diff options
| author | William Pitcock <nenolod@dereferenced.org> | 2018-11-17 18:24:58 +0000 |
|---|---|---|
| committer | William Pitcock <nenolod@dereferenced.org> | 2018-11-17 18:25:32 +0000 |
| commit | b483ae0a724a2b76e8c61f63a96d7867339dacb1 (patch) | |
| tree | 2f1bfbc9e90fce24707eda378c566c6554603e58 | |
| parent | 603fccf175bd6f0d80cc52d0766b0208d2309790 (diff) | |
| download | pleroma-b483ae0a724a2b76e8c61f63a96d7867339dacb1.tar.gz | |
tests: add a second spoofing variant
| -rw-r--r-- | test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json | 13 | ||||
| -rw-r--r-- | test/support/httpoison_mock.ex | 8 | ||||
| -rw-r--r-- | test/web/activity_pub/transmogrifier_test.exs | 21 |
3 files changed, 40 insertions, 2 deletions
diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json new file mode 100644 index 000000000..1df73f2c5 --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json @@ -0,0 +1,13 @@ +{ + "@context": "https://www.w3.org/ns/activitystreams", + "attributedTo": "http://mastodon.example.org/users/admin", + "attachment": [], + "content": "<p>this post was not actually written by Haelwenn</p>", + "id": "https://info.pleroma.site/activity2.json", + "published": "2018-09-01T22:15:00Z", + "tag": [], + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "type": "Note" +} diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex index 2ea10910e..ebd1e9c4d 100644 --- a/test/support/httpoison_mock.ex +++ b/test/support/httpoison_mock.ex @@ -48,6 +48,14 @@ defmodule HTTPoisonMock do }} end + def get("https://info.pleroma.site/activity3.json", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json") + }} + end + def get("https://info.pleroma.site/actor.json", _, _) do {:ok, %Response{ diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index e5308d125..6320b5b6e 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -884,11 +884,11 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do :error = Transmogrifier.handle_incoming(data) end - test "it rejects objects when the ID does not match the fetched URI" do + test "it rejects objects when attributedTo is wrong (variant 1)" do {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json") end - test "it rejects activities which reference objects by mismatched URI" do + test "it rejects activities which reference objects that have an incorrect attribution (variant 1)" do data = %{ "@context" => "https://www.w3.org/ns/activitystreams", "id" => "http://mastodon.example.org/users/admin/activities/1234", @@ -900,5 +900,22 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do :error = Transmogrifier.handle_incoming(data) end + + test "it rejects objects when attributedTo is wrong (variant 2)" do + {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity3.json") + end + + test "it rejects activities which reference objects that have an incorrect attribution (variant 2)" do + data = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "id" => "http://mastodon.example.org/users/admin/activities/1234", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "object" => "https://info.pleroma.site/activity3.json", + "type" => "Announce" + } + + :error = Transmogrifier.handle_incoming(data) + end end end |