diff options
| author | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2019-03-05 00:33:04 +0000 |
|---|---|---|
| committer | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2019-03-05 00:33:04 +0000 |
| commit | 682cc94db11404ad658f566634c1e641cc575091 (patch) | |
| tree | faf74db6dcd2293afe97e5ea2270ed3be2d8dcc6 | |
| parent | d45dbdce5a478a004711baad963d7134988402ed (diff) | |
| parent | b7aa1ea9e6ea919b4eab2762b56f7e4b09300189 (diff) | |
| download | pleroma-682cc94db11404ad658f566634c1e641cc575091.tar.gz pleroma-682cc94db11404ad658f566634c1e641cc575091.zip | |
Merge branch 'bugfix/rich-media-uri-validation' into 'develop'
rich media: don't crawl bogus URIs
See merge request pleroma/pleroma!864
| -rw-r--r-- | lib/pleroma/web/rich_media/helpers.ex | 14 | ||||
| -rw-r--r-- | test/web/rich_media/helpers_test.exs | 62 |
2 files changed, 76 insertions, 0 deletions
diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index abb1cf7f2..8317a1162 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -8,10 +8,24 @@ defmodule Pleroma.Web.RichMedia.Helpers do alias Pleroma.HTML alias Pleroma.Web.RichMedia.Parser + defp validate_page_url(page_url) when is_binary(page_url) do + if AutoLinker.Parser.is_url?(page_url, true) do + URI.parse(page_url) |> validate_page_url + else + :error + end + end + + defp validate_page_url(%URI{authority: nil}), do: :error + defp validate_page_url(%URI{scheme: nil}), do: :error + defp validate_page_url(%URI{}), do: :ok + defp validate_page_url(_), do: :error + def fetch_data_for_activity(%Activity{} = activity) do with true <- Pleroma.Config.get([:rich_media, :enabled]), %Object{} = object <- Object.normalize(activity.data["object"]), {:ok, page_url} <- HTML.extract_first_external_url(object, object.data["content"]), + :ok <- validate_page_url(page_url), {:ok, rich_media} <- Parser.parse(page_url) do %{page_url: page_url, rich_media: rich_media} else diff --git a/test/web/rich_media/helpers_test.exs b/test/web/rich_media/helpers_test.exs new file mode 100644 index 000000000..60d93768f --- /dev/null +++ b/test/web/rich_media/helpers_test.exs @@ -0,0 +1,62 @@ +defmodule Pleroma.Web.RichMedia.HelpersTest do + use Pleroma.DataCase + + alias Pleroma.Web.CommonAPI + + import Pleroma.Factory + import Tesla.Mock + + setup do + mock(fn env -> apply(HttpRequestMock, :request, [env]) end) + :ok + end + + test "refuses to crawl incomplete URLs" do + user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "[test](example.com/ogp)", + "content_type" => "text/markdown" + }) + + Pleroma.Config.put([:rich_media, :enabled], true) + + assert %{} == Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity) + + Pleroma.Config.put([:rich_media, :enabled], false) + end + + test "refuses to crawl malformed URLs" do + user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "[test](example.com[]/ogp)", + "content_type" => "text/markdown" + }) + + Pleroma.Config.put([:rich_media, :enabled], true) + + assert %{} == Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity) + + Pleroma.Config.put([:rich_media, :enabled], false) + end + + test "crawls valid, complete URLs" do + user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => "[test](http://example.com/ogp)", + "content_type" => "text/markdown" + }) + + Pleroma.Config.put([:rich_media, :enabled], true) + + assert %{page_url: "http://example.com/ogp", rich_media: _} = + Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity) + + Pleroma.Config.put([:rich_media, :enabled], false) + end +end |