From 5b60d82592e3fd19646add354de4cde903abf38c Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Fri, 8 Nov 2019 14:51:28 -0600 Subject: [PATCH] object containment: handle all cases where ID is invalid (missing, nil, non-string) --- lib/pleroma/object/containment.ex | 6 +++--- test/object/containment_test.exs | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/object/containment.ex b/lib/pleroma/object/containment.ex index 68535c09e..a1f9c1250 100644 --- a/lib/pleroma/object/containment.ex +++ b/lib/pleroma/object/containment.ex @@ -64,15 +64,15 @@ def contain_origin(id, %{"actor" => _actor} = params) do def contain_origin(id, %{"attributedTo" => actor} = params), do: contain_origin(id, Map.put(params, "actor", actor)) - def contain_origin_from_id(_id, %{"id" => nil}), do: :error - - def contain_origin_from_id(id, %{"id" => other_id} = _params) do + def contain_origin_from_id(id, %{"id" => other_id} = _params) when is_binary(other_id) do id_uri = URI.parse(id) other_uri = URI.parse(other_id) compare_uris(id_uri, other_uri) end + def contain_origin_from_id(_id, _data), do: :error + def contain_child(%{"object" => %{"id" => id, "attributedTo" => _} = object}), do: contain_origin(id, object) diff --git a/test/object/containment_test.exs b/test/object/containment_test.exs index 0dc2728b9..71fe5204c 100644 --- a/test/object/containment_test.exs +++ b/test/object/containment_test.exs @@ -67,6 +67,20 @@ test "users cannot be collided through fake direction spoofing attempts" do end) =~ "[error] Could not decode user at fetch https://n1u.moe/users/rye" end + + test "contain_origin_from_id() gracefully handles cases where no ID is present" do + data = %{ + "type" => "Create", + "object" => %{ + "id" => "http://example.net/~alyssa/activities/1234", + "attributedTo" => "http://example.org/~alyssa" + }, + "actor" => "http://example.com/~bob" + } + + :error = + Containment.contain_origin_from_id("http://example.net/~alyssa/activities/1234", data) + end end describe "containment of children" do