From bd45704dba4eb82417daa449fc0af960867fcf9b Mon Sep 17 00:00:00 2001 From: Lain Soykaf Date: Thu, 30 Apr 2026 17:21:40 +0400 Subject: [PATCH] Clarify cross-domain spoofing regressions --- .../activity_pub_controller_test.exs | 36 ++++---- test/pleroma/workers/receiver_worker_test.exs | 90 ++++++++++--------- 2 files changed, 68 insertions(+), 58 deletions(-) diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs index 8cadf6686..2be5ca6df 100644 --- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs +++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs @@ -727,14 +727,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do end test "does not create a forged post after failed signature retry", %{conn: conn} do - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") - object_id = "https://example.com/objects/inbox-forged-note" + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") + object_id = "https://two.com/objects/inbox-forged-note" data = %{ "type" => "Create", "actor" => bob.ap_id, - "id" => "https://example.com/activities/inbox-forged-create", - "context" => "https://example.com/contexts/inbox-forged-create", + "id" => "https://two.com/activities/inbox-forged-create", + "context" => "https://two.com/contexts/inbox-forged-create", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => %{ @@ -742,7 +742,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do "id" => object_id, "actor" => bob.ap_id, "attributedTo" => bob.ap_id, - "context" => "https://example.com/contexts/inbox-forged-create", + "context" => "https://two.com/contexts/inbox-forged-create", "content" => "forged post", "published" => "2024-07-25T13:33:31Z", "to" => ["https://www.w3.org/ns/activitystreams#Public"], @@ -754,7 +754,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do conn |> assign(:valid_signature, false) |> put_req_header("content-type", "application/activity+json") - |> put_req_header("signature", "keyId=\"https://example.com/users/alice#main-key\"") + |> put_req_header("signature", "keyId=\"https://one.com/users/alice#main-key\"") |> post("/inbox", data) assert "ok" == json_response(conn, 200) @@ -767,13 +767,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do end test "does not create a forged like after failed signature retry", %{conn: conn} do - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") note = insert(:note) data = %{ "type" => "Like", "actor" => bob.ap_id, - "id" => "https://example.com/activities/inbox-forged-like", + "id" => "https://two.com/activities/inbox-forged-like", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => note.data["id"] @@ -783,7 +783,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do conn |> assign(:valid_signature, false) |> put_req_header("content-type", "application/activity+json") - |> put_req_header("signature", "keyId=\"https://example.com/users/alice#main-key\"") + |> put_req_header("signature", "keyId=\"https://one.com/users/alice#main-key\"") |> post("/inbox", data) assert "ok" == json_response(conn, 200) @@ -795,16 +795,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do end test "does not create a forged post signed by a different actor", %{conn: conn} do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") - object_id = "https://example.com/objects/inbox-signed-forged-note" + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") + object_id = "https://two.com/objects/inbox-signed-forged-note" data = %{ "@context" => "https://www.w3.org/ns/activitystreams", "type" => "Create", "actor" => bob.ap_id, - "id" => "https://example.com/activities/inbox-signed-forged-create", - "context" => "https://example.com/contexts/inbox-signed-forged-create", + "id" => "https://two.com/activities/inbox-signed-forged-create", + "context" => "https://two.com/contexts/inbox-signed-forged-create", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => %{ @@ -812,7 +812,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do "id" => object_id, "actor" => bob.ap_id, "attributedTo" => bob.ap_id, - "context" => "https://example.com/contexts/inbox-signed-forged-create", + "context" => "https://two.com/contexts/inbox-signed-forged-create", "content" => "forged post", "published" => "2024-07-25T13:33:31Z", "to" => ["https://www.w3.org/ns/activitystreams#Public"], @@ -844,15 +844,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do end test "does not create a forged like signed by a different actor", %{conn: conn} do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") note = insert(:note) data = %{ "@context" => "https://www.w3.org/ns/activitystreams", "type" => "Like", "actor" => bob.ap_id, - "id" => "https://example.com/activities/inbox-signed-forged-like", + "id" => "https://two.com/activities/inbox-signed-forged-like", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => note.data["id"] diff --git a/test/pleroma/workers/receiver_worker_test.exs b/test/pleroma/workers/receiver_worker_test.exs index 5e18fe771..ec630eb7b 100644 --- a/test/pleroma/workers/receiver_worker_test.exs +++ b/test/pleroma/workers/receiver_worker_test.exs @@ -17,13 +17,13 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do defp mismatched_signature_headers do [ - {"host", "example.com"}, + {"host", "local.test"}, {"date", "Thu, 25 Jul 2024 13:33:31 GMT"}, {"digest", "SHA-256=fake-digest"}, {"content-type", "application/activity+json"}, { "signature", - "keyId=\"https://example.com/users/alice#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"fake-signature\"" + "keyId=\"https://one.com/users/alice#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"fake-signature\"" } ] end @@ -348,28 +348,33 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do end test "cancels when signature actor does not match payload actor" do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") - note = insert(:note, user: bob, object_local: false) + note = + insert(:note, + user: bob, + object_local: false, + data: %{"id" => "https://two.com/objects/malicious-update-note"} + ) update = %{ "type" => "Update", "actor" => bob.ap_id, - "id" => "https://example.com/activities/malicious-update", + "id" => "https://two.com/activities/malicious-update", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => note.data } req_headers = [ - ["host", "example.com"], + ["host", "local.test"], ["date", "Thu, 25 Jul 2024 13:33:31 GMT"], ["digest", "SHA-256=fake-digest"], ["content-type", "application/activity+json"], [ "signature", - "keyId=\"https://example.com/users/alice#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"fake-signature\"" + "keyId=\"https://one.com/users/alice#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"fake-signature\"" ] ] @@ -393,8 +398,8 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do params = insert(:note_activity).data req_headers = [ - {"host", "example.com"}, - {"signature", "keyId=\"https://example.com/users/alice#main-key\""} + {"host", "local.test"}, + {"signature", "keyId=\"https://one.com/users/alice#main-key\""} ] assert {:ok, oban_job} = @@ -416,15 +421,20 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do end test "cancels signature actor mismatch through Federator-created jobs" do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") - note = insert(:note, user: bob, object_local: false) + note = + insert(:note, + user: bob, + object_local: false, + data: %{"id" => "https://two.com/objects/federator-malicious-note"} + ) update = %{ "type" => "Update", "actor" => bob.ap_id, - "id" => "https://example.com/activities/federator-malicious-update", + "id" => "https://two.com/activities/federator-malicious-update", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => note.data @@ -434,18 +444,18 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do end test "cancels signature actor mismatch before processing a forged Create" do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") create = %{ "type" => "Create", "actor" => bob.ap_id, - "id" => "https://example.com/activities/forged-create", + "id" => "https://two.com/activities/forged-create", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => %{ "type" => "Note", - "id" => "https://example.com/objects/forged-note", + "id" => "https://two.com/objects/forged-note", "actor" => bob.ap_id, "attributedTo" => bob.ap_id, "content" => "forged post", @@ -459,16 +469,16 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do end test "cancels signature actor mismatch before actually creating a forged post" do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") - object_id = "https://example.com/objects/actually-forged-note" + object_id = "https://two.com/objects/actually-forged-note" create = %{ "type" => "Create", "actor" => bob.ap_id, - "id" => "https://example.com/activities/actually-forged-create", - "context" => "https://example.com/contexts/actually-forged-create", + "id" => "https://two.com/activities/actually-forged-create", + "context" => "https://two.com/contexts/actually-forged-create", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => %{ @@ -476,7 +486,7 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do "id" => object_id, "actor" => bob.ap_id, "attributedTo" => bob.ap_id, - "context" => "https://example.com/contexts/actually-forged-create", + "context" => "https://two.com/contexts/actually-forged-create", "content" => "forged post", "published" => "2024-07-25T13:33:31Z", "to" => ["https://www.w3.org/ns/activitystreams#Public"], @@ -500,14 +510,14 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do end test "cancels signature actor mismatch before processing a forged Like" do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") note = insert(:note) like = %{ "type" => "Like", "actor" => bob.ap_id, - "id" => "https://example.com/activities/forged-like", + "id" => "https://two.com/activities/forged-like", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => note.data["id"] @@ -517,14 +527,14 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do end test "cancels signature actor mismatch before actually creating a forged Like" do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") note = insert(:note) like = %{ "type" => "Like", "actor" => bob.ap_id, - "id" => "https://example.com/activities/actually-forged-like", + "id" => "https://two.com/activities/actually-forged-like", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => note.data["id"] @@ -546,14 +556,14 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do end test "cancels signature actor mismatch before processing a forged Announce" do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") note = insert(:note) announce = %{ "type" => "Announce", "actor" => bob.ap_id, - "id" => "https://example.com/activities/forged-announce", + "id" => "https://two.com/activities/forged-announce", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], "object" => note.data["id"] @@ -563,14 +573,14 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do end test "cancels signature actor mismatch before processing a forged Follow" do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") followed = insert(:user) follow = %{ "type" => "Follow", "actor" => bob.ap_id, - "id" => "https://example.com/activities/forged-follow", + "id" => "https://two.com/activities/forged-follow", "to" => [followed.ap_id], "cc" => [], "object" => followed.ap_id @@ -580,16 +590,16 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do end test "cancels signature actor mismatch before processing a forged Undo" do - alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") - bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") + alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") + bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") undo = %{ "type" => "Undo", "actor" => bob.ap_id, - "id" => "https://example.com/activities/forged-undo", + "id" => "https://two.com/activities/forged-undo", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "cc" => [], - "object" => "https://example.com/activities/existing-bob-activity" + "object" => "https://two.com/activities/existing-bob-activity" } assert_mismatched_signature_cancelled(undo, alice)