Fix handling of malformed ActivityPub payloads when URIs are nil (#7370)

* Fix handling of malformed ActivityPub payloads when URIs are nil

* Gracefully handle JSON-LD canonicalization failures
pull/7373/head
Eugen Rochko 2018-05-05 18:22:34 +02:00 committed by GitHub
parent 661f7e6d9d
commit c947e2e4c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 0 deletions

View File

@ -86,6 +86,8 @@ class ActivityPub::TagManager
end end
def local_uri?(uri) def local_uri?(uri)
return false if uri.nil?
uri = Addressable::URI.parse(uri) uri = Addressable::URI.parse(uri)
host = uri.normalized_host host = uri.normalized_host
host = "#{host}:#{uri.port}" if uri.port host = "#{host}:#{uri.port}" if uri.port
@ -99,6 +101,8 @@ class ActivityPub::TagManager
end end
def uri_to_resource(uri, klass) def uri_to_resource(uri, klass)
return if uri.nil?
if local_uri?(uri) if local_uri?(uri)
case klass.name case klass.name
when 'Account' when 'Account'

View File

@ -34,6 +34,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
end end
def trustworthy_attribution?(uri, attributed_to) def trustworthy_attribution?(uri, attributed_to)
return false if uri.nil? || attributed_to.nil?
Addressable::URI.parse(uri).normalized_host.casecmp(Addressable::URI.parse(attributed_to).normalized_host).zero? Addressable::URI.parse(uri).normalized_host.casecmp(Addressable::URI.parse(attributed_to).normalized_host).zero?
end end

View File

@ -45,5 +45,8 @@ class ActivityPub::ProcessCollectionService < BaseService
def verify_account! def verify_account!
@account = ActivityPub::LinkedDataSignature.new(@json).verify_account! @account = ActivityPub::LinkedDataSignature.new(@json).verify_account!
rescue JSON::LD::JsonLdError => e
Rails.logger.debug "Could not verify LD-Signature for #{value_or_id(@json['actor'])}: #{e.message}"
nil
end end
end end