From 841314c2d504ad108f6a85713546b188096ad735 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 14 Jul 2019 17:49:12 +0000 Subject: [PATCH] tests: fix object containment violations in the transmogrifier tests Some objects were not completely rewritten in the tests, which caused object containment violations. Fix them by rewriting the object IDs to be in an appropriate namespace. --- CHANGELOG.md | 4 ++++ test/web/activity_pub/transmogrifier_test.exs | 2 ++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0cec3bf5c..e7d7e0ef5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -42,6 +42,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Admin API: changed json structure for saving config settings. - RichMedia: parsers and their order are configured in `rich_media` config. +## [1.0.1] - 2019-07-14 +### Security +- OStatus: fix an object spoofing vulnerability. + ## [1.0.0] - 2019-06-29 ### Security - Mastodon API: Fix display names not being sanitized diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index b896a532b..cabe925f9 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -416,6 +416,7 @@ test "it ensures that as:Public activities make it to their followers collection |> Map.put("attributedTo", user.ap_id) |> Map.put("to", ["https://www.w3.org/ns/activitystreams#Public"]) |> Map.put("cc", []) + |> Map.put("id", user.ap_id <> "/activities/12345678") data = Map.put(data, "object", object) @@ -439,6 +440,7 @@ test "it ensures that address fields become lists" do |> Map.put("attributedTo", user.ap_id) |> Map.put("to", nil) |> Map.put("cc", nil) + |> Map.put("id", user.ap_id <> "/activities/12345678") data = Map.put(data, "object", object)