transmogrifier: reject activities lacking a valid ID

author: William Pitcock <nenolod@dereferenced.org> 2018-08-23 01:23:02 +0000
committer: William Pitcock <nenolod@dereferenced.org> 2018-08-23 01:25:26 +0000
commit: 52b44184b40930a4ca7b4dc463631d7439feb726 (patch)
tree: a06412523fc1b6f6f955295ace974391c371a7a7 /lib
parent: d5bdd55b5d70b44bfd409f5f6942dea882e1c823 (diff)
download: pleroma-52b44184b40930a4ca7b4dc463631d7439feb726.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index 5e07d5ea9..1367bc7e3 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -177,6 +177,12 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
 
   def fix_content_map(object), do: object
 
+  # disallow objects with bogus IDs
+  def handle_incoming(%{"id" => nil}), do: :error
+  def handle_incoming(%{"id" => ""}), do: :error
+  # length of https:// = 8, should validate better, but good enough for now.
+  def handle_incoming(%{"id" => id}) when not (is_binary(id) and length(id) > 8), do: :error
+
   # TODO: validate those with a Ecto scheme
   # - tags
   # - emoji
author	William Pitcock <nenolod@dereferenced.org>	2018-08-23 01:23:02 +0000
committer	William Pitcock <nenolod@dereferenced.org>	2018-08-23 01:25:26 +0000
commit	52b44184b40930a4ca7b4dc463631d7439feb726 (patch)
tree	a06412523fc1b6f6f955295ace974391c371a7a7 /lib
parent	d5bdd55b5d70b44bfd409f5f6942dea882e1c823 (diff)
download	pleroma-52b44184b40930a4ca7b4dc463631d7439feb726.tar.gz