl.ex | 6 ++++++ lib/pleroma/user_relationship.ex | 10 ++++++++-- test/pleroma/user_relationship_test.exs | 22 ++++++++++++++-------- test/support/mocks.ex | 2 ++ 6 files changed, 34 insertions(+), 10 deletions(-) create mode 100644 lib/pleroma/datetime.ex create mode 100644 lib/pleroma/datetime/impl.ex diff --git a/config/test.exs b/config/test.exs index 6fe84478a..6bba555b0 100644 --- a/config/test.exs +++ b/config/test.exs @@ -144,6 +144,7 @@ config :pleroma, Pleroma.Search.Meilisearch, url: "http://127.0.0.1:7700/", priv config :phoenix, :plug_init_mode, :runtime config :pleroma, :config_impl, Pleroma.UnstubbedConfigMock +config :pleroma, :datetime_impl, Pleroma.DateTimeMock config :pleroma, Pleroma.PromEx, disabled: true diff --git a/lib/pleroma/datetime.ex b/lib/pleroma/datetime.ex new file mode 100644 index 000000000..d79cb848b --- /dev/null +++ b/lib/pleroma/datetime.ex @@ -0,0 +1,3 @@ +defmodule Pleroma.DateTime do + @callback utc_now() :: NaiveDateTime.t() +end diff --git a/lib/pleroma/datetime/impl.ex b/lib/pleroma/datetime/impl.ex new file mode 100644 index 000000000..102be047b --- /dev/null +++ b/lib/pleroma/datetime/impl.ex @@ -0,0 +1,6 @@ +defmodule Pleroma.DateTime.Impl do + @behaviour Pleroma.DateTime + + @impl true + def utc_now, do: NaiveDateTime.utc_now() +end diff --git a/lib/pleroma/user_relationship.ex b/lib/pleroma/user_relationship.ex index 82fcc1cdd..5b48d321a 100644 --- a/lib/pleroma/user_relationship.ex +++ b/lib/pleroma/user_relationship.ex @@ -55,9 +55,13 @@ defmodule Pleroma.UserRelationship do def user_relationship_mappings, do: Pleroma.UserRelationship.Type.__enum_map__() + def datetime_impl do + Application.get_env(:pleroma, :datetime_impl, Pleroma.DateTime.Impl) + end + def changeset(%UserRelationship{} = user_relationship, params \\ %{}) do user_relationship - |> cast(params, [:relationship_type, :source_id, :target_id, :expires_at]) + |> cast(params, [:relationship_type, :source_id, :target_id, :expires_at, :inserted_at]) |> validate_required([:relationship_type, :source_id, :target_id]) |> unique_constraint(:relationship_type, name: :user_relationships_source_id_relationship_type_target_id_index @@ -65,6 +69,7 @@ defmodule Pleroma.UserRelationship do |> validate_not_self_relationship() end + @spec exists?(any(), Pleroma.User.t(), Pleroma.User.t()) :: boolean() def exists?(relationship_type, %User{} = source, %User{} = target) do UserRelationship |> where(relationship_type: ^relationship_type, source_id: ^source.id, target_id: ^target.id) @@ -90,7 +95,8 @@ defmodule Pleroma.UserRelationship do relationship_type: relationship_type, source_id: source.id, target_id: target.id, - expires_at: expires_at + expires_at: expires_at, + inserted_at: datetime_impl().utc_now() }) |> Repo.insert( on_conflict: {:replace_all_except, [:id, :inserted_at]}, diff --git a/test/pleroma/user_relationship_test.exs b/test/pleroma/user_relationship_test.exs index 7d205a746..5b43cb2b6 100644 --- a/test/pleroma/user_relationship_test.exs +++ b/test/pleroma/user_relationship_test.exs @@ -3,11 +3,12 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.UserRelationshipTest do + alias Pleroma.DateTimeMock alias Pleroma.UserRelationship - use Pleroma.DataCase, async: false + use Pleroma.DataCase, async: true - import Mock + import Mox import Pleroma.Factory describe "*_exists?/2" do @@ -52,6 +53,9 @@ defmodule Pleroma.UserRelationshipTest do end test "creates user relationship record if it doesn't exist", %{users: [user1, user2]} do + DateTimeMock + |> stub_with(Pleroma.DateTime.Impl) + for relationship_type <- [ :block, :mute, @@ -80,13 +84,15 @@ defmodule Pleroma.UserRelationshipTest do end test "if record already exists, returns it", %{users: [user1, user2]} do - user_block = - with_mock NaiveDateTime, [:passthrough], utc_now: fn -> ~N[2017-03-17 17:09:58] end do - {:ok, %{inserted_at: ~N[2017-03-17 17:09:58]}} = - UserRelationship.create_block(user1, user2) - end + fixed_datetime = ~N[2017-03-17 17:09:58] - assert user_block == UserRelationship.create_block(user1, user2) + Pleroma.DateTimeMock + |> expect(:utc_now, 2, fn -> fixed_datetime end) + + {:ok, %{inserted_at: ^fixed_datetime}} = UserRelationship.create_block(user1, user2) + + # Test the idempotency without caring about the exact time + assert {:ok, _} = UserRelationship.create_block(user1, user2) end end diff --git a/test/support/mocks.ex b/test/support/mocks.ex index d84958e15..228b9882e 100644 --- a/test/support/mocks.ex +++ b/test/support/mocks.ex @@ -33,3 +33,5 @@ Mox.defmock(Pleroma.StubbedHTTPSignaturesMock, for: Pleroma.HTTPSignaturesAPI) Mox.defmock(Pleroma.LoggerMock, for: Pleroma.Logging) Mox.defmock(Pleroma.Uploaders.S3.ExAwsMock, for: Pleroma.Uploaders.S3.ExAwsAPI) + +Mox.defmock(Pleroma.DateTimeMock, for: Pleroma.DateTime) From 263b02ffcb661aafd495c2d533718378ff77f014 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Sun, 23 Feb 2025 17:52:17 +0400 Subject: [PATCH 02/30] Tests: Use StaticConfig when possible. --- test/mix/tasks/pleroma/digest_test.exs | 2 +- test/mix/tasks/pleroma/user_test.exs | 2 +- test/pleroma/conversation_test.exs | 2 +- test/pleroma/notification_test.exs | 2 +- test/pleroma/user_test.exs | 2 +- test/pleroma/web/activity_pub/activity_pub_controller_test.exs | 2 +- test/pleroma/web/admin_api/controllers/user_controller_test.exs | 2 +- .../web/mastodon_api/controllers/account_controller_test.exs | 2 +- .../mastodon_api/controllers/notification_controller_test.exs | 2 +- .../web/mastodon_api/controllers/search_controller_test.exs | 2 +- test/pleroma/web/mastodon_api/views/notification_view_test.exs | 2 +- .../pleroma_api/controllers/emoji_reaction_controller_test.exs | 2 +- test/pleroma/workers/cron/digest_emails_worker_test.exs | 2 +- test/pleroma/workers/cron/new_users_digest_worker_test.exs | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/test/mix/tasks/pleroma/digest_test.exs b/test/mix/tasks/pleroma/digest_test.exs index 08482aadb..0d1804cdb 100644 --- a/test/mix/tasks/pleroma/digest_test.exs +++ b/test/mix/tasks/pleroma/digest_test.exs @@ -24,7 +24,7 @@ defmodule Mix.Tasks.Pleroma.DigestTest do setup do: clear_config([Pleroma.Emails.Mailer, :enabled], true) setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/mix/tasks/pleroma/user_test.exs b/test/mix/tasks/pleroma/user_test.exs index c9bcf2951..7ce5e92cb 100644 --- a/test/mix/tasks/pleroma/user_test.exs +++ b/test/mix/tasks/pleroma/user_test.exs @@ -21,7 +21,7 @@ defmodule Mix.Tasks.Pleroma.UserTest do import Pleroma.Factory setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/conversation_test.exs b/test/pleroma/conversation_test.exs index 809c1951a..02b5de615 100644 --- a/test/pleroma/conversation_test.exs +++ b/test/pleroma/conversation_test.exs @@ -14,7 +14,7 @@ defmodule Pleroma.ConversationTest do setup_all do: clear_config([:instance, :federating], true) setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/notification_test.exs b/test/pleroma/notification_test.exs index e595c5c53..4b20e07cf 100644 --- a/test/pleroma/notification_test.exs +++ b/test/pleroma/notification_test.exs @@ -19,7 +19,7 @@ defmodule Pleroma.NotificationTest do alias Pleroma.Web.MastodonAPI.NotificationView setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index 06afc0709..db493616a 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -20,7 +20,7 @@ defmodule Pleroma.UserTest do import Swoosh.TestAssertions setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs index b627478dc..b08690ed2 100644 --- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs +++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs @@ -26,7 +26,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do require Pleroma.Constants setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/web/admin_api/controllers/user_controller_test.exs b/test/pleroma/web/admin_api/controllers/user_controller_test.exs index c8495c477..0e5650285 100644 --- a/test/pleroma/web/admin_api/controllers/user_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/user_controller_test.exs @@ -20,7 +20,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do alias Pleroma.Web.MediaProxy setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs index 54f6818bd..cd3107f32 100644 --- a/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs @@ -19,7 +19,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do import Pleroma.Factory setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs index 8fc22dde1..88f2fb7af 100644 --- a/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs @@ -13,7 +13,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do import Pleroma.Factory setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/web/mastodon_api/controllers/search_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/search_controller_test.exs index d38767c96..d8263dfad 100644 --- a/test/pleroma/web/mastodon_api/controllers/search_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/search_controller_test.exs @@ -14,7 +14,7 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do import Mock setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/web/mastodon_api/views/notification_view_test.exs b/test/pleroma/web/mastodon_api/views/notification_view_test.exs index b1f3523ac..ce5ddd0fc 100644 --- a/test/pleroma/web/mastodon_api/views/notification_view_test.exs +++ b/test/pleroma/web/mastodon_api/views/notification_view_test.exs @@ -23,7 +23,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do import Pleroma.Factory setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/web/pleroma_api/controllers/emoji_reaction_controller_test.exs b/test/pleroma/web/pleroma_api/controllers/emoji_reaction_controller_test.exs index 8c2dcc1bb..c1e452a1e 100644 --- a/test/pleroma/web/pleroma_api/controllers/emoji_reaction_controller_test.exs +++ b/test/pleroma/web/pleroma_api/controllers/emoji_reaction_controller_test.exs @@ -14,7 +14,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiReactionControllerTest do import Pleroma.Factory setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/workers/cron/digest_emails_worker_test.exs b/test/pleroma/workers/cron/digest_emails_worker_test.exs index e0bdf303e..46be82a4f 100644 --- a/test/pleroma/workers/cron/digest_emails_worker_test.exs +++ b/test/pleroma/workers/cron/digest_emails_worker_test.exs @@ -14,7 +14,7 @@ defmodule Pleroma.Workers.Cron.DigestEmailsWorkerTest do setup do: clear_config([:email_notifications, :digest]) setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end diff --git a/test/pleroma/workers/cron/new_users_digest_worker_test.exs b/test/pleroma/workers/cron/new_users_digest_worker_test.exs index 0e4234cc8..ca4139eac 100644 --- a/test/pleroma/workers/cron/new_users_digest_worker_test.exs +++ b/test/pleroma/workers/cron/new_users_digest_worker_test.exs @@ -11,7 +11,7 @@ defmodule Pleroma.Workers.Cron.NewUsersDigestWorkerTest do alias Pleroma.Workers.Cron.NewUsersDigestWorker setup do - Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config) + Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Test.StaticConfig) :ok end From 229ce66a8fdc7db626bdfee6a3a526ee028b510a Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Sun, 23 Feb 2025 17:52:33 +0400 Subject: [PATCH 03/30] DataCase: By default, stub DateTime. --- test/support/data_case.ex | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/support/data_case.ex b/test/support/data_case.ex index 52d4bef1a..304bee5da 100644 --- a/test/support/data_case.ex +++ b/test/support/data_case.ex @@ -117,6 +117,8 @@ defmodule Pleroma.DataCase do Mox.stub_with(Pleroma.ConfigMock, Pleroma.Config) Mox.stub_with(Pleroma.StaticStubbedConfigMock, Pleroma.Test.StaticConfig) Mox.stub_with(Pleroma.StubbedHTTPSignaturesMock, Pleroma.Test.HTTPSignaturesProxy) + + Mox.stub_with(Pleroma.DateTimeMock, Pleroma.DateTime.Impl) end def ensure_local_uploader(context) do From 4b3a985660f6db38eb411a34b2a61d250498eae2 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Mon, 24 Feb 2025 17:15:48 +0400 Subject: [PATCH 04/30] PackTest: Make test more resilient --- test/pleroma/emoji/pack_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/pleroma/emoji/pack_test.exs b/test/pleroma/emoji/pack_test.exs index 00001abfc..a05609e9a 100644 --- a/test/pleroma/emoji/pack_test.exs +++ b/test/pleroma/emoji/pack_test.exs @@ -62,7 +62,7 @@ defmodule Pleroma.Emoji.PackTest do path: Path.absname("test/instance_static/emoji/test_pack/blank.png") } - assert Pack.add_file(pack, nil, nil, file) == {:error, :einval} + assert {:error, _} = Pack.add_file(pack, nil, nil, file) end test "returns pack when zip file is empty", %{pack: pack} do From 1ebbab1618b3dbd44fde78522b7503a95a34523e Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Mon, 24 Feb 2025 17:15:59 +0400 Subject: [PATCH 05/30] AppTest: Make test more resilient. --- test/pleroma/web/o_auth/app_test.exs | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/test/pleroma/web/o_auth/app_test.exs b/test/pleroma/web/o_auth/app_test.exs index 44219cf90..a69ba371e 100644 --- a/test/pleroma/web/o_auth/app_test.exs +++ b/test/pleroma/web/o_auth/app_test.exs @@ -58,16 +58,28 @@ defmodule Pleroma.Web.OAuth.AppTest do attrs = %{client_name: "Mastodon-Local", redirect_uris: "."} {:ok, %App{} = old_app} = App.get_or_make(attrs, ["write"]) + # backdate the old app so it's within the threshold for being cleaned up + one_hour_ago = DateTime.add(DateTime.utc_now(), -3600) + + {:ok, _} = + "UPDATE apps SET inserted_at = $1, updated_at = $1 WHERE id = $2" + |> Pleroma.Repo.query([one_hour_ago, old_app.id]) + + # Create the new app after backdating the old one attrs = %{client_name: "PleromaFE", redirect_uris: "."} {:ok, %App{} = app} = App.get_or_make(attrs, ["write"]) - # backdate the old app so it's within the threshold for being cleaned up + # Ensure the new app has a recent timestamp + now = DateTime.utc_now() + {:ok, _} = - "UPDATE apps SET inserted_at = now() - interval '1 hour' WHERE id = #{old_app.id}" - |> Pleroma.Repo.query() + "UPDATE apps SET inserted_at = $1, updated_at = $1 WHERE id = $2" + |> Pleroma.Repo.query([now, app.id]) App.remove_orphans() - assert [app] == Pleroma.Repo.all(App) + assert [returned_app] = Pleroma.Repo.all(App) + assert returned_app.client_name == "PleromaFE" + assert returned_app.id == app.id end end From bee027e51163d980991f4442a3eb3b0429f0fc40 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 25 Feb 2025 16:16:15 +0400 Subject: [PATCH 06/30] DatabaseTest: Include user_follows_hashtag in expected tables --- test/mix/tasks/pleroma/database_test.exs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/mix/tasks/pleroma/database_test.exs b/test/mix/tasks/pleroma/database_test.exs index 96a925528..65c4db27c 100644 --- a/test/mix/tasks/pleroma/database_test.exs +++ b/test/mix/tasks/pleroma/database_test.exs @@ -411,8 +411,7 @@ defmodule Mix.Tasks.Pleroma.DatabaseTest do ["scheduled_activities"], ["schema_migrations"], ["thread_mutes"], - # ["user_follows_hashtag"], # not in pleroma - # ["user_frontend_setting_profiles"], # not in pleroma + ["user_follows_hashtag"], ["user_invite_tokens"], ["user_notes"], ["user_relationships"], From ee291f08e82eee596e5e8651a8bbcf7dad147dc7 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 25 Feb 2025 16:40:45 +0400 Subject: [PATCH 07/30] AnonymizeFilename: Asyncify --- config/test.exs | 3 +++ lib/pleroma/upload/filter/anonymize_filename.ex | 4 ++-- .../upload/filter/anonymize_filename_test.exs | 17 ++++++++++++----- test/pleroma/upload/filter_test.exs | 7 ++++--- 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/config/test.exs b/config/test.exs index 6bba555b0..f413af5c2 100644 --- a/config/test.exs +++ b/config/test.exs @@ -159,6 +159,9 @@ config :pleroma, Pleroma.Uploaders.IPFS, config_impl: Pleroma.UnstubbedConfigMoc config :pleroma, Pleroma.Web.Plugs.HTTPSecurityPlug, config_impl: Pleroma.StaticStubbedConfigMock config :pleroma, Pleroma.Web.Plugs.HTTPSignaturePlug, config_impl: Pleroma.StaticStubbedConfigMock +config :pleroma, Pleroma.Upload.Filter.AnonymizeFilename, + config_impl: Pleroma.StaticStubbedConfigMock + config :pleroma, Pleroma.Signature, http_signatures_impl: Pleroma.StubbedHTTPSignaturesMock peer_module = diff --git a/lib/pleroma/upload/filter/anonymize_filename.ex b/lib/pleroma/upload/filter/anonymize_filename.ex index 234ccb6bb..c0ad70368 100644 --- a/lib/pleroma/upload/filter/anonymize_filename.ex +++ b/lib/pleroma/upload/filter/anonymize_filename.ex @@ -10,7 +10,7 @@ defmodule Pleroma.Upload.Filter.AnonymizeFilename do """ @behaviour Pleroma.Upload.Filter - alias Pleroma.Config + @config_impl Application.compile_env(:pleroma, [__MODULE__, :config_impl], Pleroma.Config) alias Pleroma.Upload def filter(%Upload{name: name} = upload) do @@ -23,7 +23,7 @@ defmodule Pleroma.Upload.Filter.AnonymizeFilename do @spec predefined_name(String.t()) :: String.t() | nil defp predefined_name(extension) do - with name when not is_nil(name) <- Config.get([__MODULE__, :text]), + with name when not is_nil(name) <- @config_impl.get([__MODULE__, :text]), do: String.replace(name, "{extension}", extension) end diff --git a/test/pleroma/upload/filter/anonymize_filename_test.exs b/test/pleroma/upload/filter/anonymize_filename_test.exs index 9b94b91c3..0f817a5a1 100644 --- a/test/pleroma/upload/filter/anonymize_filename_test.exs +++ b/test/pleroma/upload/filter/anonymize_filename_test.exs @@ -3,9 +3,11 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Upload.Filter.AnonymizeFilenameTest do - use Pleroma.DataCase + use Pleroma.DataCase, async: true + import Mox alias Pleroma.Upload + alias Pleroma.StaticStubbedConfigMock, as: ConfigMock setup do File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") @@ -19,21 +21,26 @@ defmodule Pleroma.Upload.Filter.AnonymizeFilenameTest do %{upload_file: upload_file} end - setup do: clear_config([Pleroma.Upload.Filter.AnonymizeFilename, :text]) - test "it replaces filename on pre-defined text", %{upload_file: upload_file} do - clear_config([Upload.Filter.AnonymizeFilename, :text], "custom-file.png") + ConfigMock + |> stub(:get, fn [Upload.Filter.AnonymizeFilename, :text] -> "custom-file.png" end) + {:ok, :filtered, %Upload{name: name}} = Upload.Filter.AnonymizeFilename.filter(upload_file) assert name == "custom-file.png" end test "it replaces filename on pre-defined text expression", %{upload_file: upload_file} do - clear_config([Upload.Filter.AnonymizeFilename, :text], "custom-file.{extension}") + ConfigMock + |> stub(:get, fn [Upload.Filter.AnonymizeFilename, :text] -> "custom-file.{extension}" end) + {:ok, :filtered, %Upload{name: name}} = Upload.Filter.AnonymizeFilename.filter(upload_file) assert name == "custom-file.jpg" end test "it replaces filename on random text", %{upload_file: upload_file} do + ConfigMock + |> stub(:get, fn [Upload.Filter.AnonymizeFilename, :text] -> nil end) + {:ok, :filtered, %Upload{name: name}} = Upload.Filter.AnonymizeFilename.filter(upload_file) assert <<_::bytes-size(14)>> <> ".jpg" = name refute name == "an… image.jpg" diff --git a/test/pleroma/upload/filter_test.exs b/test/pleroma/upload/filter_test.exs index 706fc9ac7..79bc369a6 100644 --- a/test/pleroma/upload/filter_test.exs +++ b/test/pleroma/upload/filter_test.exs @@ -5,12 +5,13 @@ defmodule Pleroma.Upload.FilterTest do use Pleroma.DataCase + import Mox alias Pleroma.Upload.Filter - - setup do: clear_config([Pleroma.Upload.Filter.AnonymizeFilename, :text]) + alias Pleroma.StaticStubbedConfigMock, as: ConfigMock test "applies filters" do - clear_config([Pleroma.Upload.Filter.AnonymizeFilename, :text], "custom-file.png") + ConfigMock + |> stub(:get, fn [Pleroma.Upload.Filter.AnonymizeFilename, :text] -> "custom-file.png" end) File.cp!( "test/fixtures/image.jpg", From c31fabdebddbd434a9fcff57cb36613f52ebc6a2 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 25 Feb 2025 17:08:21 +0400 Subject: [PATCH 08/30] Mogrify/Mogrifun: Asyncify --- config/test.exs | 3 ++ lib/pleroma/config.ex | 1 + lib/pleroma/config/getting.ex | 3 ++ lib/pleroma/mogrify.ex | 42 ++++++++++++++++++++ lib/pleroma/upload/filter/mogrify.ex | 17 +++++--- test/pleroma/upload/filter/mogrifun_test.exs | 28 +++++-------- test/pleroma/upload/filter/mogrify_test.exs | 29 ++++++-------- test/support/mocks.ex | 1 + test/test_helper.exs | 6 +++ 9 files changed, 90 insertions(+), 40 deletions(-) create mode 100644 lib/pleroma/mogrify.ex diff --git a/config/test.exs b/config/test.exs index f413af5c2..4bf1de5a0 100644 --- a/config/test.exs +++ b/config/test.exs @@ -162,6 +162,9 @@ config :pleroma, Pleroma.Web.Plugs.HTTPSignaturePlug, config_impl: Pleroma.Stati config :pleroma, Pleroma.Upload.Filter.AnonymizeFilename, config_impl: Pleroma.StaticStubbedConfigMock +config :pleroma, Pleroma.Upload.Filter.Mogrify, config_impl: Pleroma.StaticStubbedConfigMock +config :pleroma, Pleroma.Upload.Filter.Mogrify, mogrify_impl: Pleroma.MogrifyMock + config :pleroma, Pleroma.Signature, http_signatures_impl: Pleroma.StubbedHTTPSignaturesMock peer_module = diff --git a/lib/pleroma/config.ex b/lib/pleroma/config.ex index cf1453c9b..1bc371dec 100644 --- a/lib/pleroma/config.ex +++ b/lib/pleroma/config.ex @@ -27,6 +27,7 @@ defmodule Pleroma.Config do Application.get_env(:pleroma, key, default) end + @impl true def get!(key) do value = get(key, nil) diff --git a/lib/pleroma/config/getting.ex b/lib/pleroma/config/getting.ex index ec93fd02a..adf764f89 100644 --- a/lib/pleroma/config/getting.ex +++ b/lib/pleroma/config/getting.ex @@ -5,10 +5,13 @@ defmodule Pleroma.Config.Getting do @callback get(any()) :: any() @callback get(any(), any()) :: any() + @callback get!(any()) :: any() def get(key), do: get(key, nil) def get(key, default), do: impl().get(key, default) + def get!(key), do: impl().get!(key) + def impl do Application.get_env(:pleroma, :config_impl, Pleroma.Config) end diff --git a/lib/pleroma/mogrify.ex b/lib/pleroma/mogrify.ex new file mode 100644 index 000000000..77725e8f2 --- /dev/null +++ b/lib/pleroma/mogrify.ex @@ -0,0 +1,42 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2022 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.MogrifyBehaviour do + @moduledoc """ + Behaviour for Mogrify operations. + This module defines the interface for Mogrify operations that can be mocked in tests. + """ + + @callback open(binary()) :: map() + @callback custom(map(), binary()) :: map() + @callback custom(map(), binary(), binary()) :: map() + @callback save(map(), keyword()) :: map() +end + +defmodule Pleroma.MogrifyWrapper do + @moduledoc """ + Default implementation of MogrifyBehaviour that delegates to Mogrify. + """ + @behaviour Pleroma.MogrifyBehaviour + + @impl true + def open(file) do + Mogrify.open(file) + end + + @impl true + def custom(image, action) do + Mogrify.custom(image, action) + end + + @impl true + def custom(image, action, options) do + Mogrify.custom(image, action, options) + end + + @impl true + def save(image, opts) do + Mogrify.save(image, opts) + end +end diff --git a/lib/pleroma/upload/filter/mogrify.ex b/lib/pleroma/upload/filter/mogrify.ex index d1e166022..7c7431db6 100644 --- a/lib/pleroma/upload/filter/mogrify.ex +++ b/lib/pleroma/upload/filter/mogrify.ex @@ -8,9 +8,16 @@ defmodule Pleroma.Upload.Filter.Mogrify do @type conversion :: action :: String.t() | {action :: String.t(), opts :: String.t()} @type conversions :: conversion() | [conversion()] + @config_impl Application.compile_env(:pleroma, [__MODULE__, :config_impl], Pleroma.Config) + @mogrify_impl Application.compile_env( + :pleroma, + [__MODULE__, :mogrify_impl], + Pleroma.MogrifyWrapper + ) + def filter(%Pleroma.Upload{tempfile: file, content_type: "image" <> _}) do try do - do_filter(file, Pleroma.Config.get!([__MODULE__, :args])) + do_filter(file, @config_impl.get!([__MODULE__, :args])) {:ok, :filtered} rescue e in ErlangError -> @@ -22,9 +29,9 @@ defmodule Pleroma.Upload.Filter.Mogrify do def do_filter(file, filters) do file - |> Mogrify.open() + |> @mogrify_impl.open() |> mogrify_filter(filters) - |> Mogrify.save(in_place: true) + |> @mogrify_impl.save(in_place: true) end defp mogrify_filter(mogrify, nil), do: mogrify @@ -38,10 +45,10 @@ defmodule Pleroma.Upload.Filter.Mogrify do defp mogrify_filter(mogrify, []), do: mogrify defp mogrify_filter(mogrify, {action, options}) do - Mogrify.custom(mogrify, action, options) + @mogrify_impl.custom(mogrify, action, options) end defp mogrify_filter(mogrify, action) when is_binary(action) do - Mogrify.custom(mogrify, action) + @mogrify_impl.custom(mogrify, action) end end diff --git a/test/pleroma/upload/filter/mogrifun_test.exs b/test/pleroma/upload/filter/mogrifun_test.exs index bf9b65589..4de998c88 100644 --- a/test/pleroma/upload/filter/mogrifun_test.exs +++ b/test/pleroma/upload/filter/mogrifun_test.exs @@ -3,11 +3,12 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Upload.Filter.MogrifunTest do - use Pleroma.DataCase - import Mock + use Pleroma.DataCase, async: true + import Mox alias Pleroma.Upload alias Pleroma.Upload.Filter + alias Pleroma.MogrifyMock test "apply mogrify filter" do File.cp!( @@ -22,23 +23,12 @@ defmodule Pleroma.Upload.Filter.MogrifunTest do tempfile: Path.absname("test/fixtures/image_tmp.jpg") } - task = - Task.async(fn -> - assert_receive {:apply_filter, {}}, 4_000 - end) + MogrifyMock + |> stub(:open, fn _file -> %{} end) + |> stub(:custom, fn _image, _action -> %{} end) + |> stub(:custom, fn _image, _action, _options -> %{} end) + |> stub(:save, fn _image, [in_place: true] -> :ok end) - with_mocks([ - {Mogrify, [], - [ - open: fn _f -> %Mogrify.Image{} end, - custom: fn _m, _a -> send(task.pid, {:apply_filter, {}}) end, - custom: fn _m, _a, _o -> send(task.pid, {:apply_filter, {}}) end, - save: fn _f, _o -> :ok end - ]} - ]) do - assert Filter.Mogrifun.filter(upload) == {:ok, :filtered} - end - - Task.await(task) + assert Filter.Mogrifun.filter(upload) == {:ok, :filtered} end end diff --git a/test/pleroma/upload/filter/mogrify_test.exs b/test/pleroma/upload/filter/mogrify_test.exs index 208da57ca..6826faafe 100644 --- a/test/pleroma/upload/filter/mogrify_test.exs +++ b/test/pleroma/upload/filter/mogrify_test.exs @@ -3,13 +3,18 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Upload.Filter.MogrifyTest do - use Pleroma.DataCase - import Mock + use Pleroma.DataCase, async: true + import Mox alias Pleroma.Upload.Filter + alias Pleroma.StaticStubbedConfigMock, as: ConfigMock + alias Pleroma.MogrifyMock + + setup :verify_on_exit! test "apply mogrify filter" do - clear_config(Filter.Mogrify, args: [{"tint", "40"}]) + ConfigMock + |> stub(:get!, fn [Filter.Mogrify, :args] -> [{"tint", "40"}] end) File.cp!( "test/fixtures/image.jpg", @@ -23,19 +28,11 @@ defmodule Pleroma.Upload.Filter.MogrifyTest do tempfile: Path.absname("test/fixtures/image_tmp.jpg") } - task = - Task.async(fn -> - assert_receive {:apply_filter, {_, "tint", "40"}}, 4_000 - end) + MogrifyMock + |> expect(:open, fn _file -> %{} end) + |> expect(:custom, fn _image, "tint", "40" -> %{} end) + |> expect(:save, fn _image, [in_place: true] -> :ok end) - with_mock Mogrify, - open: fn _f -> %Mogrify.Image{} end, - custom: fn _m, _a -> :ok end, - custom: fn m, a, o -> send(task.pid, {:apply_filter, {m, a, o}}) end, - save: fn _f, _o -> :ok end do - assert Filter.Mogrify.filter(upload) == {:ok, :filtered} - end - - Task.await(task) + assert Filter.Mogrify.filter(upload) == {:ok, :filtered} end end diff --git a/test/support/mocks.ex b/test/support/mocks.ex index 228b9882e..ca2974504 100644 --- a/test/support/mocks.ex +++ b/test/support/mocks.ex @@ -35,3 +35,4 @@ Mox.defmock(Pleroma.LoggerMock, for: Pleroma.Logging) Mox.defmock(Pleroma.Uploaders.S3.ExAwsMock, for: Pleroma.Uploaders.S3.ExAwsAPI) Mox.defmock(Pleroma.DateTimeMock, for: Pleroma.DateTime) +Mox.defmock(Pleroma.MogrifyMock, for: Pleroma.MogrifyBehaviour) diff --git a/test/test_helper.exs b/test/test_helper.exs index fed7ce8a7..94661353b 100644 --- a/test/test_helper.exs +++ b/test/test_helper.exs @@ -34,7 +34,13 @@ defmodule Pleroma.Test.StaticConfig do @behaviour Pleroma.Config.Getting @config Application.get_all_env(:pleroma) + @impl true def get(path, default \\ nil) do get_in(@config, path) || default end + + @impl true + def get!(path) do + get_in(@config, path) + end end From fd128ec7c2d73842a168a25c1a9e67c6c23504e6 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 25 Feb 2025 17:18:49 +0400 Subject: [PATCH 09/30] ConfigControllerTest: Fix it! --- .../admin_api/controllers/config_controller_test.exs | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/test/pleroma/web/admin_api/controllers/config_controller_test.exs b/test/pleroma/web/admin_api/controllers/config_controller_test.exs index dc12155f5..e12115ea1 100644 --- a/test/pleroma/web/admin_api/controllers/config_controller_test.exs +++ b/test/pleroma/web/admin_api/controllers/config_controller_test.exs @@ -1211,8 +1211,6 @@ defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do end test "args for Pleroma.Upload.Filter.Mogrify with custom tuples", %{conn: conn} do - clear_config(Pleroma.Upload.Filter.Mogrify) - assert conn |> put_req_header("content-type", "application/json") |> post("/api/pleroma/admin/config", %{ @@ -1240,7 +1238,8 @@ defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do "need_reboot" => false } - assert Config.get(Pleroma.Upload.Filter.Mogrify) == [args: ["auto-orient", "strip"]] + config = Config.get(Pleroma.Upload.Filter.Mogrify) + assert {:args, ["auto-orient", "strip"]} in config assert conn |> put_req_header("content-type", "application/json") @@ -1289,9 +1288,9 @@ defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do "need_reboot" => false } - assert Config.get(Pleroma.Upload.Filter.Mogrify) == [ - args: ["auto-orient", "strip", {"implode", "1"}, {"resize", "3840x1080>"}] - ] + config = Config.get(Pleroma.Upload.Filter.Mogrify) + + assert {:args, ["auto-orient", "strip", {"implode", "1"}, {"resize", "3840x1080>"}]} in config end test "enables the welcome messages", %{conn: conn} do From 70a784e16a72426522c5045ec8281a59f0298ffd Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 25 Feb 2025 17:36:05 +0400 Subject: [PATCH 10/30] AutolinkerToLinkifyTest: Asyncify --- test/pleroma/repo/migrations/autolinker_to_linkify_test.exs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/pleroma/repo/migrations/autolinker_to_linkify_test.exs b/test/pleroma/repo/migrations/autolinker_to_linkify_test.exs index 9847781f0..99522994a 100644 --- a/test/pleroma/repo/migrations/autolinker_to_linkify_test.exs +++ b/test/pleroma/repo/migrations/autolinker_to_linkify_test.exs @@ -3,12 +3,11 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Repo.Migrations.AutolinkerToLinkifyTest do - use Pleroma.DataCase + use Pleroma.DataCase, async: true import Pleroma.Factory import Pleroma.Tests.Helpers alias Pleroma.ConfigDB - setup do: clear_config(Pleroma.Formatter) setup_all do: require_migration("20200716195806_autolinker_to_linkify") test "change/0 converts auto_linker opts for Pleroma.Formatter", %{migration: migration} do From bc722623b3109abca1048da99cb7d1df18630674 Mon Sep 17 00:00:00 2001 From: mkljczk Date: Sun, 2 Mar 2025 16:43:34 +0100 Subject: [PATCH 11/30] remove changelog entries from changelog.d Signed-off-by: mkljczk --- changelog.d/301-small-image-redirect.change | 1 - changelog.d/actor-published-date.add | 1 - changelog.d/backup-links.add | 1 - changelog.d/c2s-update-verify.fix | 1 - changelog.d/description-update-suggestions.skip | 0 changelog.d/ensure-authorized-fetch.security | 1 - changelog.d/fix-mastodon-edits.fix | 1 - changelog.d/fix-wrong-config-section.skip | 0 changelog.d/follow-hashtags.add | 1 - changelog.d/incoming-scrobbles.fix | 1 - changelog.d/post-languages.add | 1 - changelog.d/retire_mrfs.remove | 1 - changelog.d/rich-media-ignore-host.fix | 1 - changelog.d/rich-media-twittercard.fix | 1 - changelog.d/twittercard-tag-order.fix | 1 - changelog.d/vips-blurhash.fix | 1 - 16 files changed, 14 deletions(-) delete mode 100644 changelog.d/301-small-image-redirect.change delete mode 100644 changelog.d/actor-published-date.add delete mode 100644 changelog.d/backup-links.add delete mode 100644 changelog.d/c2s-update-verify.fix delete mode 100644 changelog.d/description-update-suggestions.skip delete mode 100644 changelog.d/ensure-authorized-fetch.security delete mode 100644 changelog.d/fix-mastodon-edits.fix delete mode 100644 changelog.d/fix-wrong-config-section.skip delete mode 100644 changelog.d/follow-hashtags.add delete mode 100644 changelog.d/incoming-scrobbles.fix delete mode 100644 changelog.d/post-languages.add delete mode 100644 changelog.d/retire_mrfs.remove delete mode 100644 changelog.d/rich-media-ignore-host.fix delete mode 100644 changelog.d/rich-media-twittercard.fix delete mode 100644 changelog.d/twittercard-tag-order.fix delete mode 100644 changelog.d/vips-blurhash.fix diff --git a/changelog.d/301-small-image-redirect.change b/changelog.d/301-small-image-redirect.change deleted file mode 100644 index c5be80539..000000000 --- a/changelog.d/301-small-image-redirect.change +++ /dev/null @@ -1 +0,0 @@ -Performance: Use 301 (permanent) redirect instead of 302 (temporary) when redirecting small images in media proxy. This allows browsers to cache the redirect response. \ No newline at end of file diff --git a/changelog.d/actor-published-date.add b/changelog.d/actor-published-date.add deleted file mode 100644 index feac85894..000000000 --- a/changelog.d/actor-published-date.add +++ /dev/null @@ -1 +0,0 @@ -Include "published" in actor view diff --git a/changelog.d/backup-links.add b/changelog.d/backup-links.add deleted file mode 100644 index ff19e736b..000000000 --- a/changelog.d/backup-links.add +++ /dev/null @@ -1 +0,0 @@ -Link to exported outbox/followers/following collections in backup actor.json diff --git a/changelog.d/c2s-update-verify.fix b/changelog.d/c2s-update-verify.fix deleted file mode 100644 index a4dfe7c07..000000000 --- a/changelog.d/c2s-update-verify.fix +++ /dev/null @@ -1 +0,0 @@ -Verify a local Update sent through AP C2S so users can only update their own objects diff --git a/changelog.d/description-update-suggestions.skip b/changelog.d/description-update-suggestions.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/ensure-authorized-fetch.security b/changelog.d/ensure-authorized-fetch.security deleted file mode 100644 index 200abdae0..000000000 --- a/changelog.d/ensure-authorized-fetch.security +++ /dev/null @@ -1 +0,0 @@ -Require HTTP signatures (if enabled) for routes used by both C2S and S2S AP API \ No newline at end of file diff --git a/changelog.d/fix-mastodon-edits.fix b/changelog.d/fix-mastodon-edits.fix deleted file mode 100644 index 2e79977e0..000000000 --- a/changelog.d/fix-mastodon-edits.fix +++ /dev/null @@ -1 +0,0 @@ -Fix Mastodon incoming edits with inlined "likes" diff --git a/changelog.d/fix-wrong-config-section.skip b/changelog.d/fix-wrong-config-section.skip deleted file mode 100644 index e69de29bb..000000000 diff --git a/changelog.d/follow-hashtags.add b/changelog.d/follow-hashtags.add deleted file mode 100644 index a4994b92b..000000000 --- a/changelog.d/follow-hashtags.add +++ /dev/null @@ -1 +0,0 @@ -Hashtag following diff --git a/changelog.d/incoming-scrobbles.fix b/changelog.d/incoming-scrobbles.fix deleted file mode 100644 index fb1e2581c..000000000 --- a/changelog.d/incoming-scrobbles.fix +++ /dev/null @@ -1 +0,0 @@ -Allow incoming "Listen" activities diff --git a/changelog.d/post-languages.add b/changelog.d/post-languages.add deleted file mode 100644 index 04b350f3f..000000000 --- a/changelog.d/post-languages.add +++ /dev/null @@ -1 +0,0 @@ -Allow to specify post language \ No newline at end of file diff --git a/changelog.d/retire_mrfs.remove b/changelog.d/retire_mrfs.remove deleted file mode 100644 index 2637f376a..000000000 --- a/changelog.d/retire_mrfs.remove +++ /dev/null @@ -1 +0,0 @@ -Retire MRFs DNSRBL, FODirectReply, and QuietReply diff --git a/changelog.d/rich-media-ignore-host.fix b/changelog.d/rich-media-ignore-host.fix deleted file mode 100644 index b70866ac7..000000000 --- a/changelog.d/rich-media-ignore-host.fix +++ /dev/null @@ -1 +0,0 @@ -Fix missing check for domain presence in rich media ignore_host configuration diff --git a/changelog.d/rich-media-twittercard.fix b/changelog.d/rich-media-twittercard.fix deleted file mode 100644 index 16da54874..000000000 --- a/changelog.d/rich-media-twittercard.fix +++ /dev/null @@ -1 +0,0 @@ -Fix Rich Media parsing of TwitterCards/OpenGraph to adhere to the spec and always choose the first image if multiple are provided. diff --git a/changelog.d/twittercard-tag-order.fix b/changelog.d/twittercard-tag-order.fix deleted file mode 100644 index f26fc5bb9..000000000 --- a/changelog.d/twittercard-tag-order.fix +++ /dev/null @@ -1 +0,0 @@ -Fix OpenGraph/TwitterCard meta tag ordering for posts with multiple attachments diff --git a/changelog.d/vips-blurhash.fix b/changelog.d/vips-blurhash.fix deleted file mode 100644 index 9e8951b15..000000000 --- a/changelog.d/vips-blurhash.fix +++ /dev/null @@ -1 +0,0 @@ -Fix blurhash generation crashes From 7bfa3bf282bf18eed190df6665157d4e886893e9 Mon Sep 17 00:00:00 2001 From: mkljczk Date: Sun, 2 Mar 2025 16:36:59 +0100 Subject: [PATCH 12/30] Include my frontend in available frontends Signed-off-by: mkljczk --- changelog.d/pl-fe.change | 1 + config/config.exs | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 changelog.d/pl-fe.change diff --git a/changelog.d/pl-fe.change b/changelog.d/pl-fe.change new file mode 100644 index 000000000..7e3e4b59e --- /dev/null +++ b/changelog.d/pl-fe.change @@ -0,0 +1 @@ +Include `pl-fe` in available frontends diff --git a/config/config.exs b/config/config.exs index 31783b488..643f15414 100644 --- a/config/config.exs +++ b/config/config.exs @@ -806,6 +806,13 @@ config :pleroma, :frontends, "https://lily-is.land/infra/glitch-lily/-/jobs/artifacts/${ref}/download?job=build", "ref" => "servant", "build_dir" => "public" + }, + "pl-fe" => %{ + "name" => "pl-fe", + "git" => "https://github.com/mkljczk/pl-fe", + "build_url" => "https://pl.mkljczk.pl/pl-fe.zip", + "ref" => "develop", + "build_dir" => "." } } From a184eccde76579ca2eebc40c8dff1eeec7579a3f Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Sun, 2 Mar 2025 23:18:51 +0400 Subject: [PATCH 13/30] Safezip: Fix test (issue was a difference in file ordering between otp26 and otp27) --- test/pleroma/safe_zip_test.exs | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/test/pleroma/safe_zip_test.exs b/test/pleroma/safe_zip_test.exs index 22425785a..3312d4e63 100644 --- a/test/pleroma/safe_zip_test.exs +++ b/test/pleroma/safe_zip_test.exs @@ -179,7 +179,6 @@ defmodule Pleroma.SafeZipTest do end describe "unzip_file/3" do - @tag :skip test "extracts files from a zip archive" do archive_path = Path.join(@fixtures_dir, "emojis.zip") @@ -194,7 +193,7 @@ defmodule Pleroma.SafeZipTest do first_file = List.first(files) # Simply check that the file exists in the tmp directory - assert File.exists?(Path.join(@tmp_dir, Path.basename(first_file))) + assert File.exists?(first_file) end test "extracts specific files from a zip archive" do @@ -251,7 +250,6 @@ defmodule Pleroma.SafeZipTest do end describe "unzip_data/3" do - @tag :skip test "extracts files from zip data" do archive_path = Path.join(@fixtures_dir, "emojis.zip") archive_data = File.read!(archive_path) @@ -267,10 +265,9 @@ defmodule Pleroma.SafeZipTest do first_file = List.first(files) # Simply check that the file exists in the tmp directory - assert File.exists?(Path.join(@tmp_dir, Path.basename(first_file))) + assert File.exists?(first_file) end - @tag :skip test "extracts specific files from zip data" do archive_path = Path.join(@fixtures_dir, "emojis.zip") archive_data = File.read!(archive_path) From be3bbe58633f46471e3600440ca1ef81486d77fa Mon Sep 17 00:00:00 2001 From: Mikka van der Velde Date: Sat, 8 Mar 2025 15:29:01 +0000 Subject: [PATCH 14/30] Edit debian_based_en.md --- docs/installation/debian_based_en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/installation/debian_based_en.md b/docs/installation/debian_based_en.md index 21cfe2bff..30f48792d 100644 --- a/docs/installation/debian_based_en.md +++ b/docs/installation/debian_based_en.md @@ -72,7 +72,7 @@ sudo -Hu pleroma mix deps.get * Generate the configuration: ```shell -sudo -Hu pleroma MIX_ENV=prod mix pleroma.instance gen` +sudo -Hu pleroma MIX_ENV=prod mix pleroma.instance gen ``` * During this process: From 5cf0321bc752dc729d21c56229026bec991be75e Mon Sep 17 00:00:00 2001 From: Mikka van der Velde Date: Sat, 8 Mar 2025 15:33:36 +0000 Subject: [PATCH 15/30] Add new file --- changelog.d/debian-distro-docs-pleromaBE.fix | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 changelog.d/debian-distro-docs-pleromaBE.fix diff --git a/changelog.d/debian-distro-docs-pleromaBE.fix b/changelog.d/debian-distro-docs-pleromaBE.fix new file mode 100644 index 000000000..e69de29bb From 35033b6f3e50a1aa38082f3a43a40560f9036d54 Mon Sep 17 00:00:00 2001 From: Mikka van der Velde Date: Sat, 8 Mar 2025 15:34:32 +0000 Subject: [PATCH 16/30] Edit debian-distro-docs-pleromaBE.fix --- changelog.d/debian-distro-docs-pleromaBE.fix | 1 + 1 file changed, 1 insertion(+) diff --git a/changelog.d/debian-distro-docs-pleromaBE.fix b/changelog.d/debian-distro-docs-pleromaBE.fix index e69de29bb..d43477ba9 100644 --- a/changelog.d/debian-distro-docs-pleromaBE.fix +++ b/changelog.d/debian-distro-docs-pleromaBE.fix @@ -0,0 +1 @@ +Remove trailing ` from end of line 75 which caused issues copy-pasting \ No newline at end of file From b469b9d9d358a30642d1221a01125af9b6399ff4 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Mon, 10 Mar 2025 16:48:54 +0400 Subject: [PATCH 17/30] . --- changelog.d/content-type-sanitize.security | 1 + config/config.exs | 3 +- config/description.exs | 13 +++++++ lib/pleroma/web/plugs/uploaded_media.ex | 17 ++++++++- lib/pleroma/web/plugs/utils.ex | 14 +++++++ .../pleroma/web/plugs/uploaded_media_test.exs | 38 +++++++++++++++++++ 6 files changed, 83 insertions(+), 3 deletions(-) create mode 100644 changelog.d/content-type-sanitize.security create mode 100644 lib/pleroma/web/plugs/utils.ex create mode 100644 test/pleroma/web/plugs/uploaded_media_test.exs diff --git a/changelog.d/content-type-sanitize.security b/changelog.d/content-type-sanitize.security new file mode 100644 index 000000000..a70b49f35 --- /dev/null +++ b/changelog.d/content-type-sanitize.security @@ -0,0 +1 @@ +Fix content-type spoofing vulnerability that could allow users to upload ActivityPub objects as attachments \ No newline at end of file diff --git a/config/config.exs b/config/config.exs index 643f15414..50672cfc8 100644 --- a/config/config.exs +++ b/config/config.exs @@ -65,7 +65,8 @@ config :pleroma, Pleroma.Upload, proxy_remote: false, filename_display_max_length: 30, default_description: nil, - base_url: nil + base_url: nil, + allowed_mime_types: ["image", "audio", "video"] config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads" diff --git a/config/description.exs b/config/description.exs index f091e4924..996978298 100644 --- a/config/description.exs +++ b/config/description.exs @@ -117,6 +117,19 @@ config :pleroma, :config_description, [ key: :filename_display_max_length, type: :integer, description: "Set max length of a filename to display. 0 = no limit. Default: 30" + }, + %{ + key: :allowed_mime_types, + label: "Allowed MIME types", + type: {:list, :string}, + description: + "List of MIME (main) types uploads are allowed to identify themselves with. Other types may still be uploaded, but will identify as a generic binary to clients. WARNING: Loosening this over the defaults can lead to security issues. Removing types is safe, but only add to the list if you are sure you know what you are doing.", + suggestions: [ + "image", + "audio", + "video", + "font" + ] } ] }, diff --git a/lib/pleroma/web/plugs/uploaded_media.ex b/lib/pleroma/web/plugs/uploaded_media.ex index f1076da1b..3c5f086f7 100644 --- a/lib/pleroma/web/plugs/uploaded_media.ex +++ b/lib/pleroma/web/plugs/uploaded_media.ex @@ -11,6 +11,7 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do require Logger alias Pleroma.Web.MediaProxy + alias Pleroma.Web.Plugs.Utils @behaviour Plug # no slashes @@ -28,7 +29,9 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do |> Keyword.put(:at, "/__unconfigured_media_plug") |> Plug.Static.init() - %{static_plug_opts: static_plug_opts} + allowed_mime_types = Pleroma.Config.get([Pleroma.Upload, :allowed_mime_types]) + + %{static_plug_opts: static_plug_opts, allowed_mime_types: allowed_mime_types} end def call(%{request_path: <<"/", @path, "/", file::binary>>} = conn, opts) do @@ -69,13 +72,23 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do defp media_is_banned(_, _), do: false + defp set_content_type(conn, opts, filepath) do + real_mime = MIME.from_path(filepath) + clean_mime = Utils.get_safe_mime_type(opts, real_mime) + put_resp_header(conn, "content-type", clean_mime) + end + defp get_media(conn, {:static_dir, directory}, _, opts) do static_opts = Map.get(opts, :static_plug_opts) |> Map.put(:at, [@path]) |> Map.put(:from, directory) + |> Map.put(:content_type, false) - conn = Plug.Static.call(conn, static_opts) + conn = + conn + |> set_content_type(opts, conn.request_path) + |> Plug.Static.call(static_opts) if conn.halted do conn diff --git a/lib/pleroma/web/plugs/utils.ex b/lib/pleroma/web/plugs/utils.ex new file mode 100644 index 000000000..05e0fbe84 --- /dev/null +++ b/lib/pleroma/web/plugs/utils.ex @@ -0,0 +1,14 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2022 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Plugs.Utils do + @moduledoc """ + Some helper functions shared across several plugs + """ + + def get_safe_mime_type(%{allowed_mime_types: allowed_mime_types} = _opts, mime) do + [maintype | _] = String.split(mime, "/", parts: 2) + if maintype in allowed_mime_types, do: mime, else: "application/octet-stream" + end +end diff --git a/test/pleroma/web/plugs/uploaded_media_test.exs b/test/pleroma/web/plugs/uploaded_media_test.exs new file mode 100644 index 000000000..b260fd03b --- /dev/null +++ b/test/pleroma/web/plugs/uploaded_media_test.exs @@ -0,0 +1,38 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2022 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Plugs.UploadedMediaTest do + use Pleroma.Web.ConnCase, async: false + + alias Pleroma.StaticStubbedConfigMock + alias Pleroma.Web.Plugs.Utils + + setup do + Mox.stub_with(StaticStubbedConfigMock, Pleroma.Test.StaticConfig) + + {:ok, %{}} + end + + describe "content-type sanitization with Utils.get_safe_mime_type/2" do + test "it allows safe MIME types" do + opts = %{allowed_mime_types: ["image", "audio", "video"]} + + assert Utils.get_safe_mime_type(opts, "image/jpeg") == "image/jpeg" + assert Utils.get_safe_mime_type(opts, "audio/mpeg") == "audio/mpeg" + assert Utils.get_safe_mime_type(opts, "video/mp4") == "video/mp4" + end + + test "it sanitizes potentially dangerous content-types" do + opts = %{allowed_mime_types: ["image", "audio", "video"]} + + assert Utils.get_safe_mime_type(opts, "application/activity+json") == + "application/octet-stream" + + assert Utils.get_safe_mime_type(opts, "text/html") == "application/octet-stream" + + assert Utils.get_safe_mime_type(opts, "application/javascript") == + "application/octet-stream" + end + end +end From 1dd9ba5d6fa45a8965703c96e9823ac7e41c52be Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Mon, 10 Mar 2025 17:23:21 +0400 Subject: [PATCH 18/30] Sanitize media uploads. --- lib/pleroma/web/plugs/uploaded_media.ex | 2 +- .../controllers/media_controller_test.exs | 89 +++++++++++++++++++ .../pleroma/web/plugs/uploaded_media_test.exs | 31 +++++-- 3 files changed, 113 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/plugs/uploaded_media.ex b/lib/pleroma/web/plugs/uploaded_media.ex index 3c5f086f7..abacf965b 100644 --- a/lib/pleroma/web/plugs/uploaded_media.ex +++ b/lib/pleroma/web/plugs/uploaded_media.ex @@ -83,7 +83,7 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do Map.get(opts, :static_plug_opts) |> Map.put(:at, [@path]) |> Map.put(:from, directory) - |> Map.put(:content_type, false) + |> Map.put(:content_types, false) conn = conn diff --git a/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs index 3f696d94d..ae86078d7 100644 --- a/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/media_controller_test.exs @@ -227,4 +227,93 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do |> json_response_and_validate_schema(403) end end + + describe "Content-Type sanitization" do + setup do: oauth_access(["write:media", "read:media"]) + + setup do + ConfigMock + |> stub_with(Pleroma.Test.StaticConfig) + + config = + Pleroma.Config.get([Pleroma.Upload]) + |> Keyword.put(:uploader, Pleroma.Uploaders.Local) + + clear_config([Pleroma.Upload], config) + clear_config([Pleroma.Upload, :allowed_mime_types], ["image", "audio", "video"]) + + # Create a file with a malicious content type and dangerous extension + malicious_file = %Plug.Upload{ + content_type: "application/activity+json", + path: Path.absname("test/fixtures/image.jpg"), + # JSON extension to make MIME.from_path detect application/json + filename: "malicious.json" + } + + [malicious_file: malicious_file] + end + + test "sanitizes malicious content types when serving media", %{ + conn: conn, + malicious_file: malicious_file + } do + # First upload the file with the malicious content type + media = + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/v1/media", %{"file" => malicious_file}) + |> json_response_and_validate_schema(:ok) + + # Get the file URL from the response + url = media["url"] + + # Now make a direct request to the media URL and check the content-type header + response = + build_conn() + |> get(URI.parse(url).path) + + # Find the content-type header + content_type_header = + Enum.find(response.resp_headers, fn {name, _} -> name == "content-type" end) + + # The server should detect the application/json MIME type from the .json extension + # and replace it with application/octet-stream since it's not in allowed_mime_types + assert content_type_header == {"content-type", "application/octet-stream"} + + # Verify that the file was still served correctly + assert response.status == 200 + end + + test "allows safe content types", %{conn: conn} do + safe_image = %Plug.Upload{ + content_type: "image/jpeg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "safe_image.jpg" + } + + # Upload a file with a safe content type + media = + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/v1/media", %{"file" => safe_image}) + |> json_response_and_validate_schema(:ok) + + # Get the file URL from the response + url = media["url"] + + # Make a direct request to the media URL and check the content-type header + response = + build_conn() + |> get(URI.parse(url).path) + + # The server should preserve the image/jpeg MIME type since it's allowed + content_type_header = + Enum.find(response.resp_headers, fn {name, _} -> name == "content-type" end) + + assert content_type_header == {"content-type", "image/jpeg"} + + # Verify that the file was served correctly + assert response.status == 200 + end + end end diff --git a/test/pleroma/web/plugs/uploaded_media_test.exs b/test/pleroma/web/plugs/uploaded_media_test.exs index b260fd03b..69affa019 100644 --- a/test/pleroma/web/plugs/uploaded_media_test.exs +++ b/test/pleroma/web/plugs/uploaded_media_test.exs @@ -3,17 +3,10 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Plugs.UploadedMediaTest do - use Pleroma.Web.ConnCase, async: false + use ExUnit.Case, async: true - alias Pleroma.StaticStubbedConfigMock alias Pleroma.Web.Plugs.Utils - setup do - Mox.stub_with(StaticStubbedConfigMock, Pleroma.Test.StaticConfig) - - {:ok, %{}} - end - describe "content-type sanitization with Utils.get_safe_mime_type/2" do test "it allows safe MIME types" do opts = %{allowed_mime_types: ["image", "audio", "video"]} @@ -34,5 +27,27 @@ defmodule Pleroma.Web.Plugs.UploadedMediaTest do assert Utils.get_safe_mime_type(opts, "application/javascript") == "application/octet-stream" end + + test "it sanitizes ActivityPub content types" do + opts = %{allowed_mime_types: ["image", "audio", "video"]} + + assert Utils.get_safe_mime_type(opts, "application/activity+json") == + "application/octet-stream" + + assert Utils.get_safe_mime_type(opts, "application/ld+json") == "application/octet-stream" + assert Utils.get_safe_mime_type(opts, "application/jrd+json") == "application/octet-stream" + end + + test "it sanitizes other potentially dangerous types" do + opts = %{allowed_mime_types: ["image", "audio", "video"]} + + assert Utils.get_safe_mime_type(opts, "text/html") == "application/octet-stream" + + assert Utils.get_safe_mime_type(opts, "application/javascript") == + "application/octet-stream" + + assert Utils.get_safe_mime_type(opts, "text/javascript") == "application/octet-stream" + assert Utils.get_safe_mime_type(opts, "application/xhtml+xml") == "application/octet-stream" + end end end From b1309bdb403fdbfdb0a8b076a5a13af811191ca9 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Mon, 10 Mar 2025 18:44:17 +0400 Subject: [PATCH 19/30] More fixes for InstanceStatic --- config/config.exs | 2 +- lib/pleroma/web/plugs/instance_static.ex | 22 ++++++++++ .../web/plugs/instance_static_test.exs | 43 +++++++++++++++++++ 3 files changed, 66 insertions(+), 1 deletion(-) diff --git a/config/config.exs b/config/config.exs index 50672cfc8..ff0936460 100644 --- a/config/config.exs +++ b/config/config.exs @@ -66,7 +66,7 @@ config :pleroma, Pleroma.Upload, filename_display_max_length: 30, default_description: nil, base_url: nil, - allowed_mime_types: ["image", "audio", "video"] + allowed_mime_types: ["image", "audio", "video", "text"] config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads" diff --git a/lib/pleroma/web/plugs/instance_static.ex b/lib/pleroma/web/plugs/instance_static.ex index 75bfdd65b..0f50b1a09 100644 --- a/lib/pleroma/web/plugs/instance_static.ex +++ b/lib/pleroma/web/plugs/instance_static.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.Plugs.InstanceStatic do require Pleroma.Constants + import Plug.Conn, only: [put_resp_header: 3] @moduledoc """ This is a shim to call `Plug.Static` but with runtime `from` configuration. @@ -44,10 +45,31 @@ defmodule Pleroma.Web.Plugs.InstanceStatic do end defp call_static(conn, opts, from) do + # Prevent content-type spoofing by setting content_types: false opts = opts |> Map.put(:from, from) + |> Map.put(:content_types, false) + # Get sanitized content type before calling Plug.Static + # Include "text" to allow HTML files and other text-based content + allowed_mime_types = + Pleroma.Config.get([Pleroma.Upload, :allowed_mime_types], [ + "image", + "audio", + "video", + "text" + ]) + + conn = set_content_type(conn, %{allowed_mime_types: allowed_mime_types}, conn.request_path) + + # Call Plug.Static with our sanitized content-type Plug.Static.call(conn, opts) end + + defp set_content_type(conn, opts, filepath) do + real_mime = MIME.from_path(filepath) + clean_mime = Pleroma.Web.Plugs.Utils.get_safe_mime_type(opts, real_mime) + put_resp_header(conn, "content-type", clean_mime) + end end diff --git a/test/pleroma/web/plugs/instance_static_test.exs b/test/pleroma/web/plugs/instance_static_test.exs index f91021a16..ee0dd4acb 100644 --- a/test/pleroma/web/plugs/instance_static_test.exs +++ b/test/pleroma/web/plugs/instance_static_test.exs @@ -62,4 +62,47 @@ defmodule Pleroma.Web.Plugs.InstanceStaticTest do index = get(build_conn(), "/static/kaniini.html") assert html_response(index, 200) == "

rabbit hugs as a service

" end + + test "sanitizes content-types for potentially dangerous file extensions" do + # Create a file with a potentially dangerous extension (.json) + # This mimics an attacker trying to serve ActivityPub JSON with a static file + File.mkdir!(@dir <> "/static") + File.write!(@dir <> "/static/malicious.json", "{\"type\": \"ActivityPub\"}") + + # Request the malicious file + conn = get(build_conn(), "/static/malicious.json") + + # Verify the file was served (status 200) + assert conn.status == 200 + + # The content should be served, but with a sanitized content-type + content_type = + Enum.find_value(conn.resp_headers, fn + {"content-type", value} -> value + _ -> nil + end) + + # It should have been sanitized to application/octet-stream because "application" + # is not in the allowed_mime_types list + assert content_type == "application/octet-stream" + + # Create a file with an allowed extension (.jpg) + File.write!(@dir <> "/static/safe.jpg", "fake image data") + + # Request the safe file + conn = get(build_conn(), "/static/safe.jpg") + + # Verify the file was served (status 200) + assert conn.status == 200 + + # Get the content-type + content_type = + Enum.find_value(conn.resp_headers, fn + {"content-type", value} -> value + _ -> nil + end) + + # It should be preserved because "image" is in the allowed_mime_types list + assert content_type == "image/jpeg" + end end From d9ae9b676c2963466cbb8e440711db1759e25c31 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Mon, 10 Mar 2025 18:56:43 +0400 Subject: [PATCH 20/30] InstanceStatic: Extra-sanitize emoji --- config/config.exs | 2 +- lib/pleroma/web/plugs/instance_static.ex | 26 ++++++------ .../web/plugs/instance_static_test.exs | 40 +++++++++++++++++-- 3 files changed, 50 insertions(+), 18 deletions(-) diff --git a/config/config.exs b/config/config.exs index ff0936460..50672cfc8 100644 --- a/config/config.exs +++ b/config/config.exs @@ -66,7 +66,7 @@ config :pleroma, Pleroma.Upload, filename_display_max_length: 30, default_description: nil, base_url: nil, - allowed_mime_types: ["image", "audio", "video", "text"] + allowed_mime_types: ["image", "audio", "video"] config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads" diff --git a/lib/pleroma/web/plugs/instance_static.ex b/lib/pleroma/web/plugs/instance_static.ex index 0f50b1a09..f82b9a098 100644 --- a/lib/pleroma/web/plugs/instance_static.ex +++ b/lib/pleroma/web/plugs/instance_static.ex @@ -51,25 +51,25 @@ defmodule Pleroma.Web.Plugs.InstanceStatic do |> Map.put(:from, from) |> Map.put(:content_types, false) - # Get sanitized content type before calling Plug.Static - # Include "text" to allow HTML files and other text-based content - allowed_mime_types = - Pleroma.Config.get([Pleroma.Upload, :allowed_mime_types], [ - "image", - "audio", - "video", - "text" - ]) - - conn = set_content_type(conn, %{allowed_mime_types: allowed_mime_types}, conn.request_path) + conn = set_content_type(conn, conn.request_path) # Call Plug.Static with our sanitized content-type Plug.Static.call(conn, opts) end - defp set_content_type(conn, opts, filepath) do + defp set_content_type(conn, "/emoji/" <> filepath) do real_mime = MIME.from_path(filepath) - clean_mime = Pleroma.Web.Plugs.Utils.get_safe_mime_type(opts, real_mime) + + clean_mime = + Pleroma.Web.Plugs.Utils.get_safe_mime_type(%{allowed_mime_types: ["image"]}, real_mime) + put_resp_header(conn, "content-type", clean_mime) end + + defp set_content_type(conn, filepath) do + real_mime = MIME.from_path(filepath) + put_resp_header(conn, "content-type", real_mime) + end end + +# I think this needs to be uncleaned except for emoji. diff --git a/test/pleroma/web/plugs/instance_static_test.exs b/test/pleroma/web/plugs/instance_static_test.exs index ee0dd4acb..e8cf17f3f 100644 --- a/test/pleroma/web/plugs/instance_static_test.exs +++ b/test/pleroma/web/plugs/instance_static_test.exs @@ -63,15 +63,47 @@ defmodule Pleroma.Web.Plugs.InstanceStaticTest do assert html_response(index, 200) == "

rabbit hugs as a service

" end - test "sanitizes content-types for potentially dangerous file extensions" do + test "does not sanitize dangerous files in general, as there can be html and javascript files legitimately in this folder" do # Create a file with a potentially dangerous extension (.json) # This mimics an attacker trying to serve ActivityPub JSON with a static file File.mkdir!(@dir <> "/static") File.write!(@dir <> "/static/malicious.json", "{\"type\": \"ActivityPub\"}") - # Request the malicious file conn = get(build_conn(), "/static/malicious.json") + assert conn.status == 200 + + content_type = + Enum.find_value(conn.resp_headers, fn + {"content-type", value} -> value + _ -> nil + end) + + assert content_type == "application/json" + + File.write!(@dir <> "/static/safe.jpg", "fake image data") + + conn = get(build_conn(), "/static/safe.jpg") + + assert conn.status == 200 + + # Get the content-type + content_type = + Enum.find_value(conn.resp_headers, fn + {"content-type", value} -> value + _ -> nil + end) + + assert content_type == "image/jpeg" + end + + test "always sanitizes emojis to images" do + File.mkdir!(@dir <> "/emoji") + File.write!(@dir <> "/emoji/malicious.html", "") + + # Request the malicious file + conn = get(build_conn(), "/emoji/malicious.html") + # Verify the file was served (status 200) assert conn.status == 200 @@ -87,10 +119,10 @@ defmodule Pleroma.Web.Plugs.InstanceStaticTest do assert content_type == "application/octet-stream" # Create a file with an allowed extension (.jpg) - File.write!(@dir <> "/static/safe.jpg", "fake image data") + File.write!(@dir <> "/emoji/safe.jpg", "fake image data") # Request the safe file - conn = get(build_conn(), "/static/safe.jpg") + conn = get(build_conn(), "/emoji/safe.jpg") # Verify the file was served (status 200) assert conn.status == 200 From c14365336411f43f0e9eea00bc1c8242620220f1 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 14:18:36 +0400 Subject: [PATCH 21/30] ReverseProxy: Sanitize content. --- lib/pleroma/reverse_proxy.ex | 18 +++++++ test/pleroma/reverse_proxy_test.exs | 77 +++++++++++++++++++++++++++-- 2 files changed, 90 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/reverse_proxy.ex b/lib/pleroma/reverse_proxy.ex index 8aec4ae58..3c82f9996 100644 --- a/lib/pleroma/reverse_proxy.ex +++ b/lib/pleroma/reverse_proxy.ex @@ -17,6 +17,8 @@ defmodule Pleroma.ReverseProxy do @failed_request_ttl :timer.seconds(60) @methods ~w(GET HEAD) + @allowed_mime_types Pleroma.Config.get([Pleroma.Upload, :allowed_mime_types], []) + @cachex Pleroma.Config.get([:cachex, :provider], Cachex) def max_read_duration_default, do: @max_read_duration @@ -301,10 +303,26 @@ defmodule Pleroma.ReverseProxy do headers |> Enum.filter(fn {k, _} -> k in @keep_resp_headers end) |> build_resp_cache_headers(opts) + |> sanitise_content_type() |> build_resp_content_disposition_header(opts) |> Keyword.merge(Keyword.get(opts, :resp_headers, [])) end + defp sanitise_content_type(headers) do + original_ct = get_content_type(headers) + + safe_ct = + Pleroma.Web.Plugs.Utils.get_safe_mime_type( + %{allowed_mime_types: @allowed_mime_types}, + original_ct + ) + + [ + {"content-type", safe_ct} + | Enum.filter(headers, fn {k, _v} -> k != "content-type" end) + ] + end + defp build_resp_cache_headers(headers, _opts) do has_cache? = Enum.any?(headers, fn {k, _} -> k in @resp_cache_headers end) diff --git a/test/pleroma/reverse_proxy_test.exs b/test/pleroma/reverse_proxy_test.exs index fb330232a..85e1d0910 100644 --- a/test/pleroma/reverse_proxy_test.exs +++ b/test/pleroma/reverse_proxy_test.exs @@ -63,7 +63,11 @@ defmodule Pleroma.ReverseProxyTest do |> Plug.Conn.put_req_header("user-agent", "fake/1.0") |> ReverseProxy.call("/user-agent") - assert json_response(conn, 200) == %{"user-agent" => Pleroma.Application.user_agent()} + # Convert the response to a map without relying on json_response + body = conn.resp_body + assert conn.status == 200 + response = Jason.decode!(body) + assert response == %{"user-agent" => Pleroma.Application.user_agent()} end test "closed connection", %{conn: conn} do @@ -138,11 +142,14 @@ defmodule Pleroma.ReverseProxyTest do test "common", %{conn: conn} do ClientMock |> expect(:request, fn :head, "/head", _, _, _ -> - {:ok, 200, [{"content-type", "text/html; charset=utf-8"}]} + {:ok, 200, [{"content-type", "image/png"}]} end) conn = ReverseProxy.call(Map.put(conn, :method, "HEAD"), "/head") - assert html_response(conn, 200) == "" + + assert conn.status == 200 + assert Conn.get_resp_header(conn, "content-type") == ["image/png"] + assert conn.resp_body == "" end end @@ -249,7 +256,10 @@ defmodule Pleroma.ReverseProxyTest do ) |> ReverseProxy.call("/headers") - %{"headers" => headers} = json_response(conn, 200) + body = conn.resp_body + assert conn.status == 200 + response = Jason.decode!(body) + headers = response["headers"] assert headers["Accept"] == "text/html" end @@ -262,7 +272,10 @@ defmodule Pleroma.ReverseProxyTest do ) |> ReverseProxy.call("/headers") - %{"headers" => headers} = json_response(conn, 200) + body = conn.resp_body + assert conn.status == 200 + response = Jason.decode!(body) + headers = response["headers"] refute headers["Accept-Language"] end end @@ -328,4 +341,58 @@ defmodule Pleroma.ReverseProxyTest do assert {"content-disposition", "attachment; filename=\"filename.jpg\""} in conn.resp_headers end end + + describe "content-type sanitisation" do + test "preserves allowed image type", %{conn: conn} do + ClientMock + |> expect(:request, fn :get, "/content", _, _, _ -> + {:ok, 200, [{"content-type", "image/png"}], %{url: "/content"}} + end) + |> expect(:stream_body, fn _ -> :done end) + + conn = ReverseProxy.call(conn, "/content") + + assert conn.status == 200 + assert Conn.get_resp_header(conn, "content-type") == ["image/png"] + end + + test "preserves allowed video type", %{conn: conn} do + ClientMock + |> expect(:request, fn :get, "/content", _, _, _ -> + {:ok, 200, [{"content-type", "video/mp4"}], %{url: "/content"}} + end) + |> expect(:stream_body, fn _ -> :done end) + + conn = ReverseProxy.call(conn, "/content") + + assert conn.status == 200 + assert Conn.get_resp_header(conn, "content-type") == ["video/mp4"] + end + + test "sanitizes ActivityPub content type", %{conn: conn} do + ClientMock + |> expect(:request, fn :get, "/content", _, _, _ -> + {:ok, 200, [{"content-type", "application/activity+json"}], %{url: "/content"}} + end) + |> expect(:stream_body, fn _ -> :done end) + + conn = ReverseProxy.call(conn, "/content") + + assert conn.status == 200 + assert Conn.get_resp_header(conn, "content-type") == ["application/octet-stream"] + end + + test "sanitizes LD-JSON content type", %{conn: conn} do + ClientMock + |> expect(:request, fn :get, "/content", _, _, _ -> + {:ok, 200, [{"content-type", "application/ld+json"}], %{url: "/content"}} + end) + |> expect(:stream_body, fn _ -> :done end) + + conn = ReverseProxy.call(conn, "/content") + + assert conn.status == 200 + assert Conn.get_resp_header(conn, "content-type") == ["application/octet-stream"] + end + end end From 577b7cb0618eeb9617978d631c08ec72ca8cb19d Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 14:59:06 +0400 Subject: [PATCH 22/30] StealEmojiPolicy: Sanitise emoji names. --- .../activity_pub/mrf/steal_emoji_policy.ex | 24 ++-- .../mrf/steal_emoji_policy_test.exs | 123 +++++++++++++++++- 2 files changed, 136 insertions(+), 11 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex index 6edfb124e..49d17d8b9 100644 --- a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex @@ -20,6 +20,19 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do String.match?(shortcode, pattern) end + defp reject_emoji?({shortcode, _url}, installed_emoji) do + valid_shortcode? = String.match?(shortcode, ~r/^[a-zA-Z0-9_-]+$/) + + rejected_shortcode? = + [:mrf_steal_emoji, :rejected_shortcodes] + |> Config.get([]) + |> Enum.any?(fn pattern -> shortcode_matches?(shortcode, pattern) end) + + emoji_installed? = Enum.member?(installed_emoji, shortcode) + + !valid_shortcode? or rejected_shortcode? or emoji_installed? + end + defp steal_emoji({shortcode, url}, emoji_dir_path) do url = Pleroma.Web.MediaProxy.url(url) @@ -78,16 +91,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do new_emojis = foreign_emojis - |> Enum.reject(fn {shortcode, _url} -> shortcode in installed_emoji end) - |> Enum.reject(fn {shortcode, _url} -> String.contains?(shortcode, ["/", "\\"]) end) - |> Enum.filter(fn {shortcode, _url} -> - reject_emoji? = - [:mrf_steal_emoji, :rejected_shortcodes] - |> Config.get([]) - |> Enum.find(false, fn pattern -> shortcode_matches?(shortcode, pattern) end) - - !reject_emoji? - end) + |> Enum.reject(&reject_emoji?(&1, installed_emoji)) |> Enum.map(&steal_emoji(&1, emoji_dir_path)) |> Enum.filter(& &1) diff --git a/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs b/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs index 2c7497da5..61c162bc9 100644 --- a/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs +++ b/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs @@ -87,7 +87,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do assert File.exists?(fullpath) end - test "rejects invalid shortcodes", %{path: path} do + test "rejects invalid shortcodes with slashes", %{path: path} do message = %{ "type" => "Create", "object" => %{ @@ -113,6 +113,58 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do refute File.exists?(fullpath) end + test "rejects invalid shortcodes with dots", %{path: path} do + message = %{ + "type" => "Create", + "object" => %{ + "emoji" => [{"fired.fox", "https://example.org/emoji/firedfox"}], + "actor" => "https://example.org/users/admin" + } + } + + fullpath = Path.join(path, "fired.fox.png") + + Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox"} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.jpg")} + end) + + clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468) + + refute "fired.fox" in installed() + refute File.exists?(path) + + assert {:ok, _message} = StealEmojiPolicy.filter(message) + + refute "fired.fox" in installed() + refute File.exists?(fullpath) + end + + test "rejects invalid shortcodes with special characters", %{path: path} do + message = %{ + "type" => "Create", + "object" => %{ + "emoji" => [{"fired:fox", "https://example.org/emoji/firedfox"}], + "actor" => "https://example.org/users/admin" + } + } + + fullpath = Path.join(path, "fired:fox.png") + + Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox"} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.jpg")} + end) + + clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468) + + refute "fired:fox" in installed() + refute File.exists?(path) + + assert {:ok, _message} = StealEmojiPolicy.filter(message) + + refute "fired:fox" in installed() + refute File.exists?(fullpath) + end + test "reject regex shortcode", %{message: message} do refute "firedfox" in installed() @@ -171,5 +223,74 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do refute "firedfox" in installed() end + test "accepts valid alphanum shortcodes", %{path: path} do + message = %{ + "type" => "Create", + "object" => %{ + "emoji" => [{"fire1fox", "https://example.org/emoji/fire1fox.png"}], + "actor" => "https://example.org/users/admin" + } + } + + Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/fire1fox.png"} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.jpg")} + end) + + clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468) + + refute "fire1fox" in installed() + refute File.exists?(path) + + assert {:ok, _message} = StealEmojiPolicy.filter(message) + + assert "fire1fox" in installed() + end + + test "accepts valid shortcodes with underscores", %{path: path} do + message = %{ + "type" => "Create", + "object" => %{ + "emoji" => [{"fire_fox", "https://example.org/emoji/fire_fox.png"}], + "actor" => "https://example.org/users/admin" + } + } + + Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/fire_fox.png"} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.jpg")} + end) + + clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468) + + refute "fire_fox" in installed() + refute File.exists?(path) + + assert {:ok, _message} = StealEmojiPolicy.filter(message) + + assert "fire_fox" in installed() + end + + test "accepts valid shortcodes with hyphens", %{path: path} do + message = %{ + "type" => "Create", + "object" => %{ + "emoji" => [{"fire-fox", "https://example.org/emoji/fire-fox.png"}], + "actor" => "https://example.org/users/admin" + } + } + + Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/fire-fox.png"} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.jpg")} + end) + + clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468) + + refute "fire-fox" in installed() + refute File.exists?(path) + + assert {:ok, _message} = StealEmojiPolicy.filter(message) + + assert "fire-fox" in installed() + end + defp installed, do: Emoji.get_all() |> Enum.map(fn {k, _} -> k end) end From adb5cb96d38d24d0756fd42e6ae84c4c95c6f758 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 15:50:17 +0400 Subject: [PATCH 23/30] Object.Fetcher: Don't do cross-site redirects. --- lib/pleroma/object/fetcher.ex | 58 ++++++++++++--- test/pleroma/object/fetcher_test.exs | 104 +++++++++++++++++++++++++++ 2 files changed, 152 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index c85a8b09f..41587c116 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -19,6 +19,8 @@ defmodule Pleroma.Object.Fetcher do require Logger require Pleroma.Constants + @mix_env Mix.env() + @spec reinject_object(struct(), map()) :: {:ok, Object.t()} | {:error, any()} defp reinject_object(%Object{data: %{}} = object, new_data) do Logger.debug("Reinjecting object #{new_data["id"]}") @@ -172,6 +174,19 @@ defmodule Pleroma.Object.Fetcher do def fetch_and_contain_remote_object_from_id(_id), do: {:error, "id must be a string"} + defp check_crossdomain_redirect(final_host, original_url) + + # Handle the common case in tests where responses don't include URLs + if @mix_env == :test do + defp check_crossdomain_redirect(nil, _) do + {:cross_domain_redirect, false} + end + end + + defp check_crossdomain_redirect(final_host, original_url) do + {:cross_domain_redirect, final_host != URI.parse(original_url).host} + end + defp get_object(id) do date = Pleroma.Signature.signed_date() @@ -181,19 +196,29 @@ defmodule Pleroma.Object.Fetcher do |> sign_fetch(id, date) case HTTP.get(id, headers) do + {:ok, %{body: body, status: code, headers: headers, url: final_url}} + when code in 200..299 -> + remote_host = if final_url, do: URI.parse(final_url).host, else: nil + + with {:cross_domain_redirect, false} <- check_crossdomain_redirect(remote_host, id), + {_, content_type} <- List.keyfind(headers, "content-type", 0), + {:ok, _media_type} <- verify_content_type(content_type) do + {:ok, body} + else + {:cross_domain_redirect, true} -> + {:error, {:cross_domain_redirect, true}} + + error -> + error + end + + # Handle the case where URL is not in the response (older HTTP library versions) {:ok, %{body: body, status: code, headers: headers}} when code in 200..299 -> case List.keyfind(headers, "content-type", 0) do {_, content_type} -> - case Plug.Conn.Utils.media_type(content_type) do - {:ok, "application", "activity+json", _} -> - {:ok, body} - - {:ok, "application", "ld+json", - %{"profile" => "https://www.w3.org/ns/activitystreams"}} -> - {:ok, body} - - _ -> - {:error, {:content_type, content_type}} + case verify_content_type(content_type) do + {:ok, _} -> {:ok, body} + error -> error end _ -> @@ -216,4 +241,17 @@ defmodule Pleroma.Object.Fetcher do defp safe_json_decode(nil), do: {:ok, nil} defp safe_json_decode(json), do: Jason.decode(json) + + defp verify_content_type(content_type) do + case Plug.Conn.Utils.media_type(content_type) do + {:ok, "application", "activity+json", _} -> + {:ok, :activity_json} + + {:ok, "application", "ld+json", %{"profile" => "https://www.w3.org/ns/activitystreams"}} -> + {:ok, :ld_json} + + _ -> + {:error, {:content_type, content_type}} + end + end end diff --git a/test/pleroma/object/fetcher_test.exs b/test/pleroma/object/fetcher_test.exs index 215fca570..4dabc283a 100644 --- a/test/pleroma/object/fetcher_test.exs +++ b/test/pleroma/object/fetcher_test.exs @@ -534,6 +534,110 @@ defmodule Pleroma.Object.FetcherTest do end end + describe "cross-domain redirect handling" do + setup do + mock(fn + # Cross-domain redirect with original domain in id + %{method: :get, url: "https://original.test/objects/123"} -> + %Tesla.Env{ + status: 200, + url: "https://media.test/objects/123", + headers: [{"content-type", "application/activity+json"}], + body: + Jason.encode!(%{ + "id" => "https://original.test/objects/123", + "type" => "Note", + "content" => "This is redirected content", + "actor" => "https://original.test/users/actor", + "attributedTo" => "https://original.test/users/actor" + }) + } + + # Cross-domain redirect with final domain in id + %{method: :get, url: "https://original.test/objects/final-domain-id"} -> + %Tesla.Env{ + status: 200, + url: "https://media.test/objects/final-domain-id", + headers: [{"content-type", "application/activity+json"}], + body: + Jason.encode!(%{ + "id" => "https://media.test/objects/final-domain-id", + "type" => "Note", + "content" => "This has final domain in id", + "actor" => "https://original.test/users/actor", + "attributedTo" => "https://original.test/users/actor" + }) + } + + # No redirect - same domain + %{method: :get, url: "https://original.test/objects/same-domain-redirect"} -> + %Tesla.Env{ + status: 200, + url: "https://original.test/objects/different-path", + headers: [{"content-type", "application/activity+json"}], + body: + Jason.encode!(%{ + "id" => "https://original.test/objects/same-domain-redirect", + "type" => "Note", + "content" => "This has a same-domain redirect", + "actor" => "https://original.test/users/actor", + "attributedTo" => "https://original.test/users/actor" + }) + } + + # Test case with missing url field in response (common in tests) + %{method: :get, url: "https://original.test/objects/missing-url"} -> + %Tesla.Env{ + status: 200, + # No url field + headers: [{"content-type", "application/activity+json"}], + body: + Jason.encode!(%{ + "id" => "https://original.test/objects/missing-url", + "type" => "Note", + "content" => "This has no URL field in response", + "actor" => "https://original.test/users/actor", + "attributedTo" => "https://original.test/users/actor" + }) + } + end) + + :ok + end + + test "it rejects objects from cross-domain redirects with original domain in id" do + assert {:error, {:cross_domain_redirect, true}} = + Fetcher.fetch_and_contain_remote_object_from_id( + "https://original.test/objects/123" + ) + end + + test "it rejects objects from cross-domain redirects with final domain in id" do + assert {:error, {:cross_domain_redirect, true}} = + Fetcher.fetch_and_contain_remote_object_from_id( + "https://original.test/objects/final-domain-id" + ) + end + + test "it accepts objects with same-domain redirects" do + assert {:ok, data} = + Fetcher.fetch_and_contain_remote_object_from_id( + "https://original.test/objects/same-domain-redirect" + ) + + assert data["content"] == "This has a same-domain redirect" + end + + test "it handles responses without URL field (common in tests)" do + assert {:ok, data} = + Fetcher.fetch_and_contain_remote_object_from_id( + "https://original.test/objects/missing-url" + ) + + assert data["content"] == "This has no URL field in response" + end + end + describe "fetch with history" do setup do object2 = %{ From b0c2ec5fb9ca1908dddbc66260861d4743b991b7 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 16:15:14 +0400 Subject: [PATCH 24/30] Fetcher Tests: Add tests validating the content-type --- test/pleroma/object/fetcher_test.exs | 78 ++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/test/pleroma/object/fetcher_test.exs b/test/pleroma/object/fetcher_test.exs index 4dabc283a..32689a68d 100644 --- a/test/pleroma/object/fetcher_test.exs +++ b/test/pleroma/object/fetcher_test.exs @@ -166,6 +166,84 @@ defmodule Pleroma.Object.FetcherTest do ) end + test "it validates content-type headers according to ActivityPub spec" do + # Setup a mock for an object with invalid content-type + mock(fn + %{method: :get, url: "https://example.com/objects/invalid-content-type"} -> + %Tesla.Env{ + status: 200, + # Not a valid AP content-type + headers: [{"content-type", "application/json"}], + body: + Jason.encode!(%{ + "id" => "https://example.com/objects/invalid-content-type", + "type" => "Note", + "content" => "This has an invalid content type", + "actor" => "https://example.com/users/actor", + "attributedTo" => "https://example.com/users/actor" + }) + } + end) + + assert {:fetch, {:error, {:content_type, "application/json"}}} = + Fetcher.fetch_object_from_id("https://example.com/objects/invalid-content-type") + end + + test "it accepts objects with application/ld+json and ActivityStreams profile" do + # Setup a mock for an object with ld+json content-type and AS profile + mock(fn + %{method: :get, url: "https://example.com/objects/valid-ld-json"} -> + %Tesla.Env{ + status: 200, + headers: [ + {"content-type", + "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""} + ], + body: + Jason.encode!(%{ + "id" => "https://example.com/objects/valid-ld-json", + "type" => "Note", + "content" => "This has a valid ld+json content type", + "actor" => "https://example.com/users/actor", + "attributedTo" => "https://example.com/users/actor" + }) + } + end) + + # This should pass if content-type validation works correctly + assert {:ok, object} = + Fetcher.fetch_and_contain_remote_object_from_id( + "https://example.com/objects/valid-ld-json" + ) + + assert object["content"] == "This has a valid ld+json content type" + end + + test "it rejects objects with no content-type header" do + # Setup a mock for an object with no content-type header + mock(fn + %{method: :get, url: "https://example.com/objects/no-content-type"} -> + %Tesla.Env{ + status: 200, + # No content-type header + headers: [], + body: + Jason.encode!(%{ + "id" => "https://example.com/objects/no-content-type", + "type" => "Note", + "content" => "This has no content type header", + "actor" => "https://example.com/users/actor", + "attributedTo" => "https://example.com/users/actor" + }) + } + end) + + # We want to test that the request fails with a missing content-type error + # but the actual error is {:fetch, {:error, nil}} - we'll check for this format + result = Fetcher.fetch_object_from_id("https://example.com/objects/no-content-type") + assert {:fetch, {:error, nil}} = result + end + test "it resets instance reachability on successful fetch" do id = "http://mastodon.example.org/@admin/99541947525187367" Instances.set_consistently_unreachable(id) From 51c1d6fb2dd91a1a1ac11fed0f0a4211719e30b8 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 16:37:17 +0400 Subject: [PATCH 25/30] Containment: Never fetch locally --- changelog.d/local-fetch-prevention.security | 1 + lib/pleroma/object/containment.ex | 13 +++++++++++++ lib/pleroma/object/fetcher.ex | 4 ++++ test/pleroma/object/fetcher_test.exs | 7 +++++++ 4 files changed, 25 insertions(+) create mode 100644 changelog.d/local-fetch-prevention.security diff --git a/changelog.d/local-fetch-prevention.security b/changelog.d/local-fetch-prevention.security new file mode 100644 index 000000000..f72342316 --- /dev/null +++ b/changelog.d/local-fetch-prevention.security @@ -0,0 +1 @@ +Security: Block attempts to fetch activities from the local instance to prevent spoofing. \ No newline at end of file diff --git a/lib/pleroma/object/containment.ex b/lib/pleroma/object/containment.ex index f6106cb3f..77fac12c0 100644 --- a/lib/pleroma/object/containment.ex +++ b/lib/pleroma/object/containment.ex @@ -47,6 +47,19 @@ defmodule Pleroma.Object.Containment do defp compare_uris(%URI{host: host} = _id_uri, %URI{host: host} = _other_uri), do: :ok defp compare_uris(_id_uri, _other_uri), do: :error + @doc """ + Checks whether an URL to fetch from is from the local server. + + We never want to fetch from ourselves; if it's not in the database + it can't be authentic and must be a counterfeit. + """ + def contain_local_fetch(id) do + case compare_uris(URI.parse(id), Pleroma.Web.Endpoint.struct_url()) do + :ok -> :error + _ -> :ok + end + end + @doc """ Checks that an imported AP object's actor matches the host it came from. """ diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 41587c116..b54ef9ce5 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -148,6 +148,7 @@ defmodule Pleroma.Object.Fetcher do with {:scheme, true} <- {:scheme, String.starts_with?(id, "http")}, {_, true} <- {:mrf, MRF.id_filter(id)}, + {_, :ok} <- {:local_fetch, Containment.contain_local_fetch(id)}, {:ok, body} <- get_object(id), {:ok, data} <- safe_json_decode(body), :ok <- Containment.contain_origin_from_id(id, data) do @@ -160,6 +161,9 @@ defmodule Pleroma.Object.Fetcher do {:scheme, _} -> {:error, "Unsupported URI scheme"} + {:local_fetch, _} -> + {:error, "Trying to fetch local resource"} + {:error, e} -> {:error, e} diff --git a/test/pleroma/object/fetcher_test.exs b/test/pleroma/object/fetcher_test.exs index 32689a68d..7ba5090e1 100644 --- a/test/pleroma/object/fetcher_test.exs +++ b/test/pleroma/object/fetcher_test.exs @@ -166,6 +166,13 @@ defmodule Pleroma.Object.FetcherTest do ) end + test "it does not fetch from local instance" do + local_url = Pleroma.Web.Endpoint.url() <> "/objects/local_resource" + + assert {:fetch, {:error, "Trying to fetch local resource"}} = + Fetcher.fetch_object_from_id(local_url) + end + test "it validates content-type headers according to ActivityPub spec" do # Setup a mock for an object with invalid content-type mock(fn From 2293d0826a9fb28e3e8a3d9bbf5dd60863ec0fd9 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 17:53:05 +0400 Subject: [PATCH 26/30] Tests: Fix tests. --- .../users_mock/friendica_followers.json | 2 +- .../users_mock/friendica_following.json | 2 +- .../users_mock/masto_closed_followers.json | 4 +-- .../masto_closed_followers_page.json | 2 +- .../users_mock/masto_closed_following.json | 4 +-- .../masto_closed_following_page.json | 2 +- .../users_mock/pleroma_followers.json | 10 +++--- .../users_mock/pleroma_following.json | 10 +++--- test/pleroma/user_test.exs | 12 +++---- .../web/activity_pub/activity_pub_test.exs | 36 +++++++++---------- test/support/http_request_mock.ex | 16 ++++----- 11 files changed, 50 insertions(+), 50 deletions(-) diff --git a/test/fixtures/users_mock/friendica_followers.json b/test/fixtures/users_mock/friendica_followers.json index 7b86b5fe2..f58c1d56c 100644 --- a/test/fixtures/users_mock/friendica_followers.json +++ b/test/fixtures/users_mock/friendica_followers.json @@ -13,7 +13,7 @@ "directMessage": "litepub:directMessage" } ], - "id": "http://localhost:8080/followers/fuser3", + "id": "https://remote.org/followers/fuser3", "type": "OrderedCollection", "totalItems": 296 } diff --git a/test/fixtures/users_mock/friendica_following.json b/test/fixtures/users_mock/friendica_following.json index 7c526befc..f3930f42c 100644 --- a/test/fixtures/users_mock/friendica_following.json +++ b/test/fixtures/users_mock/friendica_following.json @@ -13,7 +13,7 @@ "directMessage": "litepub:directMessage" } ], - "id": "http://localhost:8080/following/fuser3", + "id": "https://remote.org/following/fuser3", "type": "OrderedCollection", "totalItems": 32 } diff --git a/test/fixtures/users_mock/masto_closed_followers.json b/test/fixtures/users_mock/masto_closed_followers.json index da296892d..89bb9cba9 100644 --- a/test/fixtures/users_mock/masto_closed_followers.json +++ b/test/fixtures/users_mock/masto_closed_followers.json @@ -1,7 +1,7 @@ { "@context": "https://www.w3.org/ns/activitystreams", - "id": "http://localhost:4001/users/masto_closed/followers", + "id": "https://remote.org/users/masto_closed/followers", "type": "OrderedCollection", "totalItems": 437, - "first": "http://localhost:4001/users/masto_closed/followers?page=1" + "first": "https://remote.org/users/masto_closed/followers?page=1" } diff --git a/test/fixtures/users_mock/masto_closed_followers_page.json b/test/fixtures/users_mock/masto_closed_followers_page.json index 04ab0c4d3..4e9cb315f 100644 --- a/test/fixtures/users_mock/masto_closed_followers_page.json +++ b/test/fixtures/users_mock/masto_closed_followers_page.json @@ -1 +1 @@ -{"@context":"https://www.w3.org/ns/activitystreams","id":"http://localhost:4001/users/masto_closed/followers?page=1","type":"OrderedCollectionPage","totalItems":437,"next":"http://localhost:4001/users/masto_closed/followers?page=2","partOf":"http://localhost:4001/users/masto_closed/followers","orderedItems":["https://testing.uguu.ltd/users/rin","https://patch.cx/users/rin","https://letsalllovela.in/users/xoxo","https://pleroma.site/users/crushv","https://aria.company/users/boris","https://kawen.space/users/crushv","https://freespeech.host/users/cvcvcv","https://pleroma.site/users/picpub","https://pixelfed.social/users/nosleep","https://boopsnoot.gq/users/5c1896d162f7d337f90492a3","https://pikachu.rocks/users/waifu","https://royal.crablettesare.life/users/crablettes"]} +{"@context":"https://www.w3.org/ns/activitystreams","id":"https://remote.org/users/masto_closed/followers?page=1","type":"OrderedCollectionPage","totalItems":437,"next":"https://remote.org/users/masto_closed/followers?page=2","partOf":"https://remote.org/users/masto_closed/followers","orderedItems":["https://testing.uguu.ltd/users/rin","https://patch.cx/users/rin","https://letsalllovela.in/users/xoxo","https://pleroma.site/users/crushv","https://aria.company/users/boris","https://kawen.space/users/crushv","https://freespeech.host/users/cvcvcv","https://pleroma.site/users/picpub","https://pixelfed.social/users/nosleep","https://boopsnoot.gq/users/5c1896d162f7d337f90492a3","https://pikachu.rocks/users/waifu","https://royal.crablettesare.life/users/crablettes"]} diff --git a/test/fixtures/users_mock/masto_closed_following.json b/test/fixtures/users_mock/masto_closed_following.json index 146d49f9c..aa74f8e78 100644 --- a/test/fixtures/users_mock/masto_closed_following.json +++ b/test/fixtures/users_mock/masto_closed_following.json @@ -1,7 +1,7 @@ { "@context": "https://www.w3.org/ns/activitystreams", - "id": "http://localhost:4001/users/masto_closed/following", + "id": "https://remote.org/users/masto_closed/following", "type": "OrderedCollection", "totalItems": 152, - "first": "http://localhost:4001/users/masto_closed/following?page=1" + "first": "https://remote.org/users/masto_closed/following?page=1" } diff --git a/test/fixtures/users_mock/masto_closed_following_page.json b/test/fixtures/users_mock/masto_closed_following_page.json index 8d8324699..b017413cc 100644 --- a/test/fixtures/users_mock/masto_closed_following_page.json +++ b/test/fixtures/users_mock/masto_closed_following_page.json @@ -1 +1 @@ -{"@context":"https://www.w3.org/ns/activitystreams","id":"http://localhost:4001/users/masto_closed/following?page=1","type":"OrderedCollectionPage","totalItems":152,"next":"http://localhost:4001/users/masto_closed/following?page=2","partOf":"http://localhost:4001/users/masto_closed/following","orderedItems":["https://testing.uguu.ltd/users/rin","https://patch.cx/users/rin","https://letsalllovela.in/users/xoxo","https://pleroma.site/users/crushv","https://aria.company/users/boris","https://kawen.space/users/crushv","https://freespeech.host/users/cvcvcv","https://pleroma.site/users/picpub","https://pixelfed.social/users/nosleep","https://boopsnoot.gq/users/5c1896d162f7d337f90492a3","https://pikachu.rocks/users/waifu","https://royal.crablettesare.life/users/crablettes"]} +{"@context":"https://www.w3.org/ns/activitystreams","id":"https://remote.org/users/masto_closed/following?page=1","type":"OrderedCollectionPage","totalItems":152,"next":"https://remote.org/users/masto_closed/following?page=2","partOf":"https://remote.org/users/masto_closed/following","orderedItems":["https://testing.uguu.ltd/users/rin","https://patch.cx/users/rin","https://letsalllovela.in/users/xoxo","https://pleroma.site/users/crushv","https://aria.company/users/boris","https://kawen.space/users/crushv","https://freespeech.host/users/cvcvcv","https://pleroma.site/users/picpub","https://pixelfed.social/users/nosleep","https://boopsnoot.gq/users/5c1896d162f7d337f90492a3","https://pikachu.rocks/users/waifu","https://royal.crablettesare.life/users/crablettes"]} diff --git a/test/fixtures/users_mock/pleroma_followers.json b/test/fixtures/users_mock/pleroma_followers.json index db71d084b..6ac3bfee0 100644 --- a/test/fixtures/users_mock/pleroma_followers.json +++ b/test/fixtures/users_mock/pleroma_followers.json @@ -1,18 +1,18 @@ { "type": "OrderedCollection", "totalItems": 527, - "id": "http://localhost:4001/users/fuser2/followers", + "id": "https://remote.org/users/fuser2/followers", "first": { "type": "OrderedCollectionPage", "totalItems": 527, - "partOf": "http://localhost:4001/users/fuser2/followers", + "partOf": "https://remote.org/users/fuser2/followers", "orderedItems": [], - "next": "http://localhost:4001/users/fuser2/followers?page=2", - "id": "http://localhost:4001/users/fuser2/followers?page=1" + "next": "https://remote.org/users/fuser2/followers?page=2", + "id": "https://remote.org/users/fuser2/followers?page=1" }, "@context": [ "https://www.w3.org/ns/activitystreams", - "http://localhost:4001/schemas/litepub-0.1.jsonld", + "https://remote.org/schemas/litepub-0.1.jsonld", { "@language": "und" } diff --git a/test/fixtures/users_mock/pleroma_following.json b/test/fixtures/users_mock/pleroma_following.json index 33d087703..c8306806a 100644 --- a/test/fixtures/users_mock/pleroma_following.json +++ b/test/fixtures/users_mock/pleroma_following.json @@ -1,18 +1,18 @@ { "type": "OrderedCollection", "totalItems": 267, - "id": "http://localhost:4001/users/fuser2/following", + "id": "https://remote.org/users/fuser2/following", "first": { "type": "OrderedCollectionPage", "totalItems": 267, - "partOf": "http://localhost:4001/users/fuser2/following", + "partOf": "https://remote.org/users/fuser2/following", "orderedItems": [], - "next": "http://localhost:4001/users/fuser2/following?page=2", - "id": "http://localhost:4001/users/fuser2/following?page=1" + "next": "https://remote.org/users/fuser2/following?page=2", + "id": "https://remote.org/users/fuser2/following?page=1" }, "@context": [ "https://www.w3.org/ns/activitystreams", - "http://localhost:4001/schemas/litepub-0.1.jsonld", + "https://remote.org/schemas/litepub-0.1.jsonld", { "@language": "und" } diff --git a/test/pleroma/user_test.exs b/test/pleroma/user_test.exs index c05241f50..176e70ef9 100644 --- a/test/pleroma/user_test.exs +++ b/test/pleroma/user_test.exs @@ -2405,8 +2405,8 @@ defmodule Pleroma.UserTest do other_user = insert(:user, local: false, - follower_address: "http://localhost:4001/users/masto_closed/followers", - following_address: "http://localhost:4001/users/masto_closed/following" + follower_address: "https://remote.org/users/masto_closed/followers", + following_address: "https://remote.org/users/masto_closed/following" ) assert other_user.following_count == 0 @@ -2426,8 +2426,8 @@ defmodule Pleroma.UserTest do other_user = insert(:user, local: false, - follower_address: "http://localhost:4001/users/masto_closed/followers", - following_address: "http://localhost:4001/users/masto_closed/following" + follower_address: "https://remote.org/users/masto_closed/followers", + following_address: "https://remote.org/users/masto_closed/following" ) assert other_user.following_count == 0 @@ -2447,8 +2447,8 @@ defmodule Pleroma.UserTest do other_user = insert(:user, local: false, - follower_address: "http://localhost:4001/users/masto_closed/followers", - following_address: "http://localhost:4001/users/masto_closed/following" + follower_address: "https://remote.org/users/masto_closed/followers", + following_address: "https://remote.org/users/masto_closed/following" ) assert other_user.following_count == 0 diff --git a/test/pleroma/web/activity_pub/activity_pub_test.exs b/test/pleroma/web/activity_pub/activity_pub_test.exs index c7adf6bba..dbc3aa532 100644 --- a/test/pleroma/web/activity_pub/activity_pub_test.exs +++ b/test/pleroma/web/activity_pub/activity_pub_test.exs @@ -1785,8 +1785,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do user = insert(:user, local: false, - follower_address: "http://localhost:4001/users/fuser2/followers", - following_address: "http://localhost:4001/users/fuser2/following" + follower_address: "https://remote.org/users/fuser2/followers", + following_address: "https://remote.org/users/fuser2/following" ) {:ok, info} = ActivityPub.fetch_follow_information_for_user(user) @@ -1797,7 +1797,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do test "detects hidden followers" do mock(fn env -> case env.url do - "http://localhost:4001/users/masto_closed/followers?page=1" -> + "https://remote.org/users/masto_closed/followers?page=1" -> %Tesla.Env{status: 403, body: ""} _ -> @@ -1808,8 +1808,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do user = insert(:user, local: false, - follower_address: "http://localhost:4001/users/masto_closed/followers", - following_address: "http://localhost:4001/users/masto_closed/following" + follower_address: "https://remote.org/users/masto_closed/followers", + following_address: "https://remote.org/users/masto_closed/following" ) {:ok, follow_info} = ActivityPub.fetch_follow_information_for_user(user) @@ -1820,7 +1820,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do test "detects hidden follows" do mock(fn env -> case env.url do - "http://localhost:4001/users/masto_closed/following?page=1" -> + "https://remote.org/users/masto_closed/following?page=1" -> %Tesla.Env{status: 403, body: ""} _ -> @@ -1831,8 +1831,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do user = insert(:user, local: false, - follower_address: "http://localhost:4001/users/masto_closed/followers", - following_address: "http://localhost:4001/users/masto_closed/following" + follower_address: "https://remote.org/users/masto_closed/followers", + following_address: "https://remote.org/users/masto_closed/following" ) {:ok, follow_info} = ActivityPub.fetch_follow_information_for_user(user) @@ -1844,8 +1844,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do user = insert(:user, local: false, - follower_address: "http://localhost:8080/followers/fuser3", - following_address: "http://localhost:8080/following/fuser3" + follower_address: "https://remote.org/followers/fuser3", + following_address: "https://remote.org/following/fuser3" ) {:ok, follow_info} = ActivityPub.fetch_follow_information_for_user(user) @@ -1858,28 +1858,28 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do test "doesn't crash when follower and following counters are hidden" do mock(fn env -> case env.url do - "http://localhost:4001/users/masto_hidden_counters/following" -> + "https://remote.org/users/masto_hidden_counters/following" -> json( %{ "@context" => "https://www.w3.org/ns/activitystreams", - "id" => "http://localhost:4001/users/masto_hidden_counters/followers" + "id" => "https://remote.org/users/masto_hidden_counters/followers" }, headers: HttpRequestMock.activitypub_object_headers() ) - "http://localhost:4001/users/masto_hidden_counters/following?page=1" -> + "https://remote.org/users/masto_hidden_counters/following?page=1" -> %Tesla.Env{status: 403, body: ""} - "http://localhost:4001/users/masto_hidden_counters/followers" -> + "https://remote.org/users/masto_hidden_counters/followers" -> json( %{ "@context" => "https://www.w3.org/ns/activitystreams", - "id" => "http://localhost:4001/users/masto_hidden_counters/following" + "id" => "https://remote.org/users/masto_hidden_counters/following" }, headers: HttpRequestMock.activitypub_object_headers() ) - "http://localhost:4001/users/masto_hidden_counters/followers?page=1" -> + "https://remote.org/users/masto_hidden_counters/followers?page=1" -> %Tesla.Env{status: 403, body: ""} end end) @@ -1887,8 +1887,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do user = insert(:user, local: false, - follower_address: "http://localhost:4001/users/masto_hidden_counters/followers", - following_address: "http://localhost:4001/users/masto_hidden_counters/following" + follower_address: "https://remote.org/users/masto_hidden_counters/followers", + following_address: "https://remote.org/users/masto_hidden_counters/following" ) {:ok, follow_info} = ActivityPub.fetch_follow_information_for_user(user) diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index ed044cf98..1c472fca9 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -955,7 +955,7 @@ defmodule HttpRequestMock do {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}} end - def get("http://localhost:4001/users/masto_closed/followers", _, _, _) do + def get("https://remote.org/users/masto_closed/followers", _, _, _) do {:ok, %Tesla.Env{ status: 200, @@ -964,7 +964,7 @@ defmodule HttpRequestMock do }} end - def get("http://localhost:4001/users/masto_closed/followers?page=1", _, _, _) do + def get("https://remote.org/users/masto_closed/followers?page=1", _, _, _) do {:ok, %Tesla.Env{ status: 200, @@ -973,7 +973,7 @@ defmodule HttpRequestMock do }} end - def get("http://localhost:4001/users/masto_closed/following", _, _, _) do + def get("https://remote.org/users/masto_closed/following", _, _, _) do {:ok, %Tesla.Env{ status: 200, @@ -982,7 +982,7 @@ defmodule HttpRequestMock do }} end - def get("http://localhost:4001/users/masto_closed/following?page=1", _, _, _) do + def get("https://remote.org/users/masto_closed/following?page=1", _, _, _) do {:ok, %Tesla.Env{ status: 200, @@ -991,7 +991,7 @@ defmodule HttpRequestMock do }} end - def get("http://localhost:8080/followers/fuser3", _, _, _) do + def get("https://remote.org/followers/fuser3", _, _, _) do {:ok, %Tesla.Env{ status: 200, @@ -1000,7 +1000,7 @@ defmodule HttpRequestMock do }} end - def get("http://localhost:8080/following/fuser3", _, _, _) do + def get("https://remote.org/following/fuser3", _, _, _) do {:ok, %Tesla.Env{ status: 200, @@ -1009,7 +1009,7 @@ defmodule HttpRequestMock do }} end - def get("http://localhost:4001/users/fuser2/followers", _, _, _) do + def get("https://remote.org/users/fuser2/followers", _, _, _) do {:ok, %Tesla.Env{ status: 200, @@ -1018,7 +1018,7 @@ defmodule HttpRequestMock do }} end - def get("http://localhost:4001/users/fuser2/following", _, _, _) do + def get("https://remote.org/users/fuser2/following", _, _, _) do {:ok, %Tesla.Env{ status: 200, From 3c2b51c7cb249e7c0fc92023ac556d324ac3d774 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 17:57:45 +0400 Subject: [PATCH 27/30] Changelog: Add missing changelog entries --- changelog.d/c2s-update-authorization.security | 1 + changelog.d/cross-domain-redirect-check.security | 1 + changelog.d/emoji-shortcode-validation.security | 1 + changelog.d/local-fetch-prevention.security | 2 +- changelog.d/media-proxy-sanitize.security | 1 + changelog.d/object-fetcher-content-type.security | 1 + 6 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelog.d/c2s-update-authorization.security create mode 100644 changelog.d/cross-domain-redirect-check.security create mode 100644 changelog.d/emoji-shortcode-validation.security create mode 100644 changelog.d/media-proxy-sanitize.security create mode 100644 changelog.d/object-fetcher-content-type.security diff --git a/changelog.d/c2s-update-authorization.security b/changelog.d/c2s-update-authorization.security new file mode 100644 index 000000000..0fe7d97c9 --- /dev/null +++ b/changelog.d/c2s-update-authorization.security @@ -0,0 +1 @@ +Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content. \ No newline at end of file diff --git a/changelog.d/cross-domain-redirect-check.security b/changelog.d/cross-domain-redirect-check.security new file mode 100644 index 000000000..9201de794 --- /dev/null +++ b/changelog.d/cross-domain-redirect-check.security @@ -0,0 +1 @@ +Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls. \ No newline at end of file diff --git a/changelog.d/emoji-shortcode-validation.security b/changelog.d/emoji-shortcode-validation.security new file mode 100644 index 000000000..5a7d39279 --- /dev/null +++ b/changelog.d/emoji-shortcode-validation.security @@ -0,0 +1 @@ +Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse. \ No newline at end of file diff --git a/changelog.d/local-fetch-prevention.security b/changelog.d/local-fetch-prevention.security index f72342316..e012abcd5 100644 --- a/changelog.d/local-fetch-prevention.security +++ b/changelog.d/local-fetch-prevention.security @@ -1 +1 @@ -Security: Block attempts to fetch activities from the local instance to prevent spoofing. \ No newline at end of file +Block attempts to fetch activities from the local instance to prevent spoofing. \ No newline at end of file diff --git a/changelog.d/media-proxy-sanitize.security b/changelog.d/media-proxy-sanitize.security new file mode 100644 index 000000000..b94348ea7 --- /dev/null +++ b/changelog.d/media-proxy-sanitize.security @@ -0,0 +1 @@ +Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media. \ No newline at end of file diff --git a/changelog.d/object-fetcher-content-type.security b/changelog.d/object-fetcher-content-type.security new file mode 100644 index 000000000..2ef4aefe7 --- /dev/null +++ b/changelog.d/object-fetcher-content-type.security @@ -0,0 +1 @@ +Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks. \ No newline at end of file From 0a93a7b0c9e4f05f2abd2079c976c0a4bf1b3d77 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 18:04:54 +0400 Subject: [PATCH 28/30] Mix: Update version --- mix.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.exs b/mix.exs index a0f236efd..808a2b12c 100644 --- a/mix.exs +++ b/mix.exs @@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do def project do [ app: :pleroma, - version: version("2.9.0"), + version: version("2.9.1"), elixir: "~> 1.14", elixirc_paths: elixirc_paths(Mix.env()), compilers: Mix.compilers(), From 4c8a8a4b62151ab86019cf92ffb67dc81e13cdd7 Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 18:06:43 +0400 Subject: [PATCH 29/30] Update changelog --- CHANGELOG.md | 17 +++++++++++++++++ changelog.d/c2s-update-authorization.security | 1 - changelog.d/content-type-sanitize.security | 1 - .../cross-domain-redirect-check.security | 1 - changelog.d/debian-distro-docs-pleromaBE.fix | 1 - changelog.d/emoji-shortcode-validation.security | 1 - changelog.d/local-fetch-prevention.security | 1 - changelog.d/media-proxy-sanitize.security | 1 - .../object-fetcher-content-type.security | 1 - changelog.d/pl-fe.change | 1 - 10 files changed, 17 insertions(+), 9 deletions(-) delete mode 100644 changelog.d/c2s-update-authorization.security delete mode 100644 changelog.d/content-type-sanitize.security delete mode 100644 changelog.d/cross-domain-redirect-check.security delete mode 100644 changelog.d/debian-distro-docs-pleromaBE.fix delete mode 100644 changelog.d/emoji-shortcode-validation.security delete mode 100644 changelog.d/local-fetch-prevention.security delete mode 100644 changelog.d/media-proxy-sanitize.security delete mode 100644 changelog.d/object-fetcher-content-type.security delete mode 100644 changelog.d/pl-fe.change diff --git a/CHANGELOG.md b/CHANGELOG.md index 657422689..19b87f09a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,23 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## 2.9.1 + +### Security +- Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content. +- Fix content-type spoofing vulnerability that could allow users to upload ActivityPub objects as attachments +- Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls. +- Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse. +- Block attempts to fetch activities from the local instance to prevent spoofing. +- Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media. +- Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks. + +### Changed +- Include `pl-fe` in available frontends + +### Fixed +- Remove trailing ` from end of line 75 which caused issues copy-pasting + ## 2.9.0 ### Security diff --git a/changelog.d/c2s-update-authorization.security b/changelog.d/c2s-update-authorization.security deleted file mode 100644 index 0fe7d97c9..000000000 --- a/changelog.d/c2s-update-authorization.security +++ /dev/null @@ -1 +0,0 @@ -Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content. \ No newline at end of file diff --git a/changelog.d/content-type-sanitize.security b/changelog.d/content-type-sanitize.security deleted file mode 100644 index a70b49f35..000000000 --- a/changelog.d/content-type-sanitize.security +++ /dev/null @@ -1 +0,0 @@ -Fix content-type spoofing vulnerability that could allow users to upload ActivityPub objects as attachments \ No newline at end of file diff --git a/changelog.d/cross-domain-redirect-check.security b/changelog.d/cross-domain-redirect-check.security deleted file mode 100644 index 9201de794..000000000 --- a/changelog.d/cross-domain-redirect-check.security +++ /dev/null @@ -1 +0,0 @@ -Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls. \ No newline at end of file diff --git a/changelog.d/debian-distro-docs-pleromaBE.fix b/changelog.d/debian-distro-docs-pleromaBE.fix deleted file mode 100644 index d43477ba9..000000000 --- a/changelog.d/debian-distro-docs-pleromaBE.fix +++ /dev/null @@ -1 +0,0 @@ -Remove trailing ` from end of line 75 which caused issues copy-pasting \ No newline at end of file diff --git a/changelog.d/emoji-shortcode-validation.security b/changelog.d/emoji-shortcode-validation.security deleted file mode 100644 index 5a7d39279..000000000 --- a/changelog.d/emoji-shortcode-validation.security +++ /dev/null @@ -1 +0,0 @@ -Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse. \ No newline at end of file diff --git a/changelog.d/local-fetch-prevention.security b/changelog.d/local-fetch-prevention.security deleted file mode 100644 index e012abcd5..000000000 --- a/changelog.d/local-fetch-prevention.security +++ /dev/null @@ -1 +0,0 @@ -Block attempts to fetch activities from the local instance to prevent spoofing. \ No newline at end of file diff --git a/changelog.d/media-proxy-sanitize.security b/changelog.d/media-proxy-sanitize.security deleted file mode 100644 index b94348ea7..000000000 --- a/changelog.d/media-proxy-sanitize.security +++ /dev/null @@ -1 +0,0 @@ -Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media. \ No newline at end of file diff --git a/changelog.d/object-fetcher-content-type.security b/changelog.d/object-fetcher-content-type.security deleted file mode 100644 index 2ef4aefe7..000000000 --- a/changelog.d/object-fetcher-content-type.security +++ /dev/null @@ -1 +0,0 @@ -Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks. \ No newline at end of file diff --git a/changelog.d/pl-fe.change b/changelog.d/pl-fe.change deleted file mode 100644 index 7e3e4b59e..000000000 --- a/changelog.d/pl-fe.change +++ /dev/null @@ -1 +0,0 @@ -Include `pl-fe` in available frontends From 5ce612b2723381a978f3810a414a3c3038a1859c Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Tue, 11 Mar 2025 18:21:27 +0400 Subject: [PATCH 30/30] Linting --- lib/pleroma/{datetime.ex => date_time.ex} | 0 lib/pleroma/{datetime => date_time}/impl.ex | 0 lib/pleroma/mogrify_behaviour.ex | 15 +++++++++++++++ lib/pleroma/{mogrify.ex => mogrify_wrapper.ex} | 12 ------------ .../upload/filter/anonymize_filename_test.exs | 2 +- test/pleroma/upload/filter/mogrifun_test.exs | 2 +- test/pleroma/upload/filter/mogrify_test.exs | 4 ++-- test/pleroma/upload/filter_test.exs | 2 +- test/pleroma/web/plugs/instance_static_test.exs | 2 +- 9 files changed, 21 insertions(+), 18 deletions(-) rename lib/pleroma/{datetime.ex => date_time.ex} (100%) rename lib/pleroma/{datetime => date_time}/impl.ex (100%) create mode 100644 lib/pleroma/mogrify_behaviour.ex rename lib/pleroma/{mogrify.ex => mogrify_wrapper.ex} (64%) diff --git a/lib/pleroma/datetime.ex b/lib/pleroma/date_time.ex similarity index 100% rename from lib/pleroma/datetime.ex rename to lib/pleroma/date_time.ex diff --git a/lib/pleroma/datetime/impl.ex b/lib/pleroma/date_time/impl.ex similarity index 100% rename from lib/pleroma/datetime/impl.ex rename to lib/pleroma/date_time/impl.ex diff --git a/lib/pleroma/mogrify_behaviour.ex b/lib/pleroma/mogrify_behaviour.ex new file mode 100644 index 000000000..234cb86cf --- /dev/null +++ b/lib/pleroma/mogrify_behaviour.ex @@ -0,0 +1,15 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2022 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.MogrifyBehaviour do + @moduledoc """ + Behaviour for Mogrify operations. + This module defines the interface for Mogrify operations that can be mocked in tests. + """ + + @callback open(binary()) :: map() + @callback custom(map(), binary()) :: map() + @callback custom(map(), binary(), binary()) :: map() + @callback save(map(), keyword()) :: map() +end diff --git a/lib/pleroma/mogrify.ex b/lib/pleroma/mogrify_wrapper.ex similarity index 64% rename from lib/pleroma/mogrify.ex rename to lib/pleroma/mogrify_wrapper.ex index 77725e8f2..17174fd97 100644 --- a/lib/pleroma/mogrify.ex +++ b/lib/pleroma/mogrify_wrapper.ex @@ -2,18 +2,6 @@ # Copyright © 2017-2022 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only -defmodule Pleroma.MogrifyBehaviour do - @moduledoc """ - Behaviour for Mogrify operations. - This module defines the interface for Mogrify operations that can be mocked in tests. - """ - - @callback open(binary()) :: map() - @callback custom(map(), binary()) :: map() - @callback custom(map(), binary(), binary()) :: map() - @callback save(map(), keyword()) :: map() -end - defmodule Pleroma.MogrifyWrapper do @moduledoc """ Default implementation of MogrifyBehaviour that delegates to Mogrify. diff --git a/test/pleroma/upload/filter/anonymize_filename_test.exs b/test/pleroma/upload/filter/anonymize_filename_test.exs index 0f817a5a1..5dae62003 100644 --- a/test/pleroma/upload/filter/anonymize_filename_test.exs +++ b/test/pleroma/upload/filter/anonymize_filename_test.exs @@ -6,8 +6,8 @@ defmodule Pleroma.Upload.Filter.AnonymizeFilenameTest do use Pleroma.DataCase, async: true import Mox - alias Pleroma.Upload alias Pleroma.StaticStubbedConfigMock, as: ConfigMock + alias Pleroma.Upload setup do File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") diff --git a/test/pleroma/upload/filter/mogrifun_test.exs b/test/pleroma/upload/filter/mogrifun_test.exs index 4de998c88..77a9c1666 100644 --- a/test/pleroma/upload/filter/mogrifun_test.exs +++ b/test/pleroma/upload/filter/mogrifun_test.exs @@ -6,9 +6,9 @@ defmodule Pleroma.Upload.Filter.MogrifunTest do use Pleroma.DataCase, async: true import Mox + alias Pleroma.MogrifyMock alias Pleroma.Upload alias Pleroma.Upload.Filter - alias Pleroma.MogrifyMock test "apply mogrify filter" do File.cp!( diff --git a/test/pleroma/upload/filter/mogrify_test.exs b/test/pleroma/upload/filter/mogrify_test.exs index 6826faafe..f8ed6e8dd 100644 --- a/test/pleroma/upload/filter/mogrify_test.exs +++ b/test/pleroma/upload/filter/mogrify_test.exs @@ -6,9 +6,9 @@ defmodule Pleroma.Upload.Filter.MogrifyTest do use Pleroma.DataCase, async: true import Mox - alias Pleroma.Upload.Filter - alias Pleroma.StaticStubbedConfigMock, as: ConfigMock alias Pleroma.MogrifyMock + alias Pleroma.StaticStubbedConfigMock, as: ConfigMock + alias Pleroma.Upload.Filter setup :verify_on_exit! diff --git a/test/pleroma/upload/filter_test.exs b/test/pleroma/upload/filter_test.exs index 79bc369a6..a369a723a 100644 --- a/test/pleroma/upload/filter_test.exs +++ b/test/pleroma/upload/filter_test.exs @@ -6,8 +6,8 @@ defmodule Pleroma.Upload.FilterTest do use Pleroma.DataCase import Mox - alias Pleroma.Upload.Filter alias Pleroma.StaticStubbedConfigMock, as: ConfigMock + alias Pleroma.Upload.Filter test "applies filters" do ConfigMock diff --git a/test/pleroma/web/plugs/instance_static_test.exs b/test/pleroma/web/plugs/instance_static_test.exs index e8cf17f3f..33b74dcf0 100644 --- a/test/pleroma/web/plugs/instance_static_test.exs +++ b/test/pleroma/web/plugs/instance_static_test.exs @@ -114,7 +114,7 @@ defmodule Pleroma.Web.Plugs.InstanceStaticTest do _ -> nil end) - # It should have been sanitized to application/octet-stream because "application" + # It should have been sanitized to application/octet-stream because "application" # is not in the allowed_mime_types list assert content_type == "application/octet-stream"