]> cat aescling's git repositories - mastodon.git/commitdiff
Fix handling of malformed ActivityPub payloads when URIs are nil (#7370)
authorEugen Rochko <eugen@zeonfederated.com>
Sat, 5 May 2018 16:22:34 +0000 (18:22 +0200)
committerGitHub <noreply@github.com>
Sat, 5 May 2018 16:22:34 +0000 (18:22 +0200)
* Fix handling of malformed ActivityPub payloads when URIs are nil

* Gracefully handle JSON-LD canonicalization failures

app/lib/activitypub/tag_manager.rb
app/services/activitypub/fetch_remote_status_service.rb
app/services/activitypub/process_collection_service.rb

index 908ea963917ecb0f98f9e8a36a31265055ecb2c5..95d1cf9f35326d7ea64016fcdce55b1a1e784d26 100644 (file)
@@ -86,6 +86,8 @@ class ActivityPub::TagManager
   end
 
   def local_uri?(uri)
+    return false if uri.nil?
+
     uri  = Addressable::URI.parse(uri)
     host = uri.normalized_host
     host = "#{host}:#{uri.port}" if uri.port
@@ -99,6 +101,8 @@ class ActivityPub::TagManager
   end
 
   def uri_to_resource(uri, klass)
+    return if uri.nil?
+
     if local_uri?(uri)
       case klass.name
       when 'Account'
index 930fbad1f15f3bb80d36b26e964f97c43bc45858..b6c00a9e7e2ba70c95f6646ac015440786691037 100644 (file)
@@ -34,6 +34,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
   end
 
   def trustworthy_attribution?(uri, attributed_to)
+    return false if uri.nil? || attributed_to.nil?
     Addressable::URI.parse(uri).normalized_host.casecmp(Addressable::URI.parse(attributed_to).normalized_host).zero?
   end
 
index eb93329e976a9a7f907f88571606d70eff3141d6..79cdca297be0571589547d25984a479f48215b76 100644 (file)
@@ -45,5 +45,8 @@ class ActivityPub::ProcessCollectionService < BaseService
 
   def verify_account!
     @account = ActivityPub::LinkedDataSignature.new(@json).verify_account!
+  rescue JSON::LD::JsonLdError => e
+    Rails.logger.debug "Could not verify LD-Signature for #{value_or_id(@json['actor'])}: #{e.message}"
+    nil
   end
 end