Merge pull request 'Fix StealEmoji’s max size check' (#793) from Oneric/akkoma:emojistealer_contentlength into develop
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending

Reviewed-on: #793
This commit is contained in:
floatingghost 2024-06-12 17:09:05 +00:00
commit b03edb4ff4
3 changed files with 21 additions and 6 deletions

View file

@ -101,10 +101,19 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
end
end
defp get_int_header(headers, header_name, default \\ nil) do
with rawval when rawval != :undefined <- :proplists.get_value(header_name, headers),
{int, ""} <- Integer.parse(rawval) do
int
else
_ -> default
end
end
defp is_remote_size_within_limit?(url) do
with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <-
Pleroma.HTTP.request(:head, url, nil, [], []) do
content_length = :proplists.get_value("content-length", headers, nil)
content_length = get_int_header(headers, "content-length")
size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit)
accept_unknown =
@ -172,7 +181,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
description: <<_::272, _::_*256>>,
key: :hosts | :rejected_shortcodes | :size_limit,
suggestions: [any(), ...],
type: {:list, :string} | {:list, :string} | :integer
type: {:list, :string} | {:list, :string} | :integer | :boolean
},
...
],
@ -209,6 +218,12 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
type: :integer,
description: "File size limit (in bytes), checked before an emoji is saved to the disk",
suggestions: ["100000"]
},
%{
key: :download_unknown_size,
type: :boolean,
description: "Whether to download emoji if size can't be determined ahead of time",
suggestions: [false, true]
}
]
}

View file

@ -110,7 +110,7 @@ defmodule Pleroma.SignatureTest do
headers = %{
host: "test.test",
"content-length": 100
"content-length": "100"
}
assert_signature_equal(
@ -127,7 +127,7 @@ defmodule Pleroma.SignatureTest do
assert Signature.sign(
user,
%{host: "test.test", "content-length": 100}
%{host: "test.test", "content-length": "100"}
) == {:error, []}
end
end

View file

@ -202,7 +202,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
test "reject too large content-size before download", %{message: message} do
clear_config([:mrf_steal_emoji, :download_unknown_size], false)
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2 ** 30}])
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "#{2 ** 30}"}])
refute "firedfox" in installed()
@ -216,7 +216,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
test "accepts content-size below limit", %{message: message} do
clear_config([:mrf_steal_emoji, :download_unknown_size], false)
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2}])
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "2"}])
refute "firedfox" in installed()