logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

simple_policy_test.exs (19312B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
  6.   use Pleroma.DataCase
  7.   import Pleroma.Factory
  8.   alias Pleroma.Web.ActivityPub.MRF.SimplePolicy
  9.   alias Pleroma.Web.CommonAPI
  11.   setup do:
  12.           clear_config(:mrf_simple,
  13.             media_removal: [],
  14.             media_nsfw: [],
  15.             federated_timeline_removal: [],
  16.             report_removal: [],
  17.             reject: [],
  18.             followers_only: [],
  19.             accept: [],
  20.             avatar_removal: [],
  21.             banner_removal: [],
  22.             reject_deletes: []
  23.           )
  25.   describe "when :media_removal" do
  26.     test "is empty" do
  27.       clear_config([:mrf_simple, :media_removal], [])
  28.       media_message = build_media_message()
  29.       local_message = build_local_message()
  31.       assert SimplePolicy.filter(media_message) == {:ok, media_message}
  32.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  33.     end
  35.     test "has a matching host" do
  36.       clear_config([:mrf_simple, :media_removal], [{"remote.instance", "Some reason"}])
  37.       media_message = build_media_message()
  38.       local_message = build_local_message()
  40.       assert SimplePolicy.filter(media_message) ==
  41.                {:ok,
  42.                 media_message
  43.                 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
  45.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  46.     end
  48.     test "match with wildcard domain" do
  49.       clear_config([:mrf_simple, :media_removal], [{"*.remote.instance", "Whatever reason"}])
  50.       media_message = build_media_message()
  51.       local_message = build_local_message()
  53.       assert SimplePolicy.filter(media_message) ==
  54.                {:ok,
  55.                 media_message
  56.                 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
  58.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  59.     end
  61.     test "works with Updates" do
  62.       clear_config([:mrf_simple, :media_removal], [{"remote.instance", "Some reason"}])
  63.       media_message = build_media_message(type: "Update")
  65.       assert SimplePolicy.filter(media_message) ==
  66.                {:ok,
  67.                 media_message
  68.                 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
  69.     end
  70.   end
  72.   describe "when :media_nsfw" do
  73.     test "is empty" do
  74.       clear_config([:mrf_simple, :media_nsfw], [])
  75.       media_message = build_media_message()
  76.       local_message = build_local_message()
  78.       assert SimplePolicy.filter(media_message) == {:ok, media_message}
  79.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  80.     end
  82.     test "has a matching host" do
  83.       clear_config([:mrf_simple, :media_nsfw], [{"remote.instance", "Whetever"}])
  84.       media_message = build_media_message()
  85.       local_message = build_local_message()
  87.       assert SimplePolicy.filter(media_message) ==
  88.                {:ok, put_in(media_message, ["object", "sensitive"], true)}
  90.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  91.     end
  93.     test "match with wildcard domain" do
  94.       clear_config([:mrf_simple, :media_nsfw], [{"*.remote.instance", "yeah yeah"}])
  95.       media_message = build_media_message()
  96.       local_message = build_local_message()
  98.       assert SimplePolicy.filter(media_message) ==
  99.                {:ok, put_in(media_message, ["object", "sensitive"], true)}
  101.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  102.     end
  104.     test "works with Updates" do
  105.       clear_config([:mrf_simple, :media_nsfw], [{"remote.instance", "Whetever"}])
  106.       media_message = build_media_message(type: "Update")
  108.       assert SimplePolicy.filter(media_message) ==
  109.                {:ok, put_in(media_message, ["object", "sensitive"], true)}
  110.     end
  111.   end
  113.   defp build_media_message(opts \\ []) do
  114.     %{
  115.       "actor" => "https://remote.instance/users/bob",
  116.       "type" => opts[:type] || "Create",
  117.       "object" => %{
  118.         "attachment" => [%{}],
  119.         "tag" => ["foo"],
  120.         "sensitive" => false
  121.       }
  122.     }
  123.   end
  125.   describe "when :report_removal" do
  126.     test "is empty" do
  127.       clear_config([:mrf_simple, :report_removal], [])
  128.       report_message = build_report_message()
  129.       local_message = build_local_message()
  131.       assert SimplePolicy.filter(report_message) == {:ok, report_message}
  132.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  133.     end
  135.     test "has a matching host" do
  136.       clear_config([:mrf_simple, :report_removal], [{"remote.instance", "muh"}])
  137.       report_message = build_report_message()
  138.       local_message = build_local_message()
  140.       assert {:reject, _} = SimplePolicy.filter(report_message)
  141.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  142.     end
  144.     test "match with wildcard domain" do
  145.       clear_config([:mrf_simple, :report_removal], [{"*.remote.instance", "suya"}])
  146.       report_message = build_report_message()
  147.       local_message = build_local_message()
  149.       assert {:reject, _} = SimplePolicy.filter(report_message)
  150.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  151.     end
  152.   end
  154.   defp build_report_message do
  155.     %{
  156.       "actor" => "https://remote.instance/users/bob",
  157.       "type" => "Flag"
  158.     }
  159.   end
  161.   describe "when :federated_timeline_removal" do
  162.     test "is empty" do
  163.       clear_config([:mrf_simple, :federated_timeline_removal], [])
  164.       {_, ftl_message} = build_ftl_actor_and_message()
  165.       local_message = build_local_message()
  167.       assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
  168.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  169.     end
  171.     test "has a matching host" do
  172.       {actor, ftl_message} = build_ftl_actor_and_message()
  174.       ftl_message_actor_host =
  175.         ftl_message
  176.         |> Map.fetch!("actor")
  177.         |> URI.parse()
  178.         |> Map.fetch!(:host)
  180.       clear_config([:mrf_simple, :federated_timeline_removal], [{ftl_message_actor_host, "uwu"}])
  181.       local_message = build_local_message()
  183.       assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
  184.       assert actor.follower_address in ftl_message["to"]
  185.       refute actor.follower_address in ftl_message["cc"]
  186.       refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
  187.       assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
  189.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  190.     end
  192.     test "match with wildcard domain" do
  193.       {actor, ftl_message} = build_ftl_actor_and_message()
  195.       ftl_message_actor_host =
  196.         ftl_message
  197.         |> Map.fetch!("actor")
  198.         |> URI.parse()
  199.         |> Map.fetch!(:host)
  201.       clear_config([:mrf_simple, :federated_timeline_removal], [
  202.         {"*." <> ftl_message_actor_host, "owo"}
  203.       ])
  205.       local_message = build_local_message()
  207.       assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
  208.       assert actor.follower_address in ftl_message["to"]
  209.       refute actor.follower_address in ftl_message["cc"]
  210.       refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
  211.       assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
  213.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  214.     end
  216.     test "has a matching host but only as:Public in to" do
  217.       {_actor, ftl_message} = build_ftl_actor_and_message()
  219.       ftl_message_actor_host =
  220.         ftl_message
  221.         |> Map.fetch!("actor")
  222.         |> URI.parse()
  223.         |> Map.fetch!(:host)
  225.       ftl_message = Map.put(ftl_message, "cc", [])
  227.       clear_config([:mrf_simple, :federated_timeline_removal], [
  228.         {ftl_message_actor_host, "spiderwaifu goes 88w88"}
  229.       ])
  231.       assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)
  232.       refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]
  233.       assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]
  234.     end
  235.   end
  237.   defp build_ftl_actor_and_message do
  238.     actor = insert(:user)
  240.     {actor,
  241.      %{
  242.        "actor" => actor.ap_id,
  243.        "to" => ["https://www.w3.org/ns/activitystreams#Public", "http://foo.bar/baz"],
  244.        "cc" => [actor.follower_address, "http://foo.bar/qux"]
  245.      }}
  246.   end
  248.   describe "when :reject" do
  249.     test "is empty" do
  250.       clear_config([:mrf_simple, :reject], [])
  252.       remote_message = build_remote_message()
  254.       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
  255.       assert SimplePolicy.id_filter(remote_message["actor"])
  256.     end
  258.     test "activity has a matching host" do
  259.       clear_config([:mrf_simple, :reject], [{"remote.instance", ""}])
  261.       remote_message = build_remote_message()
  263.       assert {:reject, _} = SimplePolicy.filter(remote_message)
  264.       refute SimplePolicy.id_filter(remote_message["actor"])
  265.     end
  267.     test "activity matches with wildcard domain" do
  268.       clear_config([:mrf_simple, :reject], [{"*.remote.instance", ""}])
  270.       remote_message = build_remote_message()
  272.       assert {:reject, _} = SimplePolicy.filter(remote_message)
  273.       refute SimplePolicy.id_filter(remote_message["actor"])
  274.     end
  276.     test "actor has a matching host" do
  277.       clear_config([:mrf_simple, :reject], [{"remote.instance", ""}])
  279.       remote_user = build_remote_user()
  281.       assert {:reject, _} = SimplePolicy.filter(remote_user)
  282.       refute SimplePolicy.id_filter(remote_user["id"])
  283.     end
  285.     test "reject Announce when object would be rejected" do
  286.       clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
  288.       announce = %{
  289.         "type" => "Announce",
  290.         "actor" => "https://okay.tld/users/alice",
  291.         "object" => %{"type" => "Note", "actor" => "https://blocked.tld/users/bob"}
  292.       }
  294.       assert {:reject, _} = SimplePolicy.filter(announce)
  295.       # Note: Non-Applicable for id_filter/1
  296.     end
  298.     test "reject by URI object" do
  299.       clear_config([:mrf_simple, :reject], [{"blocked.tld", ""}])
  301.       announce = %{
  302.         "type" => "Announce",
  303.         "actor" => "https://okay.tld/users/alice",
  304.         "object" => "https://blocked.tld/activities/1"
  305.       }
  307.       assert {:reject, _} = SimplePolicy.filter(announce)
  308.       # Note: Non-Applicable for id_filter/1
  309.     end
  310.   end
  312.   describe "when :followers_only" do
  313.     test "is empty" do
  314.       clear_config([:mrf_simple, :followers_only], [])
  315.       {_, ftl_message} = build_ftl_actor_and_message()
  316.       local_message = build_local_message()
  318.       assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}
  319.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  320.     end
  322.     test "has a matching host" do
  323.       actor = insert(:user)
  324.       following_user = insert(:user)
  325.       non_following_user = insert(:user)
  327.       {:ok, _, _, _} = CommonAPI.follow(following_user, actor)
  329.       activity = %{
  330.         "actor" => actor.ap_id,
  331.         "to" => [
  332.           "https://www.w3.org/ns/activitystreams#Public",
  333.           following_user.ap_id,
  334.           non_following_user.ap_id
  335.         ],
  336.         "cc" => [actor.follower_address, "http://foo.bar/qux"]
  337.       }
  339.       dm_activity = %{
  340.         "actor" => actor.ap_id,
  341.         "to" => [
  342.           following_user.ap_id,
  343.           non_following_user.ap_id
  344.         ],
  345.         "cc" => []
  346.       }
  348.       actor_domain =
  349.         activity
  350.         |> Map.fetch!("actor")
  351.         |> URI.parse()
  352.         |> Map.fetch!(:host)
  354.       clear_config([:mrf_simple, :followers_only], [{actor_domain, ""}])
  356.       assert {:ok, new_activity} = SimplePolicy.filter(activity)
  357.       assert actor.follower_address in new_activity["cc"]
  358.       assert following_user.ap_id in new_activity["to"]
  359.       refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["to"]
  360.       refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["cc"]
  361.       refute non_following_user.ap_id in new_activity["to"]
  362.       refute non_following_user.ap_id in new_activity["cc"]
  364.       assert {:ok, new_dm_activity} = SimplePolicy.filter(dm_activity)
  365.       assert new_dm_activity["to"] == [following_user.ap_id]
  366.       assert new_dm_activity["cc"] == []
  367.     end
  368.   end
  370.   describe "when :accept" do
  371.     test "is empty" do
  372.       clear_config([:mrf_simple, :accept], [])
  374.       local_message = build_local_message()
  375.       remote_message = build_remote_message()
  377.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  378.       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
  379.       assert SimplePolicy.id_filter(local_message["actor"])
  380.       assert SimplePolicy.id_filter(remote_message["actor"])
  381.     end
  383.     test "is not empty but activity doesn't have a matching host" do
  384.       clear_config([:mrf_simple, :accept], [{"non.matching.remote", ""}])
  386.       local_message = build_local_message()
  387.       remote_message = build_remote_message()
  389.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  390.       assert {:reject, _} = SimplePolicy.filter(remote_message)
  391.       assert SimplePolicy.id_filter(local_message["actor"])
  392.       refute SimplePolicy.id_filter(remote_message["actor"])
  393.     end
  395.     test "activity has a matching host" do
  396.       clear_config([:mrf_simple, :accept], [{"remote.instance", ""}])
  398.       local_message = build_local_message()
  399.       remote_message = build_remote_message()
  401.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  402.       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
  403.       assert SimplePolicy.id_filter(local_message["actor"])
  404.       assert SimplePolicy.id_filter(remote_message["actor"])
  405.     end
  407.     test "activity matches with wildcard domain" do
  408.       clear_config([:mrf_simple, :accept], [{"*.remote.instance", ""}])
  410.       local_message = build_local_message()
  411.       remote_message = build_remote_message()
  413.       assert SimplePolicy.filter(local_message) == {:ok, local_message}
  414.       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
  415.       assert SimplePolicy.id_filter(local_message["actor"])
  416.       assert SimplePolicy.id_filter(remote_message["actor"])
  417.     end
  419.     test "actor has a matching host" do
  420.       clear_config([:mrf_simple, :accept], [{"remote.instance", ""}])
  422.       remote_user = build_remote_user()
  424.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
  425.       assert SimplePolicy.id_filter(remote_user["id"])
  426.     end
  427.   end
  429.   describe "when :avatar_removal" do
  430.     test "is empty" do
  431.       clear_config([:mrf_simple, :avatar_removal], [])
  433.       remote_user = build_remote_user()
  435.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
  436.     end
  438.     test "is not empty but it doesn't have a matching host" do
  439.       clear_config([:mrf_simple, :avatar_removal], [{"non.matching.remote", ""}])
  441.       remote_user = build_remote_user()
  443.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
  444.     end
  446.     test "has a matching host" do
  447.       clear_config([:mrf_simple, :avatar_removal], [{"remote.instance", ""}])
  449.       remote_user = build_remote_user()
  450.       {:ok, filtered} = SimplePolicy.filter(remote_user)
  452.       refute filtered["icon"]
  453.     end
  455.     test "match with wildcard domain" do
  456.       clear_config([:mrf_simple, :avatar_removal], [{"*.remote.instance", ""}])
  458.       remote_user = build_remote_user()
  459.       {:ok, filtered} = SimplePolicy.filter(remote_user)
  461.       refute filtered["icon"]
  462.     end
  463.   end
  465.   describe "when :banner_removal" do
  466.     test "is empty" do
  467.       clear_config([:mrf_simple, :banner_removal], [])
  469.       remote_user = build_remote_user()
  471.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
  472.     end
  474.     test "is not empty but it doesn't have a matching host" do
  475.       clear_config([:mrf_simple, :banner_removal], [{"non.matching.remote", ""}])
  477.       remote_user = build_remote_user()
  479.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
  480.     end
  482.     test "has a matching host" do
  483.       clear_config([:mrf_simple, :banner_removal], [{"remote.instance", ""}])
  485.       remote_user = build_remote_user()
  486.       {:ok, filtered} = SimplePolicy.filter(remote_user)
  488.       refute filtered["image"]
  489.     end
  491.     test "match with wildcard domain" do
  492.       clear_config([:mrf_simple, :banner_removal], [{"*.remote.instance", ""}])
  494.       remote_user = build_remote_user()
  495.       {:ok, filtered} = SimplePolicy.filter(remote_user)
  497.       refute filtered["image"]
  498.     end
  499.   end
  501.   describe "when :reject_deletes is empty" do
  502.     setup do: clear_config([:mrf_simple, :reject_deletes], [])
  504.     test "it accepts deletions even from rejected servers" do
  505.       clear_config([:mrf_simple, :reject], [{"remote.instance", ""}])
  507.       deletion_message = build_remote_deletion_message()
  509.       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
  510.     end
  512.     test "it accepts deletions even from non-whitelisted servers" do
  513.       clear_config([:mrf_simple, :accept], [{"non.matching.remote", ""}])
  515.       deletion_message = build_remote_deletion_message()
  517.       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
  518.     end
  519.   end
  521.   describe "when :reject_deletes is not empty but it doesn't have a matching host" do
  522.     setup do: clear_config([:mrf_simple, :reject_deletes], [{"non.matching.remote", ""}])
  524.     test "it accepts deletions even from rejected servers" do
  525.       clear_config([:mrf_simple, :reject], [{"remote.instance", ""}])
  527.       deletion_message = build_remote_deletion_message()
  529.       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
  530.     end
  532.     test "it accepts deletions even from non-whitelisted servers" do
  533.       clear_config([:mrf_simple, :accept], [{"non.matching.remote", ""}])
  535.       deletion_message = build_remote_deletion_message()
  537.       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
  538.     end
  539.   end
  541.   describe "when :reject_deletes has a matching host" do
  542.     setup do: clear_config([:mrf_simple, :reject_deletes], [{"remote.instance", ""}])
  544.     test "it rejects the deletion" do
  545.       deletion_message = build_remote_deletion_message()
  547.       assert {:reject, _} = SimplePolicy.filter(deletion_message)
  548.     end
  549.   end
  551.   describe "when :reject_deletes match with wildcard domain" do
  552.     setup do: clear_config([:mrf_simple, :reject_deletes], [{"*.remote.instance", ""}])
  554.     test "it rejects the deletion" do
  555.       deletion_message = build_remote_deletion_message()
  557.       assert {:reject, _} = SimplePolicy.filter(deletion_message)
  558.     end
  559.   end
  561.   defp build_local_message do
  562.     %{
  563.       "actor" => "#{Pleroma.Web.Endpoint.url()}/users/alice",
  564.       "to" => [],
  565.       "cc" => []
  566.     }
  567.   end
  569.   defp build_remote_message do
  570.     %{"actor" => "https://remote.instance/users/bob"}
  571.   end
  573.   defp build_remote_user do
  574.     %{
  575.       "id" => "https://remote.instance/users/bob",
  576.       "icon" => %{
  577.         "url" => "http://example.com/image.jpg",
  578.         "type" => "Image"
  579.       },
  580.       "image" => %{
  581.         "url" => "http://example.com/image.jpg",
  582.         "type" => "Image"
  583.       },
  584.       "type" => "Person"
  585.     }
  586.   end
  588.   defp build_remote_deletion_message do
  589.     %{
  590.       "type" => "Delete",
  591.       "actor" => "https://remote.instance/users/bob"
  592.     }
  593.   end
  594. end