From c6ffdb2f83e45a6a4b0dcee308565dc904d0de51 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Wed, 12 Aug 2020 09:53:26 +0000
Subject: [PATCH] More validation

---
 announce.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/announce.py b/announce.py
index 4dc0f74e7..4f2a8881a 100644
--- a/announce.py
+++ b/announce.py
@@ -81,6 +81,12 @@ def announcedByPerson(postJsonObject: {}, nickname: str, domain: str) -> bool:
     # not to be confused with shared items
     if not postJsonObject['object'].get('shares'):
         return False
+    if not isinstance(postJsonObject['shares'], dict):
+        return False
+    if not postJsonObject['object']['shares'].get('items'):
+        return False
+    if not isinstance(postJsonObject['object']['shares']['items'], list):
+        return False
     actorMatch = domain + '/users/' + nickname
     for item in postJsonObject['object']['shares']['items']:
         if item['actor'].endswith(actorMatch):