Merge pull request 'Fix StealEmoji’s max size check' (#793) from Oneric/akkoma:emojistealer_contentlength into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/793
This commit is contained in:
floatingghost 2024-06-12 17:09:05 +00:00
commit b03edb4ff4
3 changed files with 21 additions and 6 deletions

View file

@ -101,10 +101,19 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
end end
end end
defp get_int_header(headers, header_name, default \\ nil) do
with rawval when rawval != :undefined <- :proplists.get_value(header_name, headers),
{int, ""} <- Integer.parse(rawval) do
int
else
_ -> default
end
end
defp is_remote_size_within_limit?(url) do defp is_remote_size_within_limit?(url) do
with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <- with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <-
Pleroma.HTTP.request(:head, url, nil, [], []) do Pleroma.HTTP.request(:head, url, nil, [], []) do
content_length = :proplists.get_value("content-length", headers, nil) content_length = get_int_header(headers, "content-length")
size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit) size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit)
accept_unknown = accept_unknown =
@ -172,7 +181,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
description: <<_::272, _::_*256>>, description: <<_::272, _::_*256>>,
key: :hosts | :rejected_shortcodes | :size_limit, key: :hosts | :rejected_shortcodes | :size_limit,
suggestions: [any(), ...], suggestions: [any(), ...],
type: {:list, :string} | {:list, :string} | :integer type: {:list, :string} | {:list, :string} | :integer | :boolean
}, },
... ...
], ],
@ -209,6 +218,12 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
type: :integer, type: :integer,
description: "File size limit (in bytes), checked before an emoji is saved to the disk", description: "File size limit (in bytes), checked before an emoji is saved to the disk",
suggestions: ["100000"] suggestions: ["100000"]
},
%{
key: :download_unknown_size,
type: :boolean,
description: "Whether to download emoji if size can't be determined ahead of time",
suggestions: [false, true]
} }
] ]
} }

View file

@ -110,7 +110,7 @@ defmodule Pleroma.SignatureTest do
headers = %{ headers = %{
host: "test.test", host: "test.test",
"content-length": 100 "content-length": "100"
} }
assert_signature_equal( assert_signature_equal(
@ -127,7 +127,7 @@ defmodule Pleroma.SignatureTest do
assert Signature.sign( assert Signature.sign(
user, user,
%{host: "test.test", "content-length": 100} %{host: "test.test", "content-length": "100"}
) == {:error, []} ) == {:error, []}
end end
end end

View file

@ -202,7 +202,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
test "reject too large content-size before download", %{message: message} do test "reject too large content-size before download", %{message: message} do
clear_config([:mrf_steal_emoji, :download_unknown_size], false) clear_config([:mrf_steal_emoji, :download_unknown_size], false)
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2 ** 30}]) mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "#{2 ** 30}"}])
refute "firedfox" in installed() refute "firedfox" in installed()
@ -216,7 +216,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
test "accepts content-size below limit", %{message: message} do test "accepts content-size below limit", %{message: message} do
clear_config([:mrf_steal_emoji, :download_unknown_size], false) clear_config([:mrf_steal_emoji, :download_unknown_size], false)
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2}]) mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "2"}])
refute "firedfox" in installed() refute "firedfox" in installed()