akkoma/test
Oneric 11ae8344eb Sanitise Content-Type of media proxy URLs
Just as with uploads and emoji before, this can otherwise be used
to place counterfeit AP objects or other malicious payloads.
In this case, even if we never assign a priviliged type to content,
the remote server can and until now we just mimcked whatever it told us.

Preview URLs already handle only specific, safe content types
and redirect to the external host for all else; thus no additional
sanitisiation is needed for them.

Non-previews are all delegated to the modified ReverseProxy module.
It already has consolidated logic for building response headers
making it easy to slip in sanitisation.

Although proxy urls are prefixed by a MAC built from a server secret,
attackers can still achieve a perfect id match when they are able to
change the contents of the pointed to URL. After sending an posts
containing an attachment at a controlled destination, the proxy URL can
be read back and inserted into the payload. After injection of
counterfeits in the target server the content can again be changed
to something innocuous lessening chance of detection.
2024-03-18 22:33:10 -01:00
..
config remove default emoji file 2022-08-11 19:05:41 +01:00
credo/check/consistency giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
fixtures Add XML matcher 2023-08-07 11:12:14 +01:00
instance_static URL encode remote emoji pack names (#362) 2023-01-15 18:14:04 +00:00
mix Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
pleroma Sanitise Content-Type of media proxy URLs 2024-03-18 22:33:10 -01:00
support Prune old Update activities 2024-02-17 16:57:40 +01:00
test_helper.exs Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00