diff options
| author | lain <lain@soykaf.club> | 2018-12-26 12:39:35 +0100 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2018-12-26 12:39:35 +0100 |
| commit | 5811e65e67591b06238de66470c03744e0d83e2d (patch) | |
| tree | 2fa0c03884b8fb2437f0721a7283dd3f75ed5c80 | |
| parent | 922abcda61298a7bca48894cb9a51a52fdeab1ed (diff) | |
| download | pleroma-5811e65e67591b06238de66470c03744e0d83e2d.tar.gz | |
Add some hard limits on inserted activities.
| -rw-r--r-- | config/config.exs | 3 | ||||
| -rw-r--r-- | docs/config.md | 1 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 8 | ||||
| -rw-r--r-- | test/web/activity_pub/activity_pub_test.exs | 18 |
4 files changed, 29 insertions, 1 deletions
diff --git a/config/config.exs b/config/config.exs index 4b8762761..82e7d8121 100644 --- a/config/config.exs +++ b/config/config.exs @@ -98,7 +98,8 @@ config :pleroma, :instance, name: "Pleroma", email: "example@example.com", description: "A Pleroma instance, an alternative fediverse server", - limit: 5000, + limit: 5_000, + remote_limit: 10_000, upload_limit: 16_000_000, avatar_upload_limit: 2_000_000, background_upload_limit: 4_000_000, diff --git a/docs/config.md b/docs/config.md index 728916f82..0aeaf934e 100644 --- a/docs/config.md +++ b/docs/config.md @@ -63,6 +63,7 @@ config :pleroma, Pleroma.Mailer, * `email`: Email used to reach an Administrator/Moderator of the instance * `description`: The instance’s description, can be seen in nodeinfo and ``/api/v1/instance`` * `limit`: Posts character limit (CW/Subject included in the counter) +* `remote_limit`: Hard character limit beyond which remote posts will be dropped. * `upload_limit`: File size limit of uploads (except for avatar, background, banner) * `avatar_upload_limit`: File size limit of user’s profile avatars * `background_upload_limit`: File size limit of user’s profile backgrounds diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 188060780..8b2f764e4 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -56,10 +56,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end + defp check_remote_limit(%{"object" => %{"content" => content}}) do + limit = Pleroma.Config.get([:instance, :remote_limit]) + String.length(content) <= limit + end + + defp check_remote_limit(_), do: true + def insert(map, local \\ true) when is_map(map) do with nil <- Activity.normalize(map), map <- lazy_put_activity_defaults(map), :ok <- check_actor_is_active(map["actor"]), + {_, true} <- {:remote_limit_error, check_remote_limit(map)}, {:ok, map} <- MRF.filter(map), :ok <- insert_full_object(map) do {recipients, _, _} = get_recipients(map) diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 4f6b7f058..f7c7c6242 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -31,6 +31,24 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do end describe "insertion" do + test "drops activities beyond a certain limit" do + limit = Pleroma.Config.get([:instance, :remote_limit]) + + random_text = + :crypto.strong_rand_bytes(limit + 1) + |> Base.encode64() + |> binary_part(0, limit + 1) + + data = %{ + "ok" => true, + "object" => %{ + "content" => random_text + } + } + + assert {:error, {:remote_limit_error, _}} = ActivityPub.insert(data) + end + test "returns the activity if one with the same id is already in" do activity = insert(:note_activity) {:ok, new_activity} = ActivityPub.insert(activity.data) |