indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Extra actor url validation

merge-requests/30/head
Bob Mottram 2022-12-26 10:49:41 +00:00
parent 66203c6558
commit 9dea2a8d2a
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
person.py
View File

@ -44,6 +44,7 @@ from utils import get_attachment_property_value
from utils import get_nickname_from_actor from utils import get_nickname_from_actor
from utils import remove_html from utils import remove_html
from utils import contains_invalid_chars from utils import contains_invalid_chars
from utils import contains_invalid_actor_url_chars
from utils import replace_users_with_at from utils import replace_users_with_at
from utils import remove_eol from utils import remove_eol
from utils import remove_domain_port from utils import remove_domain_port
@ -1776,6 +1777,12 @@ def valid_sending_actor(session, base_dir: str,
# who sent this post? # who sent this post?
sending_actor = post_json_object['actor'] sending_actor = post_json_object['actor']
if not isinstance(sending_actor, str):
return False
if contains_invalid_actor_url_chars(sending_actor):
return False
# If you are following them then allow their posts # If you are following them then allow their posts
if is_following_actor(base_dir, nickname, domain, sending_actor): if is_following_actor(base_dir, nickname, domain, sending_actor):
return True return True
@ -1802,6 +1809,7 @@ def valid_sending_actor(session, base_dir: str,
print('REJECT: no preferredUsername within actor ' + str(actor_json)) print('REJECT: no preferredUsername within actor ' + str(actor_json))
return False return False
# is this a known spam actor?
actor_spam_filter_filename = \ actor_spam_filter_filename = \
acct_dir(base_dir, nickname, domain) + '/.reject_spam_actors' acct_dir(base_dir, nickname, domain) + '/.reject_spam_actors'
if not os.path.isfile(actor_spam_filter_filename): if not os.path.isfile(actor_spam_filter_filename):

16
utils.py
View File

@ -39,6 +39,12 @@ INVALID_CHARACTERS = (
'', '', '', '', '', '', 'ϟϟ', '🏳️‍🌈🚫', '⚡⚡' '', '', '', '', '', '', 'ϟϟ', '🏳️‍🌈🚫', '⚡⚡'
) )
INVALID_ACTOR_URL_CHARACTERS = (
'', '', '<', '>', '%', '{', '}', '|', '\\', '^', '`',
'?', '#', '[', ']', '@', '!', '$', '&', "'", '(', ')',
'*', '+', ',', ';', '='
)
def _standardize_text_range(text: str, def _standardize_text_range(text: str,
range_start: int, range_end: int, range_start: int, range_end: int,
@ -971,6 +977,16 @@ def contains_invalid_chars(json_str: str) -> bool:
return False return False
def contains_invalid_actor_url_chars(url: str) -> bool:
"""Does the given actor url contain invalid characters?
"""
for is_invalid in INVALID_ACTOR_URL_CHARACTERS:
if is_invalid in url:
return True
return contains_invalid_chars(url)
def remove_invalid_chars(text: str) -> str: def remove_invalid_chars(text: str) -> str:
"""Removes any invalid characters from a string """Removes any invalid characters from a string
""" """