itepechi/akkoma
1
0
Fork 0
Code Issues Pull requests Releases Activity
akkoma/test/pleroma
History
Oneric 8243fc0ef4 federation: strip internal fields from incoming updates and history 
When note editing support was added, it was omitted to strip internal
fields from edited notes and their history.

This was uncovered due to Mastodon inlining the like count as a "likes"
collection conflicting with our internal "likes" list causing validation
failures. In a spot check with likes/like_count it was not possible to
inject those internal fields into the local db via Update, but this
was not extensively tested for all fields and avenues.

Similarly address normalisation did not normalise addressing in the
object history, although this was never at risk of being exploitable.

The revision history of the Pleroma MR adding edit support reveals
recusrive stripping was intentionally avoided, since it will end up
removing e.g. emoji from outgoing activities. This appears to still
be true. However, all current internal fields ("pleroma_interal"
appears to be unused) contain data already publicised otherwise anyway.
In the interest of fixing a federation bug (and at worst potential data
injection) quickly outgoing stripping is left non-recursive for now.

Of course the ultimate fix here is to not mix remote and internal data
into the same map in the first place, but unfortunately having a single
map of all truth is a core assumption of *oma's AP doc processing.
Changing this is a masive undertaking and not suitable for providing
a short-term fix.
2025-02-21 19:37:27 +01:00
..
activity Prune old Update activities 2024-02-17 16:57:40 +01:00
akkoma Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
collections Only allow exact id matches 2024-03-25 14:05:05 -01:00
config Rename StripLocation to StripMetadata for temporal-proofing reasons 2024-04-16 20:37:00 +02:00
conversation fix flaky participation_test.exs 2022-10-23 12:33:31 +02:00
docs backend-i18n (#121) 2022-07-27 21:56:59 +00:00
ecto_type/activity_pub/object_validators Pipeline Ingestion: Note 2021-04-05 19:19:11 +02:00
emails Correct email links to be absolute URLs 2023-11-02 11:49:03 +00:00
emoji allow for OTP code changes in :zip 2024-10-30 14:43:18 +00:00
http Add pool timeouts 2024-06-09 17:20:29 +01:00
instances Don't mess with the cache on metadata update 2022-11-08 10:39:01 +00:00
integration Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
mfa Put matchers in matchers subpackage 2023-08-06 15:53:04 +01:00
migration_helper purge chat and shout endpoints 2022-07-21 11:29:28 +01:00
object Merge remote-tracking branch 'oneric/varfixes' into develop 2024-10-30 15:15:00 +00:00
password Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
repo/migrations Another keyword.equal? check 2023-08-06 16:36:18 +01:00
search Raise minimum PostgreSQL version to 12 2024-06-07 16:21:09 +02:00
translators Add MRFs for direct message manipulation 2023-05-22 23:53:44 +01:00
upload strip_metadata: skip BMP files 2024-06-27 18:29:45 +02:00
uploaders Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
user Add tests for SigninKey module 2025-02-14 22:10:25 +01:00
web federation: strip internal fields from incoming updates and history 2025-02-21 19:37:27 +01:00
workers Protected against counterfeit local docs being posted 2025-02-14 22:10:25 +01:00
activity_test.exs meilisearch: respect meili’s result ranking 2024-05-29 23:17:27 +00:00
announcement_read_relationship_test.exs Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop' (#85) 2022-07-18 13:08:36 +00:00
announcement_test.exs Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop' (#85) 2022-07-18 13:08:36 +00:00
application_requirements_test.exs Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
bookmark_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
captcha_test.exs Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
config_db_test.exs Remove proxy_remote vestiges 2024-06-16 01:21:52 +02:00
config_test.exs Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
conversation_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
emoji_test.exs Fix emoji qualification (#124) 2022-07-28 12:02:36 +00:00
filter_test.exs support for expires_in/expires_at in filters 2021-01-26 08:27:45 +03:00
following_relationship_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
formatter_test.exs CI: Bump lint stage to elixir-1.12 2021-10-06 08:11:05 +02:00
frontend_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
hashtag_test.exs [#3213] Ignoring of blank elements from objects.data->tag. 2021-01-21 20:50:06 +03:00
healthcheck_test.exs Add unordered list equality matcher 2023-08-06 15:58:11 +01:00
html_test.exs Fix broken tests 2024-06-09 17:35:47 +01:00
http_test.exs Move rescue to the HTTP request itself 2024-06-04 14:30:16 +01:00
instances_test.exs Add Signed Fetch Statistics (#312) 2022-11-26 19:22:56 +00:00
iso639_test.exs add inbound language test 2023-01-11 15:42:13 +00:00
job_queue_monitor_test.exs Support elixir1.15 2023-08-03 17:44:09 +01:00
list_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
marker_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
mfa_test.exs argon2 password hashing (#406) 2022-12-30 02:46:58 +00:00
moderation_log_test.exs CI: Bump lint stage to elixir-1.12 2021-10-06 08:11:05 +02:00
notification_test.exs Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
object_test.exs Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
otp_version_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
pagination_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
password_test.exs argon2 password hashing (#406) 2022-12-30 02:46:58 +00:00
registration_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
repo_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
report_note_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
reverse_proxy_test.exs Sanitise Content-Type of media proxy URLs 2024-03-18 22:33:10 -01:00
runtime_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
safe_jsonb_set_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
scheduled_activity_test.exs Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
signature_test.exs signature: refetch key upon verification failure 2025-02-21 19:37:27 +01:00
stats_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
upload_test.exs Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
user_invite_token_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
user_note_test.exs Add user_note_test.exs. 2023-05-12 02:18:24 +00:00
user_relationship_test.exs Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
user_search_test.exs mix format 2024-10-26 05:05:48 +01:00
user_test.exs signature: drop unecessary round trip over user 2025-02-14 22:10:25 +01:00
utils_test.exs extend custom runtime system (#108) 2022-07-24 16:42:43 +00:00
xml_builder_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00