Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Filter incoming Create activities by relation to local activity #10005

Merged
merged 1 commit into from Feb 13, 2019

Conversation

Projects
None yet
2 participants
@Gargron
Copy link
Member

Gargron commented Feb 10, 2019

Reject messages:

  • From accounts with no local followers
  • From relays that are not enabled
  • Except if:
    • The message addresses local accounts
    • Or it's a reply to an account that does have local followers

The goal of this feature is to minimize the surface area through which a server's database could be filled up through deliveries without consent.

Filter incoming Create activities by relation to local activity
Reject those from accounts with no local followers, from relays
that are not enabled, which do not address local accounts and are
not replies to accounts that do have local followers

@Gargron Gargron added the activitypub label Feb 10, 2019

@Gargron Gargron requested a review from ThibG Feb 12, 2019

@ThibG

ThibG approved these changes Feb 13, 2019

Copy link
Collaborator

ThibG left a comment

Seems fine to me overall. However, adding tests would be useful. In addition, it would make sense to check if relay software not relying on LD-Signatures would still work after those changes.

Finally, this is only a first step: at least Announce handling need similar restrictions, otherwise bypassing those Create restrictions is just a matter of Announceing the object.

@Gargron Gargron merged commit dad339d into master Feb 13, 2019

11 checks passed

ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: check-i18n Your tests passed on CircleCI!
Details
ci/circleci: install Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.6 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.6 Your tests passed on CircleCI!
Details
ci/circleci: test-webui Your tests passed on CircleCI!
Details
codeclimate All good!
Details

@Gargron Gargron deleted the feature-limit-unrelated-creates branch Feb 13, 2019

Gargron added a commit that referenced this pull request Feb 14, 2019

Filter incoming Announce activities by relation to local activity
Reject if announcer is not followed by local accounts, and is not
from an enabled relay, and the object is not a local status

Follow-up to #10005

Gargron added a commit that referenced this pull request Feb 14, 2019

Filter incoming Announce activities by relation to local activity
Reject if announcer is not followed by local accounts, and is not
from an enabled relay, and the object is not a local status

Follow-up to #10005

Gargron added a commit that referenced this pull request Feb 15, 2019

Filter incoming Announce activities by relation to local activity (#1…
…0041)

* Filter incoming Announce activities by relation to local activity

Reject if announcer is not followed by local accounts, and is not
from an enabled relay, and the object is not a local status

Follow-up to #10005

* Fix tests

Gargron added a commit that referenced this pull request Feb 17, 2019

Filter incoming Create activities by relation to local activity (#10005)
Reject those from accounts with no local followers, from relays
that are not enabled, which do not address local accounts and are
not replies to accounts that do have local followers

Gargron added a commit that referenced this pull request Feb 17, 2019

Filter incoming Announce activities by relation to local activity (#1…
…0041)

* Filter incoming Announce activities by relation to local activity

Reject if announcer is not followed by local accounts, and is not
from an enabled relay, and the object is not a local status

Follow-up to #10005

* Fix tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.