diff options
| author | kaniini <nenolod@gmail.com> | 2018-12-29 11:46:06 +0000 |
|---|---|---|
| committer | kaniini <nenolod@gmail.com> | 2018-12-29 11:46:06 +0000 |
| commit | 3dc5f04976293fbcedfc01281f89c4f54c995d59 (patch) | |
| tree | a5f7fc71bdd0e9a77874d56b8034c7c181883d97 | |
| parent | dd8f2196f62ab4d4cdec67bdb2b434a317a3f396 (diff) | |
| parent | 9c782e59ddac5fa01cd5b2517f282b283f01bc1d (diff) | |
| download | pleroma-3dc5f04976293fbcedfc01281f89c4f54c995d59.tar.gz | |
Merge branch 'carrot-bullying' into 'develop'
Add some hard limits on inserted activities.
See merge request pleroma/pleroma!595
| -rw-r--r-- | config/config.exs | 3 | ||||
| -rw-r--r-- | docs/config.md | 1 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 8 | ||||
| -rw-r--r-- | test/web/activity_pub/activity_pub_test.exs | 18 |
4 files changed, 29 insertions, 1 deletions
diff --git a/config/config.exs b/config/config.exs index 1983b31ab..90e3a4aec 100644 --- a/config/config.exs +++ b/config/config.exs @@ -98,7 +98,8 @@ config :pleroma, :instance, name: "Pleroma", email: "example@example.com", description: "A Pleroma instance, an alternative fediverse server", - limit: 5000, + limit: 5_000, + remote_limit: 100_000, upload_limit: 16_000_000, avatar_upload_limit: 2_000_000, background_upload_limit: 4_000_000, diff --git a/docs/config.md b/docs/config.md index 728916f82..0aeaf934e 100644 --- a/docs/config.md +++ b/docs/config.md @@ -63,6 +63,7 @@ config :pleroma, Pleroma.Mailer, * `email`: Email used to reach an Administrator/Moderator of the instance * `description`: The instance’s description, can be seen in nodeinfo and ``/api/v1/instance`` * `limit`: Posts character limit (CW/Subject included in the counter) +* `remote_limit`: Hard character limit beyond which remote posts will be dropped. * `upload_limit`: File size limit of uploads (except for avatar, background, banner) * `avatar_upload_limit`: File size limit of user’s profile avatars * `background_upload_limit`: File size limit of user’s profile backgrounds diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 2d4cc9f68..167471b7b 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -56,10 +56,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end + defp check_remote_limit(%{"object" => %{"content" => content}}) do + limit = Pleroma.Config.get([:instance, :remote_limit]) + String.length(content) <= limit + end + + defp check_remote_limit(_), do: true + def insert(map, local \\ true) when is_map(map) do with nil <- Activity.normalize(map), map <- lazy_put_activity_defaults(map), :ok <- check_actor_is_active(map["actor"]), + {_, true} <- {:remote_limit_error, check_remote_limit(map)}, {:ok, map} <- MRF.filter(map), :ok <- insert_full_object(map) do {recipients, _, _} = get_recipients(map) diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 7bccd7500..2453998ad 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -31,6 +31,24 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do end describe "insertion" do + test "drops activities beyond a certain limit" do + limit = Pleroma.Config.get([:instance, :remote_limit]) + + random_text = + :crypto.strong_rand_bytes(limit + 1) + |> Base.encode64() + |> binary_part(0, limit + 1) + + data = %{ + "ok" => true, + "object" => %{ + "content" => random_text + } + } + + assert {:error, {:remote_limit_error, _}} = ActivityPub.insert(data) + end + test "returns the activity if one with the same id is already in" do activity = insert(:note_activity) {:ok, new_activity} = ActivityPub.insert(activity.data) |