Add block datetime mrf patch

2023-01-06 21:12:46 +01:00 · 2023-01-06 21:12:46 +01:00 · d4db7e1a8b
commit d4db7e1a8b
parent 45cc05f3a2
4 changed files with 209 additions and 52 deletions
--- a/akkoma/akkoma.patch
+++ b/akkoma/akkoma.patch
@ -854,54 +854,3 @@ index 000000000..f3894c8ae
 +  end
 +
 +end
 diff --git a/lib/pleroma/web/activity_pub/mrf/require_image_description.ex b/lib/pleroma/web/activity_pub/mrf/require_image_description.ex
 new file mode 100644
 index 000000000..67390e613
 --- /dev/null
 +++ b/lib/pleroma/web/activity_pub/mrf/require_image_description.ex
@@ -0,0 +1,45 @@
 +defmodule Pleroma.Web.ActivityPub.MRF.RequireImageDescription do
 +  @moduledoc "MRF policy which removes media without image description"
 +  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
 +
 +  def is_valid_attachment(
 +    %{"name" => name} = _
 +  ), do: is_binary(name) and !String.equivalent?(name, "")
 +  def is_valid_attachment(_), do: false
 +
 +  def mark_sensitive(object) do
 +    object |> Map.put("sensitive", true)
 +    object
 +  end
 +
 +  def correct_attachment(object) do
 +    if is_valid_attachment(object) do
 +      object
 +    else
 +      mark_sensitive(object)
 +    end
 +  end
 +
 +  @impl true
 +  def filter(
 +    %{"type" => "Create", "object" => %{"attachment" => attachments} = object } = message
 +  ) when is_list(attachments) and length(attachments) > 0 do
 +    if attachments |> Enum.all?(fn(attach) -> is_valid_attachment(attach) end) do
 +      {:ok, message}
 +    else
 +      attachments = attachments |> Enum.map(fn v -> correct_attachment(v) end)
 +      object = object |> Map.update("summary", "Missing media descriptions", fn v -> v <> "; Missing media descriptions" end)
 +                      |> Map.put("attachment", attachments)
 +      message = message |> Map.put("object", object)
 +      {:ok, message}
 +    end
 +  end
 +
 +  @impl true
 +  def filter(message), do: {:ok, message}
 +
 +  @impl true
 +  def describe do
 +    {:ok, %{mrf_sample: %{content: "<br/><emph>This post contained media without content description. Offending media has been removed from this post.</emph>"}}}
 +  end
 +end
--- a/akkoma/block-invalid-datetime-mrf.patch
+++ b/akkoma/block-invalid-datetime-mrf.patch
@ -0,0 +1,152 @@
 diff --git a/lib/pleroma/web/activity_pub/mrf/block-invalid-datetime.ex b/lib/pleroma/web/activity_pub/mrf/block-invalid-datetime.ex
 new file mode 100644
 index 000000000..114a0c112
 --- /dev/null
 +++ b/lib/pleroma/web/activity_pub/mrf/block-invalid-datetime.ex
@@ -0,0 +1,51 @@
 +defmodule Pleroma.Web.ActivityPub.MRF.BlockInvalidDatetime do
 +  alias Pleroma.Web.CommonAPI
 +  alias Pleroma.User
 +
 +  @moduledoc "Reports posts which have invalid datetime"
 +
 +  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
 +
 +  def invalid_publish_date?(dt) do
 +    # Only support publish dates back to 1583; ISO8601  only officially supports dates this far back
 +    # And not past 9999 this may also cause issues lol
 +    dt |> DateTime.compare(~U[1583-01-01 00:00:00Z]) == :lt ||
 +      dt |> DateTime.compare(~U[9999-12-31 23:59:59Z]) == :gt
 +  end
 +
 +  @impl true
 +  def filter(%{"published" => publish_ts, "actor" => actor} = message) do
 +    is_valid =
 +      case DateTime.from_iso8601(publish_ts) do
 +        {:ok, dt, _} -> not invalid_publish_date?(dt)
 +        {:error, _} -> false
 +      end
 +
 +    message =
 +      if not is_valid do
 +        admin_user = User.get_cached_by_ap_id("https://akko.chir.rs/users/charlotte")
 +        actor = User.get_cached_by_ap_id(actor)
 +
 +        if admin_user != nil && actor != nil do
 +          # File a report
 +          CommonAPI.report(admin_user, %{
 +            :account_id => actor.id,
 +            :comment =>
 +              "Received potentially dangerous forged publish date in message: \n" <>
 +                inspect(message)
 +          })
 +        end
 +
 +        # “fix” the publish date
 +        {:ok, message |> Map.put("published", "1583-01-01T00:00:00Z")}
 +      else
 +        {:ok, message}
 +      end
 +  end
 +
 +  @impl true
 +  def filter(message), do: {:ok, message}
 +
 +  @impl true
 +  def describe, do: {:ok, %{}}
 +end
 diff --git a/test/pleroma/web/activity_pub/mrf/block_invalid_datetime_test.exs b/test/pleroma/web/activity_pub/mrf/block_invalid_datetime_test.exs
 new file mode 100644
 index 000000000..a079cb624
 --- /dev/null
 +++ b/test/pleroma/web/activity_pub/mrf/block_invalid_datetime_test.exs
@@ -0,0 +1,89 @@
 +defmodule Pleroma.Web.ActivityPub.MRF.BlockInvalidDatetimeTest do
 +  alias Pleroma.Web.ActivityPub.MRF.BlockInvalidDatetime
 +  use Pleroma.DataCase
 +
 +  test "doesn’t mangle post regular dates" do
 +    originalPublished = "1970-01-01T00:00:00Z"
 +
 +    activity = %{
 +      "type" => "Create",
 +      "published" => originalPublished,
 +      "actor" => "https://example.com/users/alex",
 +      "object" => %{
 +        "type" => "Note",
 +        "content" => "<p>Nice post</p>"
 +      }
 +    }
 +
 +    {:ok, %{"published" => published}} = BlockInvalidDatetime.filter(activity)
 +    assert published == originalPublished
 +  end
 +
 +  test "mangles forged past post dates" do
 +    originalPublished = "621-01-01T00:00:00Z"
 +
 +    activity = %{
 +      "type" => "Create",
 +      "published" => originalPublished,
 +      "actor" => "https://example.com/users/alex",
 +      "object" => %{
 +        "type" => "Note",
 +        "content" => "<p>Nice post</p>"
 +      }
 +    }
 +
 +    {:ok, %{"published" => published}} = BlockInvalidDatetime.filter(activity)
 +    assert published != originalPublished
 +  end
 +
 +  test "mangles forged BCE post dates" do
 +    originalPublished = "-621-01-01T00:00:00Z"
 +
 +    activity = %{
 +      "type" => "Create",
 +      "published" => originalPublished,
 +      "actor" => "https://example.com/users/alex",
 +      "object" => %{
 +        "type" => "Note",
 +        "content" => "<p>Nice post</p>"
 +      }
 +    }
 +
 +    {:ok, %{"published" => published}} = BlockInvalidDatetime.filter(activity)
 +    assert published != originalPublished
 +  end
 +
 +  test "mangles forged post-y10k post dates" do
 +    originalPublished = "10000-01-01T00:00:00Z"
 +
 +    activity = %{
 +      "type" => "Create",
 +      "published" => originalPublished,
 +      "actor" => "https://example.com/users/alex",
 +      "object" => %{
 +        "type" => "Note",
 +        "content" => "<p>Nice post</p>"
 +      }
 +    }
 +
 +    {:ok, %{"published" => published}} = BlockInvalidDatetime.filter(activity)
 +    assert published != originalPublished
 +  end
 +
 +  test "mangles invalid post dates" do
 +    originalPublished = "owo what’s this"
 +
 +    activity = %{
 +      "type" => "Create",
 +      "published" => originalPublished,
 +      "actor" => "https://example.com/users/alex",
 +      "object" => %{
 +        "type" => "Note",
 +        "content" => "<p>Nice post</p>"
 +      }
 +    }
 +
 +    {:ok, %{"published" => published}} = BlockInvalidDatetime.filter(activity)
 +    assert published != originalPublished
 +  end
 +end
--- a/akkoma/default.nix
+++ b/akkoma/default.nix
@ -20,7 +20,12 @@
      repo = "akkoma";
      inherit (source) rev sha256;
    };
-    patches = [./akkoma.patch ./jxl-polyfill.patch];
+    patches = [
      ./akkoma.patch
      ./jxl-polyfill.patch
      ./block-invalid-datetime-mrf.patch
      ./require-image-description.patch
    ];
  };
 in
  beamPackages.mixRelease rec {
--- a/akkoma/require-image-description.patch
+++ b/akkoma/require-image-description.patch
@ -0,0 +1,51 @@
 diff --git a/lib/pleroma/web/activity_pub/mrf/require_image_description.ex b/lib/pleroma/web/activity_pub/mrf/require_image_description.ex
 new file mode 100644
 index 000000000..67390e613
 --- /dev/null
 +++ b/lib/pleroma/web/activity_pub/mrf/require_image_description.ex
@@ -0,0 +1,45 @@
 +defmodule Pleroma.Web.ActivityPub.MRF.RequireImageDescription do
 +  @moduledoc "MRF policy which removes media without image description"
 +  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
 +
 +  def is_valid_attachment(
 +    %{"name" => name} = _
 +  ), do: is_binary(name) and !String.equivalent?(name, "")
 +  def is_valid_attachment(_), do: false
 +
 +  def mark_sensitive(object) do
 +    object |> Map.put("sensitive", true)
 +    object
 +  end
 +
 +  def correct_attachment(object) do
 +    if is_valid_attachment(object) do
 +      object
 +    else
 +      mark_sensitive(object)
 +    end
 +  end
 +
 +  @impl true
 +  def filter(
 +    %{"type" => "Create", "object" => %{"attachment" => attachments} = object } = message
 +  ) when is_list(attachments) and length(attachments) > 0 do
 +    if attachments |> Enum.all?(fn(attach) -> is_valid_attachment(attach) end) do
 +      {:ok, message}
 +    else
 +      attachments = attachments |> Enum.map(fn v -> correct_attachment(v) end)
 +      object = object |> Map.update("summary", "Missing media descriptions", fn v -> v <> "; Missing media descriptions" end)
 +                      |> Map.put("attachment", attachments)
 +      message = message |> Map.put("object", object)
 +      {:ok, message}
 +    end
 +  end
 +
 +  @impl true
 +  def filter(message), do: {:ok, message}
 +
 +  @impl true
 +  def describe do
 +    {:ok, %{mrf_sample: %{content: "<br/><emph>This post contained media without content description. Offending media has been removed from this post.</emph>"}}}
 +  end
 +end