Add default config whitelist
This commit is contained in:
parent
6cb40bee26
commit
6fb47b2806
4 changed files with 136 additions and 9 deletions
|
@ -453,10 +453,6 @@ config :pleroma, :media_preview_proxy,
|
|||
image_quality: 85,
|
||||
min_content_length: 100 * 1024
|
||||
|
||||
config :pleroma, :shout,
|
||||
enabled: true,
|
||||
limit: 5_000
|
||||
|
||||
config :phoenix, :format_encoders, json: Jason, "activity+json": Jason
|
||||
|
||||
config :phoenix, :json_library, Jason
|
||||
|
@ -796,6 +792,13 @@ config :pleroma, :web_cache_ttl,
|
|||
config :pleroma, :modules, runtime_dir: "instance/modules"
|
||||
|
||||
config :pleroma, configurable_from_database: false
|
||||
# Don't allow arbitrary module config here, you can only
|
||||
# adjust our own config.
|
||||
config :pleroma,
|
||||
database_config_whitelist: [
|
||||
{:pleroma},
|
||||
{:logger}
|
||||
]
|
||||
|
||||
config :pleroma, Pleroma.Repo,
|
||||
parameters: [gin_fuzzy_search_limit: "500"],
|
||||
|
|
|
@ -375,6 +375,11 @@ This section describe PWA manifest instance-specific values. Currently this opti
|
|||
|
||||
#### Pleroma.Web.MediaProxy.Invalidation.Script
|
||||
|
||||
!!! warning
|
||||
Invalidation script options cannot be set in the database due to the ability to
|
||||
set the command options to arbitrary paths. The following options **MUST** be
|
||||
set in your `.exs` file instead.
|
||||
|
||||
This strategy allow perform external shell script to purge cache.
|
||||
Urls of attachments are passed to the script as arguments.
|
||||
|
||||
|
@ -1148,6 +1153,11 @@ Translations are available at `/api/v1/statuses/:id/translations/:language`, whe
|
|||
|
||||
### `:argos_translate`
|
||||
|
||||
!!! warning
|
||||
Argos Translate options cannot be set in the database due to the ability to
|
||||
set the command options to arbitrary paths. The following options **MUST** be
|
||||
set in your `.exs` file instead.
|
||||
|
||||
- `:command_argos_translate` - command for `argos-translate`. Can be the command if it's in your PATH, or the full path to the file (default: `argos-translate`).
|
||||
- `:command_argospm` - command for `argospm`. Can be the command if it's in your PATH, or the full path to the file (default: `argospm`).
|
||||
- `:strip_html` - Strip html from the post before translating it (default: `true`).
|
||||
|
|
|
@ -9,6 +9,14 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do
|
|||
alias Pleroma.ConfigDB
|
||||
alias Pleroma.Web.Plugs.OAuthScopesPlug
|
||||
|
||||
@banned_in_db [
|
||||
# this would make no sense if you could change it in the db
|
||||
{:pleroma, :database_config_whitelist},
|
||||
# called with System.cmd
|
||||
{:pleroma, Pleroma.Web.MediaProxy.Invalidation.Script},
|
||||
{:pleroma, :argos_translate}
|
||||
]
|
||||
|
||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||
plug(OAuthScopesPlug, %{scopes: ["admin:write"]} when action == :update)
|
||||
|
||||
|
@ -175,17 +183,18 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do
|
|||
end
|
||||
|
||||
defp whitelisted_config?(group, key) do
|
||||
if whitelisted_configs = Config.get(:database_config_whitelist) do
|
||||
Enum.any?(whitelisted_configs, fn
|
||||
whitelisted =
|
||||
:database_config_whitelist
|
||||
|> Config.get([{:pleroma}])
|
||||
|> Enum.any?(fn
|
||||
{whitelisted_group} ->
|
||||
group == inspect(whitelisted_group)
|
||||
|
||||
{whitelisted_group, whitelisted_key} ->
|
||||
group == inspect(whitelisted_group) && key == inspect(whitelisted_key)
|
||||
end)
|
||||
else
|
||||
true
|
||||
end
|
||||
|
||||
whitelisted && !disallowed_config?(group, key)
|
||||
end
|
||||
|
||||
defp whitelisted_config?(%{group: group, key: key}) do
|
||||
|
@ -195,4 +204,14 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do
|
|||
defp whitelisted_config?(%{group: group} = config) do
|
||||
whitelisted_config?(group, config[:key])
|
||||
end
|
||||
|
||||
defp disallowed_config?(group, key) do
|
||||
Enum.any?(@banned_in_db, fn
|
||||
{disallowed_group} ->
|
||||
group == inspect(disallowed_group)
|
||||
|
||||
{disallowed_group, disallowed_key} ->
|
||||
group == inspect(disallowed_group) && key == inspect(disallowed_key)
|
||||
end)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,95 @@
|
|||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do
|
||||
use Pleroma.Web.ConnCase, async: false
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
setup_all do
|
||||
Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
|
||||
|
||||
:ok
|
||||
end
|
||||
|
||||
setup do
|
||||
clear_config(:configurable_from_database, true)
|
||||
admin = insert(:user, is_admin: true)
|
||||
token = insert(:oauth_admin_token, user: admin)
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> assign(:user, admin)
|
||||
|> assign(:token, token)
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|
||||
{:ok, %{admin: admin, token: token, conn: conn}}
|
||||
end
|
||||
|
||||
describe "POST /api/v1/pleroma/admin/config" do
|
||||
test "Refuses to update non-whitelisted config options", %{conn: conn} do
|
||||
banned_config = %{
|
||||
configs: [
|
||||
%{
|
||||
group: ":mogrify",
|
||||
key: ":mogrify_command",
|
||||
value: [
|
||||
%{tuple: [":path", "sh"]},
|
||||
%{tuple: [":args", ["-c", "echo pwnd > /tmp/a"]]}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
clear_config([:database_config_whitelist], [{:pleroma}])
|
||||
|
||||
resp_that_should_not_work =
|
||||
conn
|
||||
|> post(~p"/api/v1/pleroma/admin/config", banned_config)
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert Enum.empty?(resp_that_should_not_work["configs"])
|
||||
|
||||
clear_config([:database_config_whitelist], [{:mogrify}])
|
||||
|
||||
resp_that_should_work =
|
||||
conn
|
||||
|> post(~p"/api/v1/pleroma/admin/config", banned_config)
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
refute Enum.empty?(resp_that_should_work["configs"])
|
||||
end
|
||||
|
||||
test "Refuses to update strictly disallowed options", %{conn: conn} do
|
||||
banned_config = %{
|
||||
configs: [
|
||||
%{
|
||||
group: ":pleroma",
|
||||
key: ":database_config_whitelist",
|
||||
value: [":pleroma"]
|
||||
},
|
||||
%{
|
||||
group: ":pleroma",
|
||||
key: ":argos_translate",
|
||||
value: [
|
||||
%{tuple: [":command_argospm", "/opt/oepsiewoepsie"]}
|
||||
]
|
||||
},
|
||||
%{
|
||||
group: ":pleroma",
|
||||
key: "Pleroma.Web.MediaProxy.Invalidation.Script",
|
||||
value: "wowee"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
resp_that_should_not_work =
|
||||
conn
|
||||
|> post(~p"/api/v1/pleroma/admin/config", banned_config)
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert Enum.empty?(resp_that_should_not_work["configs"])
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue