2020-04-14 16:59:04 +00:00
|
|
|
# Pleroma: A lightweight social networking server
|
2021-01-13 06:49:20 +00:00
|
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
2020-04-14 16:59:04 +00:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
|
|
|
|
use Pleroma.DataCase
|
|
|
|
|
|
|
|
alias Pleroma.Config
|
2020-12-25 08:30:36 +00:00
|
|
|
alias Pleroma.Emoji
|
2024-03-09 21:39:25 +00:00
|
|
|
alias Pleroma.Emoji.Pack
|
2020-04-14 16:59:04 +00:00
|
|
|
alias Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy
|
|
|
|
|
2024-03-09 21:39:25 +00:00
|
|
|
defp has_pack?() do
|
|
|
|
case Pack.load_pack("stolen") do
|
|
|
|
{:ok, _pack} -> true
|
|
|
|
{:error, :enoent} -> false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
defp has_emoji?(shortcode) do
|
|
|
|
case Pack.load_pack("stolen") do
|
|
|
|
{:ok, pack} -> Map.has_key?(pack.files, shortcode)
|
|
|
|
{:error, :enoent} -> false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-04-14 16:59:04 +00:00
|
|
|
setup do
|
2020-12-25 08:30:36 +00:00
|
|
|
emoji_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/stolen")
|
2020-04-14 16:59:04 +00:00
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
Emoji.reload()
|
2020-04-14 16:59:04 +00:00
|
|
|
|
|
|
|
message = %{
|
|
|
|
"type" => "Create",
|
|
|
|
"object" => %{
|
|
|
|
"emoji" => [{"firedfox", "https://example.org/emoji/firedfox.png"}],
|
|
|
|
"actor" => "https://example.org/users/admin"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
on_exit(fn ->
|
|
|
|
File.rm_rf!(emoji_path)
|
|
|
|
end)
|
2020-04-14 16:59:04 +00:00
|
|
|
|
2024-03-09 21:39:25 +00:00
|
|
|
[message: message]
|
2020-04-14 16:59:04 +00:00
|
|
|
end
|
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
test "does nothing by default", %{message: message} do
|
|
|
|
refute "firedfox" in installed()
|
2020-04-14 16:59:04 +00:00
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
assert {:ok, _message} = StealEmojiPolicy.filter(message)
|
|
|
|
|
|
|
|
refute "firedfox" in installed()
|
|
|
|
end
|
2020-04-14 16:59:04 +00:00
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
test "Steals emoji on unknown shortcode from allowed remote host", %{
|
2024-03-09 21:39:25 +00:00
|
|
|
message: message
|
2020-12-25 08:30:36 +00:00
|
|
|
} do
|
|
|
|
refute "firedfox" in installed()
|
2024-03-09 21:39:25 +00:00
|
|
|
refute has_pack?()
|
2020-04-14 16:59:04 +00:00
|
|
|
|
2021-11-14 10:44:24 +00:00
|
|
|
Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox.png"} ->
|
2024-03-07 22:35:05 +00:00
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/image.jpg"),
|
|
|
|
url: "https://example.org/emoji/firedfox.png"
|
|
|
|
}
|
2021-11-14 10:44:24 +00:00
|
|
|
end)
|
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468)
|
2020-04-14 16:59:04 +00:00
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
assert {:ok, _message} = StealEmojiPolicy.filter(message)
|
|
|
|
|
|
|
|
assert "firedfox" in installed()
|
2024-03-09 21:39:25 +00:00
|
|
|
assert has_pack?()
|
2020-12-25 08:30:36 +00:00
|
|
|
|
2024-03-09 21:39:25 +00:00
|
|
|
assert has_emoji?("firedfox")
|
2020-12-25 08:30:36 +00:00
|
|
|
end
|
|
|
|
|
2024-03-09 21:39:25 +00:00
|
|
|
test "rejects invalid shortcodes" do
|
2024-02-20 07:45:48 +00:00
|
|
|
message = %{
|
|
|
|
"type" => "Create",
|
|
|
|
"object" => %{
|
|
|
|
"emoji" => [{"fired/fox", "https://example.org/emoji/firedfox"}],
|
|
|
|
"actor" => "https://example.org/users/admin"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox"} ->
|
2024-03-07 22:35:05 +00:00
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/image.jpg"),
|
|
|
|
url: "https://example.org/emoji/firedfox.png"
|
|
|
|
}
|
2024-02-20 07:45:48 +00:00
|
|
|
end)
|
|
|
|
|
|
|
|
clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468)
|
|
|
|
|
|
|
|
refute "firedfox" in installed()
|
2024-03-09 21:39:25 +00:00
|
|
|
refute has_pack?()
|
2024-02-20 07:45:48 +00:00
|
|
|
|
|
|
|
assert {:ok, _message} = StealEmojiPolicy.filter(message)
|
|
|
|
|
|
|
|
refute "fired/fox" in installed()
|
2024-03-09 21:39:25 +00:00
|
|
|
refute has_emoji?("fired/fox")
|
2024-02-20 07:45:48 +00:00
|
|
|
end
|
|
|
|
|
2024-03-09 21:39:25 +00:00
|
|
|
test "prefers content-type header for extension" do
|
2024-03-07 22:35:05 +00:00
|
|
|
message = %{
|
|
|
|
"type" => "Create",
|
|
|
|
"object" => %{
|
|
|
|
"emoji" => [{"firedfox", "https://example.org/emoji/firedfox.fud"}],
|
|
|
|
"actor" => "https://example.org/users/admin"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox.fud"} ->
|
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/image.jpg"),
|
|
|
|
url: "https://example.org/emoji/firedfox.wevp",
|
|
|
|
headers: [{"content-type", "image/gif"}]
|
|
|
|
}
|
|
|
|
end)
|
|
|
|
|
|
|
|
clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468)
|
|
|
|
|
|
|
|
assert {:ok, _message} = StealEmojiPolicy.filter(message)
|
|
|
|
|
|
|
|
assert "firedfox" in installed()
|
2024-03-09 21:39:25 +00:00
|
|
|
assert has_emoji?("firedfox")
|
2024-03-07 22:35:05 +00:00
|
|
|
end
|
|
|
|
|
2022-05-18 19:25:10 +00:00
|
|
|
test "reject regex shortcode", %{message: message} do
|
2020-12-25 08:30:36 +00:00
|
|
|
refute "firedfox" in installed()
|
|
|
|
|
|
|
|
clear_config(:mrf_steal_emoji,
|
|
|
|
hosts: ["example.org"],
|
|
|
|
size_limit: 284_468,
|
|
|
|
rejected_shortcodes: [~r/firedfox/]
|
|
|
|
)
|
|
|
|
|
|
|
|
assert {:ok, _message} = StealEmojiPolicy.filter(message)
|
|
|
|
|
|
|
|
refute "firedfox" in installed()
|
|
|
|
end
|
|
|
|
|
2022-05-18 19:25:10 +00:00
|
|
|
test "reject string shortcode", %{message: message} do
|
|
|
|
refute "firedfox" in installed()
|
|
|
|
|
|
|
|
clear_config(:mrf_steal_emoji,
|
|
|
|
hosts: ["example.org"],
|
|
|
|
size_limit: 284_468,
|
|
|
|
rejected_shortcodes: ["firedfox"]
|
|
|
|
)
|
|
|
|
|
|
|
|
assert {:ok, _message} = StealEmojiPolicy.filter(message)
|
|
|
|
|
|
|
|
refute "firedfox" in installed()
|
|
|
|
end
|
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
test "reject if size is above the limit", %{message: message} do
|
|
|
|
refute "firedfox" in installed()
|
|
|
|
|
2021-11-14 10:44:24 +00:00
|
|
|
Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox.png"} ->
|
2024-03-07 22:35:05 +00:00
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/image.jpg"),
|
|
|
|
url: "https://example.org/emoji/firedfox.png"
|
|
|
|
}
|
2021-11-14 10:44:24 +00:00
|
|
|
end)
|
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 50_000)
|
|
|
|
|
|
|
|
assert {:ok, _message} = StealEmojiPolicy.filter(message)
|
|
|
|
|
|
|
|
refute "firedfox" in installed()
|
|
|
|
end
|
|
|
|
|
|
|
|
test "reject if host returns error", %{message: message} do
|
|
|
|
refute "firedfox" in installed()
|
|
|
|
|
|
|
|
Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox.png"} ->
|
2024-03-07 22:35:05 +00:00
|
|
|
{:ok,
|
|
|
|
%Tesla.Env{status: 404, body: "Not found", url: "https://example.org/emoji/firedfox.png"}}
|
2020-12-25 08:30:36 +00:00
|
|
|
end)
|
|
|
|
|
|
|
|
clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468)
|
|
|
|
|
|
|
|
ExUnit.CaptureLog.capture_log(fn ->
|
|
|
|
assert {:ok, _message} = StealEmojiPolicy.filter(message)
|
|
|
|
end) =~ "MRF.StealEmojiPolicy: Failed to fetch https://example.org/emoji/firedfox.png"
|
|
|
|
|
|
|
|
refute "firedfox" in installed()
|
2020-04-14 16:59:04 +00:00
|
|
|
end
|
2020-12-25 08:30:36 +00:00
|
|
|
|
|
|
|
defp installed, do: Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
|
2020-04-14 16:59:04 +00:00
|
|
|
end
|