From 7bbaa8f8e07044726c5b97b9ab8126ca41f2fd78 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Mon, 7 Nov 2022 22:33:18 +0000 Subject: [PATCH] automatically trim loading *. prefixes on domain blocks --- CHANGELOG.md | 3 - lib/pleroma/web/activity_pub/mrf.ex | 2 + .../activity_pub/mrf/simple_policy_test.exs | 68 +++++++++---------- test/pleroma/web/activity_pub/mrf_test.exs | 2 +- 4 files changed, 37 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 05d24a821..15472eda6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased -## UPGRADE NOTES -- Change your instance blocks to remove any `*.` prefixes. `example.com` will block `*.example.com` by default now - ## Added - Officially supported docker release - Ability to remove followers unilaterally without a block diff --git a/lib/pleroma/web/activity_pub/mrf.ex b/lib/pleroma/web/activity_pub/mrf.ex index 7b7f44646..0d4986e68 100644 --- a/lib/pleroma/web/activity_pub/mrf.ex +++ b/lib/pleroma/web/activity_pub/mrf.ex @@ -154,6 +154,8 @@ defp get_policies(_), do: [] # - https://extra.baddomain.net/ # Does NOT match the following: # - https://maybebaddomain.net/ + def subdomain_regex("*." <> domain), do: subdomain_regex(domain) + def subdomain_regex(domain) do ~r/^(.+\.)?#{Regex.escape(domain)}$/i end diff --git a/test/pleroma/web/activity_pub/mrf/simple_policy_test.exs b/test/pleroma/web/activity_pub/mrf/simple_policy_test.exs index 5f80c1629..0569bfed3 100644 --- a/test/pleroma/web/activity_pub/mrf/simple_policy_test.exs +++ b/test/pleroma/web/activity_pub/mrf/simple_policy_test.exs @@ -46,8 +46,8 @@ test "has a matching host" do end test "match with wildcard domain" do - clear_config([:mrf_simple, :media_removal], [{"remote.instance", "Whatever reason"}]) - media_message = build_media_message("sub.remote.instance") + clear_config([:mrf_simple, :media_removal], [{"*.remote.instance", "Whatever reason"}]) + media_message = build_media_message() local_message = build_local_message() assert SimplePolicy.filter(media_message) == @@ -81,8 +81,8 @@ test "has a matching host" do end test "match with wildcard domain" do - clear_config([:mrf_simple, :media_nsfw], [{"remote.instance", "yeah yeah"}]) - media_message = build_media_message("sub.remote.instance") + clear_config([:mrf_simple, :media_nsfw], [{"*.remote.instance", "yeah yeah"}]) + media_message = build_media_message() local_message = build_local_message() assert SimplePolicy.filter(media_message) == @@ -92,9 +92,9 @@ test "match with wildcard domain" do end end - defp build_media_message(domain \\ "remote.instance") do + defp build_media_message do %{ - "actor" => "https://#{domain}/users/bob", + "actor" => "https://remote.instance/users/bob", "type" => "Create", "object" => %{ "attachment" => [%{}], @@ -124,8 +124,8 @@ test "has a matching host" do end test "match with wildcard domain" do - clear_config([:mrf_simple, :report_removal], [{"remote.instance", "suya"}]) - report_message = build_report_message("sub.remote.instance") + clear_config([:mrf_simple, :report_removal], [{"*.remote.instance", "suya"}]) + report_message = build_report_message() local_message = build_local_message() assert {:reject, _} = SimplePolicy.filter(report_message) @@ -133,9 +133,9 @@ test "match with wildcard domain" do end end - defp build_report_message(domain \\ "remote.instance") do + defp build_report_message do %{ - "actor" => "https://#{domain}/users/bob", + "actor" => "https://remote.instance/users/bob", "type" => "Flag" } end @@ -143,7 +143,7 @@ defp build_report_message(domain \\ "remote.instance") do describe "when :federated_timeline_removal" do test "is empty" do clear_config([:mrf_simple, :federated_timeline_removal], []) - {_, ftl_message} = build_ftl_actor_and_message("https://remote.instance/users/bob") + {_, ftl_message} = build_ftl_actor_and_message() local_message = build_local_message() assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message} @@ -151,7 +151,7 @@ test "is empty" do end test "has a matching host" do - {actor, ftl_message} = build_ftl_actor_and_message("https://remote.instance/users/bob") + {actor, ftl_message} = build_ftl_actor_and_message() ftl_message_actor_host = ftl_message @@ -172,7 +172,7 @@ test "has a matching host" do end test "match with wildcard domain" do - {actor, ftl_message} = build_ftl_actor_and_message("https://sub.remote.instance/users/bob") + {actor, ftl_message} = build_ftl_actor_and_message() ftl_message_actor_host = ftl_message @@ -181,7 +181,7 @@ test "match with wildcard domain" do |> Map.fetch!(:host) clear_config([:mrf_simple, :federated_timeline_removal], [ - {ftl_message_actor_host, "owo"} + {"*." <> ftl_message_actor_host, "owo"} ]) local_message = build_local_message() @@ -196,7 +196,7 @@ test "match with wildcard domain" do end test "has a matching host but only as:Public in to" do - {_actor, ftl_message} = build_ftl_actor_and_message("https://remote.instance/users/bob") + {_actor, ftl_message} = build_ftl_actor_and_message() ftl_message_actor_host = ftl_message @@ -253,8 +253,8 @@ test "obfuscates domains listed in :transparency_obfuscate_domains" do end end - defp build_ftl_actor_and_message(ap_id) do - actor = insert(:user, ap_id: ap_id) + defp build_ftl_actor_and_message do + actor = insert(:user) {actor, %{ @@ -282,9 +282,9 @@ test "activity has a matching host" do end test "activity matches with wildcard domain" do - clear_config([:mrf_simple, :reject], [{"remote.instance", ""}]) + clear_config([:mrf_simple, :reject], [{"*.remote.instance", ""}]) - remote_message = build_remote_message("sub.remote.instance") + remote_message = build_remote_message() assert {:reject, _} = SimplePolicy.filter(remote_message) end @@ -325,7 +325,7 @@ test "reject by URI object" do describe "when :followers_only" do test "is empty" do clear_config([:mrf_simple, :followers_only], []) - {_, ftl_message} = build_ftl_actor_and_message("https://remote.instance/users/alice") + {_, ftl_message} = build_ftl_actor_and_message() local_message = build_local_message() assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message} @@ -412,10 +412,10 @@ test "activity has a matching host" do end test "activity matches with wildcard domain" do - clear_config([:mrf_simple, :accept], [{"remote.instance", ""}]) + clear_config([:mrf_simple, :accept], [{"*.remote.instance", ""}]) local_message = build_local_message() - remote_message = build_remote_message("sub.remote.instance") + remote_message = build_remote_message() assert SimplePolicy.filter(local_message) == {:ok, local_message} assert SimplePolicy.filter(remote_message) == {:ok, remote_message} @@ -457,9 +457,9 @@ test "has a matching host" do end test "match with wildcard domain" do - clear_config([:mrf_simple, :avatar_removal], [{"remote.instance", ""}]) + clear_config([:mrf_simple, :avatar_removal], [{"*.remote.instance", ""}]) - remote_user = build_remote_user("sub.remote.instance") + remote_user = build_remote_user() {:ok, filtered} = SimplePolicy.filter(remote_user) refute filtered["icon"] @@ -493,9 +493,9 @@ test "has a matching host" do end test "match with wildcard domain" do - clear_config([:mrf_simple, :banner_removal], [{"remote.instance", ""}]) + clear_config([:mrf_simple, :banner_removal], [{"*.remote.instance", ""}]) - remote_user = build_remote_user("sub.remote.instance") + remote_user = build_remote_user() {:ok, filtered} = SimplePolicy.filter(remote_user) refute filtered["image"] @@ -553,10 +553,10 @@ test "it rejects the deletion" do end describe "when :reject_deletes match with wildcard domain" do - setup do: clear_config([:mrf_simple, :reject_deletes], [{"remote.instance", ""}]) + setup do: clear_config([:mrf_simple, :reject_deletes], [{"*.remote.instance", ""}]) test "it rejects the deletion" do - deletion_message = build_remote_deletion_message("sub.remote.instance") + deletion_message = build_remote_deletion_message() assert {:reject, _} = SimplePolicy.filter(deletion_message) end @@ -570,13 +570,13 @@ defp build_local_message do } end - defp build_remote_message(domain \\ "remote.instance") do - %{"actor" => "https://#{domain}/users/bob"} + defp build_remote_message do + %{"actor" => "https://remote.instance/users/bob"} end - defp build_remote_user(domain \\ "remote.instance") do + defp build_remote_user do %{ - "id" => "https://#{domain}/users/bob", + "id" => "https://remote.instance/users/bob", "icon" => %{ "url" => "http://example.com/image.jpg", "type" => "Image" @@ -589,10 +589,10 @@ defp build_remote_user(domain \\ "remote.instance") do } end - defp build_remote_deletion_message(domain \\ "remote.instance") do + defp build_remote_deletion_message do %{ "type" => "Delete", - "actor" => "https://#{domain}/users/bob" + "actor" => "https://remote.instance/users/bob" } end end diff --git a/test/pleroma/web/activity_pub/mrf_test.exs b/test/pleroma/web/activity_pub/mrf_test.exs index ec4dab30f..f04c69afb 100644 --- a/test/pleroma/web/activity_pub/mrf_test.exs +++ b/test/pleroma/web/activity_pub/mrf_test.exs @@ -10,7 +10,7 @@ defmodule Pleroma.Web.ActivityPub.MRFTest do test "subdomains_regex/1" do assert MRF.subdomains_regex(["unsafe.tld", "*.unsafe.tld"]) == [ ~r/^(.+\.)?unsafe\.tld$/i, - ~r/^(.+\.)?\*\.unsafe\.tld$/i + ~r/^(.+\.)?unsafe\.tld$/i ] end