Containment: Never fetch locally

2 files changed, 17 insertions, 0 deletions

diff --git a/lib/pleroma/object/containment.ex b/lib/pleroma/object/containment.ex
index f6106cb3f..77fac12c0 100644
--- a/lib/pleroma/object/containment.ex
+++ b/lib/pleroma/object/containment.ex
@@ -48,6 +48,19 @@ defmodule Pleroma.Object.Containment do
   defp compare_uris(_id_uri, _other_uri), do: :error
 
   @doc """
+  Checks whether an URL to fetch from is from the local server.
+
+  We never want to fetch from ourselves; if it's not in the database
+  it can't be authentic and must be a counterfeit.
+  """
+  def contain_local_fetch(id) do
+    case compare_uris(URI.parse(id), Pleroma.Web.Endpoint.struct_url()) do
+      :ok -> :error
+      _ -> :ok
+    end
+  end
+
+  @doc """
   Checks that an imported AP object's actor matches the host it came from.
   """
   def contain_origin(_id, %{"actor" => nil}), do: :error
diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex
index 41587c116..b54ef9ce5 100644
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@@ -148,6 +148,7 @@ defmodule Pleroma.Object.Fetcher do
 
     with {:scheme, true} <- {:scheme, String.starts_with?(id, "http")},
          {_, true} <- {:mrf, MRF.id_filter(id)},
+         {_, :ok} <- {:local_fetch, Containment.contain_local_fetch(id)},
          {:ok, body} <- get_object(id),
          {:ok, data} <- safe_json_decode(body),
          :ok <- Containment.contain_origin_from_id(id, data) do
@@ -160,6 +161,9 @@ defmodule Pleroma.Object.Fetcher do
       {:scheme, _} ->
         {:error, "Unsupported URI scheme"}
 
+      {:local_fetch, _} ->
+        {:error, "Trying to fetch local resource"}
+
       {:error, e} ->
         {:error, e}