From 0dfd5d8bc043099ebd64a7a27c18ccc53c0ae07d Mon Sep 17 00:00:00 2001
From: Johann150 <johann.galle@protonmail.com>
Date: Thu, 21 Nov 2024 19:57:24 +0100
Subject: [PATCH] activitypub: more validation for polls

---
 packages/backend/src/remote/activitypub/models/question.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/backend/src/remote/activitypub/models/question.ts b/packages/backend/src/remote/activitypub/models/question.ts
index 803acee66..6a04a38f9 100644
--- a/packages/backend/src/remote/activitypub/models/question.ts
+++ b/packages/backend/src/remote/activitypub/models/question.ts
@@ -57,7 +57,7 @@ export async function updateQuestion(value: string | IObject, resolver: Resolver
 	const question = await resolver.resolve(value) as IQuestion;
 	apLogger.debug(`fetched question: ${JSON.stringify(question, null, 2)}`);
 
-	if (question.type !== 'Question') throw new Error('object is not a Question');
+	if (!isQuestion(question)) throw new Error('object is not a Question');
 
 	const apChoices = question.oneOf || question.anyOf;
 
@@ -67,6 +67,10 @@ export async function updateQuestion(value: string | IObject, resolver: Resolver
 		const oldCount = poll.votes[poll.choices.indexOf(choice)];
 		const newCount = apChoices!.filter(ap => ap.name === choice)[0].replies!.totalItems;
 
+		if (!Number.isInteger(newCount) || newcount < 0) {
+			throw new Error(`invalid newCount: ${newCount}`);
+		}
+
 		if (oldCount !== newCount) {
 			changed = true;
 			poll.votes[poll.choices.indexOf(choice)] = newCount;