Fix obfuscation of short domains

Fixes #645

CHANGELOG.md

@@ -19,6 +19,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Documentation issue in which a non-existing nginx file was referenced
 - Issue where a bad inbox URL could break federation
 - Issue where hashtag rel values would be scrubbed
+- Issue where short domains listed in `transparency_obfuscate_domains` were not actually obfuscated
 
 ## 2023.08
 

lib/pleroma/web/activity_pub/mrf/simple_policy.ex

@@ -314,6 +314,20 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
   def filter(object), do: {:ok, object}
 
   defp obfuscate(string) when is_binary(string) do
+    # Want to strip at least two neighbouring chars
+    # to ensure at least one non-dot char is in the obfuscation area
+    stripped = String.length(string) - 6
+
+    {keepstart, keepend} =
+      if stripped > 1 do
+        {3, 3}
+      else
+        {
+          2 - div(1 - stripped, 2),
+          2 + div(stripped, 2)
+        }
+      end
+
     string
     |> to_charlist()
     |> Enum.with_index()
@@ -322,7 +336,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
         ?.
 
       {char, index} ->
-        if 3 <= index && index < String.length(string) - 3, do: ?*, else: char
+        if keepstart <= index && index < String.length(string) - keepend, do: ?*, else: char
     end)
     |> to_string()
   end

test/pleroma/web/activity_pub/mrf/simple_policy_test.exs

@@ -283,7 +283,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
 
       assert {:ok,
               %{
-                mrf_simple: %{reject: ["rem***.*****nce", "a.b"]},
+                mrf_simple: %{reject: ["rem***.*****nce", "*.b"]},
                 mrf_simple_info: %{reject: %{"rem***.*****nce" => %{}}}
               }} = SimplePolicy.describe()
     end