From 063e3c0d34669bc9bf0ab9ee70e78e6311e191e8 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 15 Aug 2023 23:12:04 +0100 Subject: [PATCH] Disallow nil hosts in should_federate --- CHANGELOG.md | 1 + lib/pleroma/web/activity_pub/publisher.ex | 6 +++++- test/pleroma/web/activity_pub/publisher_test.exs | 7 +++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0b7fcf79..71949e2e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Fixed - Documentation issue in which a non-existing nginx file was referenced +- Issue where a bad inbox URL could break federation ## 2023.08 diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index 3071c1b77..20004c4fa 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -115,13 +115,17 @@ defmodule Pleroma.Web.ActivityPub.Publisher do def should_federate?(url) do %{host: host} = URI.parse(url) - with allowed <- allowed_instances(), + with {:nil, false} <- {:nil, is_nil(host)}, + allowed <- allowed_instances(), false <- Enum.empty?(allowed) do allowed |> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples() |> Pleroma.Web.ActivityPub.MRF.subdomains_regex() |> Pleroma.Web.ActivityPub.MRF.subdomain_match?(host) else + # oi! + {:nil, true} -> + false _ -> quarantined_instances = blocked_instances() diff --git a/test/pleroma/web/activity_pub/publisher_test.exs b/test/pleroma/web/activity_pub/publisher_test.exs index d993ab1d4..87930b7b1 100644 --- a/test/pleroma/web/activity_pub/publisher_test.exs +++ b/test/pleroma/web/activity_pub/publisher_test.exs @@ -487,4 +487,11 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do ) end end + + describe "should_federate/1" do + test "should not obliterate itself if the inbox URL is bad" do + url = "/inbox" + refute Pleroma.Web.ActivityPub.Publisher.should_federate?(url) + end + end end