diff options
| author | Ariadne Conill <ariadne@dereferenced.org> | 2019-07-14 17:47:08 +0000 |
|---|---|---|
| committer | Ariadne Conill <ariadne@dereferenced.org> | 2019-07-14 17:47:08 +0000 |
| commit | 739bbe0d3bbe06ca9d634498ea5909f35fc5ad84 (patch) | |
| tree | 7be3db46ffca2240ba392c6ed1e359af53a60b00 /lib/pleroma/web | |
| parent | 93701c3399add8af2d4a5d43b6f171d84655a533 (diff) | |
| download | pleroma-739bbe0d3bbe06ca9d634498ea5909f35fc5ad84.tar.gz | |
security: detect object containment violations at the IR level
It is more efficient to check for object containment violations at the IR
level instead of in the protocol handlers. OStatus containment is especially
a tricky situation, as the containment rules don't match those of IR and
ActivityPub.
Accordingly, we just always do a final containment check at the IR level
before the object is added to the IR object graph.
Diffstat (limited to 'lib/pleroma/web')
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index a3174a787..87963b691 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do alias Pleroma.Conversation alias Pleroma.Notification alias Pleroma.Object + alias Pleroma.Object.Containment alias Pleroma.Object.Fetcher alias Pleroma.Pagination alias Pleroma.Repo @@ -126,6 +127,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do {:ok, map} <- MRF.filter(map), {recipients, _, _} = get_recipients(map), {:fake, false, map, recipients} <- {:fake, fake, map, recipients}, + :ok <- Containment.contain_child(map), {:ok, map, object} <- insert_full_object(map) do {:ok, activity} = Repo.insert(%Activity{ |