From 469da93678b3f738f65372d13dcd1ea7de390063 Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Mon, 23 May 2022 11:46:50 +0200 Subject: [security] Check all involved IRIs during block checking (#593) * tidy up context keys, add otherInvolvedIRIs * add ReplyToable interface * skip block check if we own the requesting domain * add block check for other involved IRIs * use cacheable status fetch * remove unused ContextActivity * remove unused ContextActivity * add helper for unique URIs * check through CCs and clean slice * add GetAccountIDForStatusURI * add GetAccountIDForAccountURI * check blocks on involved account * add statuses to tests * add some blocked tests * go fmt * extract Tos as well as CCs * test PostInboxRequestBodyHook * add some more testActivities * deduplicate involvedAccountIDs * go fmt * use cacheable db functions, remove new functions --- testrig/testmodels.go | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'testrig') diff --git a/testrig/testmodels.go b/testrig/testmodels.go index ef1c832d5..70ab293b9 100644 --- a/testrig/testmodels.go +++ b/testrig/testmodels.go @@ -1601,6 +1601,30 @@ func NewTestActivities(accounts map[string]*gtsmodel.Account) map[string]Activit dmForZork) createDmForZorkSig, createDmForZorkDigest, creatDmForZorkDate := GetSignatureForActivity(createDmForZork, accounts["remote_account_1"].PublicKeyURI, accounts["remote_account_1"].PrivateKey, URLMustParse(accounts["local_account_1"].InboxURI)) + replyToTurtle := NewAPNote( + URLMustParse("http://fossbros-anonymous.io/users/foss_satan/statuses/2f1195a6-5cb0-4475-adf5-92ab9a0147fe"), + URLMustParse("http://fossbros-anonymous.io/@foss_satan/2f1195a6-5cb0-4475-adf5-92ab9a0147fe"), + time.Now(), + "@1happyturtle@localhost:8080 u suck lol", + "", + URLMustParse("http://fossbros-anonymous.io/users/foss_satan"), + []*url.URL{URLMustParse("http://fossbros-anonymous.io/users/foss_satan/followers")}, + []*url.URL{URLMustParse("http://localhost:8080/users/1happyturtle")}, + false, + []vocab.ActivityStreamsMention{newAPMention( + URLMustParse("http://localhost:8080/users/1happyturtle"), + "@1happyturtle@localhost:8080", + )}, + nil, + ) + createReplyToTurtle := WrapAPNoteInCreate( + URLMustParse("http://fossbros-anonymous.io/users/foss_satan/statuses/2f1195a6-5cb0-4475-adf5-92ab9a0147fe"), + URLMustParse("http://fossbros-anonymous.io/users/foss_satan"), + time.Now(), + replyToTurtle) + createReplyToTurtleForZorkSig, createReplyToTurtleForZorkDigest, createReplyToTurtleForZorkDate := GetSignatureForActivity(createReplyToTurtle, accounts["remote_account_1"].PublicKeyURI, accounts["remote_account_1"].PrivateKey, URLMustParse(accounts["local_account_1"].InboxURI)) + createReplyToTurtleForTurtleSig, createReplyToTurtleForTurtleDigest, createReplyToTurtleForTurtleDate := GetSignatureForActivity(createReplyToTurtle, accounts["remote_account_1"].PublicKeyURI, accounts["remote_account_1"].PrivateKey, URLMustParse(accounts["local_account_2"].InboxURI)) + forwardedMessage := NewAPNote( URLMustParse("http://example.org/users/some_user/statuses/afaba698-5740-4e32-a702-af61aa543bc1"), URLMustParse("http://example.org/@some_user/afaba698-5740-4e32-a702-af61aa543bc1"), @@ -1628,6 +1652,18 @@ func NewTestActivities(accounts map[string]*gtsmodel.Account) map[string]Activit DigestHeader: createDmForZorkDigest, DateHeader: creatDmForZorkDate, }, + "reply_to_turtle_for_zork": { + Activity: createReplyToTurtle, + SignatureHeader: createReplyToTurtleForZorkSig, + DigestHeader: createReplyToTurtleForZorkDigest, + DateHeader: createReplyToTurtleForZorkDate, + }, + "reply_to_turtle_for_turtle": { + Activity: createReplyToTurtle, + SignatureHeader: createReplyToTurtleForTurtleSig, + DigestHeader: createReplyToTurtleForTurtleDigest, + DateHeader: createReplyToTurtleForTurtleDate, + }, "forwarded_message": { Activity: createForwardedMessage, SignatureHeader: createForwardedMessageSig, -- cgit v1.3