Merge pull request #9186 from annando/valid-posts

AP: Improved checks for incoming posts
This commit is contained in:
Hypolite Petovan 2020-09-12 08:57:41 -04:00 committed by GitHub
commit bc5a1e5ace
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -33,7 +33,6 @@ use Friendica\Model\Item;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Protocol\Activity; use Friendica\Protocol\Activity;
use Friendica\Protocol\ActivityPub; use Friendica\Protocol\ActivityPub;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\HTTPSignature; use Friendica\Util\HTTPSignature;
use Friendica\Util\JsonLD; use Friendica\Util\JsonLD;
use Friendica\Util\LDSignature; use Friendica\Util\LDSignature;
@ -59,6 +58,12 @@ class Receiver
const CONTENT_TYPES = ['as:Note', 'as:Article', 'as:Video', 'as:Image', 'as:Event', 'as:Audio']; const CONTENT_TYPES = ['as:Note', 'as:Article', 'as:Video', 'as:Image', 'as:Event', 'as:Audio'];
const ACTIVITY_TYPES = ['as:Like', 'as:Dislike', 'as:Accept', 'as:Reject', 'as:TentativeAccept']; const ACTIVITY_TYPES = ['as:Like', 'as:Dislike', 'as:Accept', 'as:Reject', 'as:TentativeAccept'];
const TARGET_UNKNOWN = 0;
const TARGET_TO = 1;
const TARGET_CC = 2;
const TARGET_BCC = 3;
const TARGET_FOLLOWER = 4;
/** /**
* Checks if the web request is done for the AP protocol * Checks if the web request is done for the AP protocol
* *
@ -88,6 +93,7 @@ class Receiver
Logger::info('Valid HTTP signature', ['signer' => $http_signer]); Logger::info('Valid HTTP signature', ['signer' => $http_signer]);
} }
$signer = [$http_signer];
$activity = json_decode($body, true); $activity = json_decode($body, true);
if (empty($activity)) { if (empty($activity)) {
@ -105,6 +111,8 @@ class Receiver
$ld_signer = LDSignature::getSigner($activity); $ld_signer = LDSignature::getSigner($activity);
if (empty($ld_signer)) { if (empty($ld_signer)) {
Logger::log('Invalid JSON-LD signature from ' . $actor, Logger::DEBUG); Logger::log('Invalid JSON-LD signature from ' . $actor, Logger::DEBUG);
} elseif ($ld_signer != $http_signer) {
$signer[] = $ld_signer;
} }
if (!empty($ld_signer && ($actor == $http_signer))) { if (!empty($ld_signer && ($actor == $http_signer))) {
Logger::log('The HTTP and the JSON-LD signature belong to ' . $ld_signer, Logger::DEBUG); Logger::log('The HTTP and the JSON-LD signature belong to ' . $ld_signer, Logger::DEBUG);
@ -127,7 +135,7 @@ class Receiver
$trust_source = false; $trust_source = false;
} }
self::processActivity($ldactivity, $body, $uid, $trust_source, true); self::processActivity($ldactivity, $body, $uid, $trust_source, true, $signer);
} }
/** /**
@ -186,9 +194,27 @@ class Receiver
*/ */
public static function prepareObjectData($activity, $uid, $push, &$trust_source) public static function prepareObjectData($activity, $uid, $push, &$trust_source)
{ {
$id = JsonLD::fetchElement($activity, '@id');
if (!empty($id) && !$trust_source) {
$fetched_activity = ActivityPub::fetchContent($id, $uid ?? 0);
if (!empty($fetched_activity)) {
$object = JsonLD::compact($fetched_activity);
$fetched_id = JsonLD::fetchElement($object, '@id');
if ($fetched_id == $id) {
Logger::info('Activity had been fetched successfully', ['id' => $id]);
$trust_source = true;
$activity = $object;
} else {
Logger::info('Activity id is not equal', ['id' => $id, 'fetched' => $fetched_id]);
}
} else {
Logger::info('Activity could not been fetched', ['id' => $id]);
}
}
$actor = JsonLD::fetchElement($activity, 'as:actor', '@id'); $actor = JsonLD::fetchElement($activity, 'as:actor', '@id');
if (empty($actor)) { if (empty($actor)) {
Logger::log('Empty actor', Logger::DEBUG); Logger::info('Empty actor', ['activity' => $activity]);
return []; return [];
} }
@ -196,9 +222,11 @@ class Receiver
// Fetch all receivers from to, cc, bto and bcc // Fetch all receivers from to, cc, bto and bcc
$receivers = self::getReceivers($activity, $actor); $receivers = self::getReceivers($activity, $actor);
$reception_type = [];
// When it is a delivery to a personal inbox we add that user to the receivers // When it is a delivery to a personal inbox we add that user to the receivers
if (!empty($uid)) { if (!empty($uid)) {
$reception_type[$uid] = self::TARGET_BCC;
$additional = ['uid:' . $uid => $uid]; $additional = ['uid:' . $uid => $uid];
$receivers = array_merge($receivers, $additional); $receivers = array_merge($receivers, $additional);
} else { } else {
@ -222,11 +250,8 @@ class Receiver
// Fetch the content only on activities where this matters // Fetch the content only on activities where this matters
if (in_array($type, ['as:Create', 'as:Update', 'as:Announce'])) { if (in_array($type, ['as:Create', 'as:Update', 'as:Announce'])) {
if ($type == 'as:Announce') { // Always fetch on "Announce"
$trust_source = false; $object_data = self::fetchObject($object_id, $activity['as:object'], $trust_source && ($type != 'as:Announce'), $uid);
}
$object_data = self::fetchObject($object_id, $activity['as:object'], $trust_source, $uid);
if (empty($object_data)) { if (empty($object_data)) {
Logger::log("Object data couldn't be processed", Logger::DEBUG); Logger::log("Object data couldn't be processed", Logger::DEBUG);
return []; return [];
@ -246,9 +271,6 @@ class Receiver
} else { } else {
$object_data['directmessage'] = JsonLD::fetchElement($activity, 'litepub:directMessage'); $object_data['directmessage'] = JsonLD::fetchElement($activity, 'litepub:directMessage');
} }
// We had been able to retrieve the object data - so we can trust the source
$trust_source = true;
} elseif (in_array($type, array_merge(self::ACTIVITY_TYPES, ['as:Follow'])) && in_array($object_type, self::CONTENT_TYPES)) { } elseif (in_array($type, array_merge(self::ACTIVITY_TYPES, ['as:Follow'])) && in_array($object_type, self::CONTENT_TYPES)) {
// Create a mostly empty array out of the activity data (instead of the object). // Create a mostly empty array out of the activity data (instead of the object).
// This way we later don't have to check for the existence of ech individual array element. // This way we later don't have to check for the existence of ech individual array element.
@ -288,6 +310,19 @@ class Receiver
$object_data['actor'] = $actor; $object_data['actor'] = $actor;
$object_data['item_receiver'] = $receivers; $object_data['item_receiver'] = $receivers;
$object_data['receiver'] = array_merge($object_data['receiver'] ?? [], $receivers); $object_data['receiver'] = array_merge($object_data['receiver'] ?? [], $receivers);
$object_data['reception_type'] = $reception_type;
$author = $object_data['author'] ?? $actor;
if (!empty($author) && !empty($object_data['id'])) {
$author_host = parse_url($author, PHP_URL_HOST);
$id_host = parse_url($object_data['id'], PHP_URL_HOST);
if ($author_host == $id_host) {
Logger::info('Valid hosts', ['type' => $type, 'host' => $id_host]);
} else {
Logger::notice('Differing hosts on author and id', ['type' => $type, 'author' => $author_host, 'id' => $id_host]);
$trust_source = false;
}
}
Logger::log('Processing ' . $object_data['type'] . ' ' . $object_data['object_type'] . ' ' . $object_data['id'], Logger::DEBUG); Logger::log('Processing ' . $object_data['type'] . ' ' . $object_data['object_type'] . ' ' . $object_data['id'], Logger::DEBUG);
@ -320,43 +355,49 @@ class Receiver
* @param boolean $push Message had been pushed to our system * @param boolean $push Message had been pushed to our system
* @throws \Exception * @throws \Exception
*/ */
public static function processActivity($activity, $body = '', $uid = null, $trust_source = false, $push = false) public static function processActivity($activity, string $body = '', int $uid = null, bool $trust_source = false, bool $push = false, array $signer = [])
{ {
$type = JsonLD::fetchElement($activity, '@type'); $type = JsonLD::fetchElement($activity, '@type');
if (!$type) { if (!$type) {
Logger::log('Empty type', Logger::DEBUG); Logger::info('Empty type', ['activity' => $activity]);
return; return;
} }
if (!JsonLD::fetchElement($activity, 'as:object', '@id')) { if (!JsonLD::fetchElement($activity, 'as:object', '@id')) {
Logger::log('Empty object', Logger::DEBUG); Logger::info('Empty object', ['activity' => $activity]);
return; return;
} }
if (!JsonLD::fetchElement($activity, 'as:actor', '@id')) { $actor = JsonLD::fetchElement($activity, 'as:actor', '@id');
Logger::log('Empty actor', Logger::DEBUG); if (empty($actor)) {
Logger::info('Empty actor', ['activity' => $activity]);
return; return;
} }
// Don't trust the source if "actor" differs from "attributedTo". The content could be forged. if (is_array($activity['as:object'])) {
if ($trust_source && ($type == 'as:Create') && is_array($activity['as:object'])) {
$actor = JsonLD::fetchElement($activity, 'as:actor', '@id');
$attributed_to = JsonLD::fetchElement($activity['as:object'], 'as:attributedTo', '@id'); $attributed_to = JsonLD::fetchElement($activity['as:object'], 'as:attributedTo', '@id');
$trust_source = ($actor == $attributed_to); } else {
if (!$trust_source) { $attributed_to = '';
Logger::log('Not trusting actor: ' . $actor . '. It differs from attributedTo: ' . $attributed_to, Logger::DEBUG); }
// Test the provided signatures against the actor and "attributedTo"
if ($trust_source) {
if (!empty($attributed_to) && !empty($actor)) {
$trust_source = (in_array($actor, $signer) && in_array($attributed_to, $signer));
} else {
$trust_source = in_array($actor, $signer);
} }
} }
// $trust_source is called by reference and is set to true if the content was retrieved successfully // $trust_source is called by reference and is set to true if the content was retrieved successfully
$object_data = self::prepareObjectData($activity, $uid, $push, $trust_source); $object_data = self::prepareObjectData($activity, $uid, $push, $trust_source);
if (empty($object_data)) { if (empty($object_data)) {
Logger::log('No object data found', Logger::DEBUG); Logger::info('No object data found', ['activity' => $activity]);
return; return;
} }
if (!$trust_source) { if (!$trust_source) {
Logger::log('No trust for activity type "' . $type . '", so we quit now.', Logger::DEBUG); Logger::info('Activity trust could not be achieved.', ['id' => $object_data['object_id'], 'type' => $type, 'signer' => $signer, 'actor' => $actor, 'attributedTo' => $attributed_to]);
return; return;
} }
@ -517,7 +558,7 @@ class Receiver
Logger::log('Actor: ' . $actor . ' - Followers: ' . $followers, Logger::DEBUG); Logger::log('Actor: ' . $actor . ' - Followers: ' . $followers, Logger::DEBUG);
} else { } else {
Logger::log('Empty actor', Logger::DEBUG); Logger::info('Empty actor', ['activity' => $activity]);
$followers = ''; $followers = '';
} }
@ -775,18 +816,29 @@ class Receiver
$data = ActivityPub\Transmitter::createNote($item); $data = ActivityPub\Transmitter::createNote($item);
$object = JsonLD::compact($data); $object = JsonLD::compact($data);
} }
$id = JsonLD::fetchElement($object, '@id');
if (empty($id)) {
Logger::info('Empty id');
return false;
}
if ($id != $object_id) {
Logger::info('Fetched id differs from provided id', ['provided' => $object_id, 'fetched' => $id]);
return false;
}
} else { } else {
Logger::log('Using original object for url ' . $object_id, Logger::DEBUG); Logger::log('Using original object for url ' . $object_id, Logger::DEBUG);
} }
$type = JsonLD::fetchElement($object, '@type'); $type = JsonLD::fetchElement($object, '@type');
if (empty($type)) { if (empty($type)) {
Logger::log('Empty type', Logger::DEBUG); Logger::info('Empty type');
return false; return false;
} }
if (in_array($type, self::CONTENT_TYPES)) { // We currently don't handle 'pt:CacheFile', but with this step we avoid logging
if (in_array($type, self::CONTENT_TYPES) || ($type == 'pt:CacheFile')) {
$object_data = self::processObject($object); $object_data = self::processObject($object);
if (!empty($data)) { if (!empty($data)) {