commit: 9b39bc6aa8238ab2084f813d50210b75bd80e374
parent c29430b018d3ba34677d5f816f67e3b8d44ec685
Author: Haelwenn <contact+git.pleroma.social@hacktivis.me>
Date: Mon, 15 Jan 2024 08:24:54 +0000
Merge branch 'mrf-regex-error' into 'develop'
MRF: Log sensible regex error for subdomain_match
See merge request pleroma/pleroma!4026
Diffstat:
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/changelog.d/mrf-regex-error.fix b/changelog.d/mrf-regex-error.fix
@@ -0,0 +1 @@
+MRF: Log sensible error for subdomains_regex
diff --git a/lib/pleroma/web/activity_pub/mrf.ex b/lib/pleroma/web/activity_pub/mrf.ex
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ActivityPub.MRF do
@@ -139,7 +139,16 @@ defmodule Pleroma.Web.ActivityPub.MRF do
@spec subdomains_regex([String.t()]) :: [Regex.t()]
def subdomains_regex(domains) when is_list(domains) do
- for domain <- domains, do: ~r(^#{String.replace(domain, "*.", "(.*\\.)*")}$)i
+ for domain <- domains do
+ try do
+ target = String.replace(domain, "*.", "(.*\\.)*")
+ ~r<^#{target}$>i
+ rescue
+ e ->
+ Logger.error("MRF: Invalid subdomain Regex: #{domain}")
+ reraise e, __STACKTRACE__
+ end
+ end
end
@spec subdomain_match?([Regex.t()], String.t()) :: boolean()
diff --git a/test/pleroma/web/activity_pub/mrf_test.exs b/test/pleroma/web/activity_pub/mrf_test.exs
@@ -1,10 +1,13 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ActivityPub.MRFTest do
use ExUnit.Case
use Pleroma.Tests.Helpers
+
+ import ExUnit.CaptureLog
+
alias Pleroma.Web.ActivityPub.MRF
test "subdomains_regex/1" do
@@ -61,6 +64,14 @@ defmodule Pleroma.Web.ActivityPub.MRFTest do
refute MRF.subdomain_match?(regexes, "EXAMPLE.COM")
refute MRF.subdomain_match?(regexes, "example.com")
end
+
+ @tag capture_log: true
+ test "logs sensible error on accidental wildcard" do
+ assert_raise Regex.CompileError, fn ->
+ assert capture_log(MRF.subdomains_regex(["*unsafe.tld"])) =~
+ "MRF: Invalid subdomain Regex: *unsafe.tld"
+ end
+ end
end
describe "instance_list_from_tuples/1" do