From eb170003b81504ba6eb85f950c223dc9eaf1cfca Mon Sep 17 00:00:00 2001
From: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
Date: Thu, 30 Nov 2023 16:22:34 +0000
Subject: [bugfix] return 400 Bad Request on more cases of malformed AS data
 (#2399)

---
 internal/federation/federatingactor.go | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

(limited to 'internal/federation/federatingactor.go')

diff --git a/internal/federation/federatingactor.go b/internal/federation/federatingactor.go
index 774fa30af..81f3c3281 100644
--- a/internal/federation/federatingactor.go
+++ b/internal/federation/federatingactor.go
@@ -200,13 +200,18 @@ func (f *federatingActor) PostInboxScheme(ctx context.Context, w http.ResponseWr
 	//
 	// Post the activity to the Actor's inbox and trigger side effects .
 	if err := f.sideEffectActor.PostInbox(ctx, inboxID, activity); err != nil {
-		// Special case: We know it is a bad request if the object or
-		// target properties needed to be populated, but weren't.
+		// Special case: We know it is a bad request if the object or target
+		// props needed to be populated, or we failed parsing activity details.
 		// Send the rejection to the peer.
-		if errors.Is(err, pub.ErrObjectRequired) || errors.Is(err, pub.ErrTargetRequired) {
-			// Log the original error but return something a bit more generic.
-			log.Warnf(ctx, "malformed incoming activity: %v", err)
-			const text = "malformed activity: missing Object and / or Target"
+		if errors.Is(err, pub.ErrObjectRequired) ||
+			errors.Is(err, pub.ErrTargetRequired) ||
+			gtserror.IsMalformed(err) {
+
+			// Log malformed activities to help debug.
+			l = l.WithField("activity", activity)
+			l.Warnf("malformed incoming activity: %v", err)
+
+			const text = "malformed incoming activity"
 			return false, gtserror.NewErrorBadRequest(errors.New(text), text)
 		}
 
@@ -234,7 +239,7 @@ func (f *federatingActor) PostInboxScheme(ctx context.Context, w http.ResponseWr
 		// This check may be removed when the `Exists()` func
 		// is updated, and/or federating callbacks are handled
 		// properly.
-		if !errorsv2.Comparable(
+		if !errorsv2.IsV2(
 			err,
 			db.ErrAlreadyExists,
 			db.ErrNoEntries,
-- 
cgit v1.2.3