AkkomaGang/akkoma
AkkomaGang/akkoma
15
64
Fork 91
Code Issues 175 Pull requests 19 Projects 2 Releases 14 Packages Wiki Activity
akkoma/lib/pleroma/web/activity_pub/mrf
History
Oneric a4fa2ec9af StealEmoji: make final paths infeasible to predict 
Certain attacks rely on predictable paths for their payloads.
If we weren’t so overly lax in our (id, URL) check, the current
counterfeit activity exploit would be one of those.
It seems plausible for future attacks to hinge on
or being made easier by predictable paths too.

In general, letting remote actors place arbitrary data at
a path within our domain of their choosing (sans prefix)
just doesn’t seem like a good idea.

Using fully random filenames would have worked as well, but this
is less friendly for admins checking emoji dirs.
The generated suffix should still be more than enough;
an attacker needs on average 140 trillion attempts to
correctly guess the final path.
2024-03-18 22:33:10 -01:00
..
activity_expiration_policy.ex Fix MRF policies to also work with Update 2022-12-08 23:22:05 +01:00
anti_followbot_policy.ex Also use actor_type to determine if an account is a bot in antiFollowbotPolicy 2022-06-29 20:47:44 +01:00
anti_link_spam_policy.ex Fix MRF policies to also work with Update 2022-12-08 23:22:05 +01:00
direct_message_disabled_policy.ex Fix filtering out incorrect addresses 2023-05-23 13:46:25 +01:00
drop_policy.ex MRF: create MRF.Policy behaviour separate from MRF module 2021-06-07 14:22:08 -05:00
ensure_re_prepended.ex Post editing (#202) 2022-09-06 19:24:02 +00:00
force_bot_unlisted_policy.ex Fix MRF policies to also work with Update 2022-12-08 23:22:05 +01:00
hashtag_policy.ex Post editing (#202) 2022-09-06 19:24:02 +00:00
hellthread_policy.ex Fix MRF policies to also work with Update 2022-12-08 23:22:05 +01:00
inline_quote_policy.ex Quote posting (#113) 2022-07-25 16:30:06 +00:00
keyword_policy.ex Post editing (#202) 2022-09-06 19:24:02 +00:00
media_proxy_warming_policy.ex Ensure Gun is Gone 2022-12-11 19:26:21 +00:00
mention_policy.ex Fix MRF policies to also work with Update 2022-12-08 23:22:05 +01:00
no_empty_policy.ex Post editing (#202) 2022-09-06 19:24:02 +00:00
no_op_policy.ex MRF: create MRF.Policy behaviour separate from MRF module 2021-06-07 14:22:08 -05:00
no_placeholder_text_policy.ex Post editing (#202) 2022-09-06 19:24:02 +00:00
normalize_markup.ex Post editing (#202) 2022-09-06 19:24:02 +00:00
object_age_policy.ex ObjectAgePolicy: Fix pattern matching on published 2021-08-10 07:41:06 +02:00
pipeline_filtering.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
policy.ex Post editing (#202) 2022-09-06 19:24:02 +00:00
reject_newly_created_account_note_policy.ex Fix create processing in direct message disabled 2023-05-23 13:16:20 +01:00
reject_non_public.ex Improve readability 2021-08-06 07:59:54 +02:00
simple_policy.ex Add background_removal to SimplePolicy MRF 2024-02-16 16:36:45 +01:00
steal_emoji_policy.ex StealEmoji: make final paths infeasible to predict 2024-03-18 22:33:10 -01:00
subchain_policy.ex CI: Bump lint stage to elixir-1.12 2021-10-06 08:11:05 +02:00
tag_policy.ex Fix MRF policies to also work with Update 2022-12-08 23:22:05 +01:00
user_allow_list_policy.ex Improve readability 2021-08-06 07:59:54 +02:00
vocabulary_policy.ex Improve readability 2021-08-06 07:59:54 +02:00