limepotato/akkoma
1
0
Fork 0
Code Pull requests Activity

Add default config whitelist

Browse source
This commit is contained in:
FloatingGhost 2023-08-14 20:26:14 +01:00
parent 6cb40bee26
commit 6fb47b2806
4 changed files with 136 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
config/config.exs
View file

@ -453,10 +453,6 @@ config :pleroma, :media_preview_proxy,
image_quality: 85, image_quality: 85,
min_content_length: 100 * 1024 min_content_length: 100 * 1024
config :pleroma, :shout,
enabled: true,
limit: 5_000
config :phoenix, :format_encoders, json: Jason, "activity+json": Jason config :phoenix, :format_encoders, json: Jason, "activity+json": Jason
config :phoenix, :json_library, Jason config :phoenix, :json_library, Jason
@ -796,6 +792,13 @@ config :pleroma, :web_cache_ttl,
config :pleroma, :modules, runtime_dir: "instance/modules" config :pleroma, :modules, runtime_dir: "instance/modules"
config :pleroma, configurable_from_database: false config :pleroma, configurable_from_database: false
# Don't allow arbitrary module config here, you can only
# adjust our own config.
config :pleroma,
database_config_whitelist: [
{:pleroma},
{:logger}
]
config :pleroma, Pleroma.Repo, config :pleroma, Pleroma.Repo,
parameters: [gin_fuzzy_search_limit: "500"], parameters: [gin_fuzzy_search_limit: "500"],

10
docs/docs/configuration/cheatsheet.md
View file

@ -375,6 +375,11 @@ This section describe PWA manifest instance-specific values. Currently this opti
#### Pleroma.Web.MediaProxy.Invalidation.Script #### Pleroma.Web.MediaProxy.Invalidation.Script
!!! warning
Invalidation script options cannot be set in the database due to the ability to
set the command options to arbitrary paths. The following options **MUST** be
set in your `.exs` file instead.
This strategy allow perform external shell script to purge cache. This strategy allow perform external shell script to purge cache.
Urls of attachments are passed to the script as arguments. Urls of attachments are passed to the script as arguments.
@ -1148,6 +1153,11 @@ Translations are available at `/api/v1/statuses/:id/translations/:language`, whe
### `:argos_translate` ### `:argos_translate`
!!! warning
Argos Translate options cannot be set in the database due to the ability to
set the command options to arbitrary paths. The following options **MUST** be
set in your `.exs` file instead.
- `:command_argos_translate` - command for `argos-translate`. Can be the command if it's in your PATH, or the full path to the file (default: `argos-translate`). - `:command_argos_translate` - command for `argos-translate`. Can be the command if it's in your PATH, or the full path to the file (default: `argos-translate`).
- `:command_argospm` - command for `argospm`. Can be the command if it's in your PATH, or the full path to the file (default: `argospm`). - `:command_argospm` - command for `argospm`. Can be the command if it's in your PATH, or the full path to the file (default: `argospm`).
- `:strip_html` - Strip html from the post before translating it (default: `true`). - `:strip_html` - Strip html from the post before translating it (default: `true`).

29
lib/pleroma/web/admin_api/controllers/config_controller.ex
View file

@ -9,6 +9,14 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do
alias Pleroma.ConfigDB alias Pleroma.ConfigDB
alias Pleroma.Web.Plugs.OAuthScopesPlug alias Pleroma.Web.Plugs.OAuthScopesPlug
@banned_in_db [
# this would make no sense if you could change it in the db
{:pleroma, :database_config_whitelist},
# called with System.cmd
{:pleroma, Pleroma.Web.MediaProxy.Invalidation.Script},
{:pleroma, :argos_translate}
]
plug(Pleroma.Web.ApiSpec.CastAndValidate) plug(Pleroma.Web.ApiSpec.CastAndValidate)
plug(OAuthScopesPlug, %{scopes: ["admin:write"]} when action == :update) plug(OAuthScopesPlug, %{scopes: ["admin:write"]} when action == :update)
@ -175,17 +183,18 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do
end end
defp whitelisted_config?(group, key) do defp whitelisted_config?(group, key) do
if whitelisted_configs = Config.get(:database_config_whitelist) do whitelisted =
Enum.any?(whitelisted_configs, fn :database_config_whitelist
|> Config.get([{:pleroma}])
|> Enum.any?(fn
{whitelisted_group} -> {whitelisted_group} ->
group == inspect(whitelisted_group) group == inspect(whitelisted_group)
{whitelisted_group, whitelisted_key} -> {whitelisted_group, whitelisted_key} ->
group == inspect(whitelisted_group) && key == inspect(whitelisted_key) group == inspect(whitelisted_group) && key == inspect(whitelisted_key)
end) end)
else
true whitelisted && !disallowed_config?(group, key)
end
end end
defp whitelisted_config?(%{group: group, key: key}) do defp whitelisted_config?(%{group: group, key: key}) do
@ -195,4 +204,14 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do
defp whitelisted_config?(%{group: group} = config) do defp whitelisted_config?(%{group: group} = config) do
whitelisted_config?(group, config[:key]) whitelisted_config?(group, config[:key])
end end
defp disallowed_config?(group, key) do
Enum.any?(@banned_in_db, fn
{disallowed_group} ->
group == inspect(disallowed_group)
{disallowed_group, disallowed_key} ->
group == inspect(disallowed_group) && key == inspect(disallowed_key)
end)
end
end end

95
test/pleroma/web/admin_api/controllers/config_controller_test.exs Normal file
View file

@ -0,0 +1,95 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do
use Pleroma.Web.ConnCase, async: false
import Pleroma.Factory
setup_all do
Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
:ok
end
setup do
clear_config(:configurable_from_database, true)
admin = insert(:user, is_admin: true)
token = insert(:oauth_admin_token, user: admin)
conn =
build_conn()
|> assign(:user, admin)
|> assign(:token, token)
|> put_req_header("content-type", "application/json")
{:ok, %{admin: admin, token: token, conn: conn}}
end
describe "POST /api/v1/pleroma/admin/config" do
test "Refuses to update non-whitelisted config options", %{conn: conn} do
banned_config = %{
configs: [
%{
group: ":mogrify",
key: ":mogrify_command",
value: [
%{tuple: [":path", "sh"]},
%{tuple: [":args", ["-c", "echo pwnd > /tmp/a"]]}
]
}
]
}
clear_config([:database_config_whitelist], [{:pleroma}])
resp_that_should_not_work =
conn
|> post(~p"/api/v1/pleroma/admin/config", banned_config)
|> json_response_and_validate_schema(200)
assert Enum.empty?(resp_that_should_not_work["configs"])
clear_config([:database_config_whitelist], [{:mogrify}])
resp_that_should_work =
conn
|> post(~p"/api/v1/pleroma/admin/config", banned_config)
|> json_response_and_validate_schema(200)
refute Enum.empty?(resp_that_should_work["configs"])
end
test "Refuses to update strictly disallowed options", %{conn: conn} do
banned_config = %{
configs: [
%{
group: ":pleroma",
key: ":database_config_whitelist",
value: [":pleroma"]
},
%{
group: ":pleroma",
key: ":argos_translate",
value: [
%{tuple: [":command_argospm", "/opt/oepsiewoepsie"]}
]
},
%{
group: ":pleroma",
key: "Pleroma.Web.MediaProxy.Invalidation.Script",
value: "wowee"
}
]
}
resp_that_should_not_work =
conn
|> post(~p"/api/v1/pleroma/admin/config", banned_config)
|> json_response_and_validate_schema(200)
assert Enum.empty?(resp_that_should_not_work["configs"])
end
end
end