insreasing test coverage for StealEmojiPolicy

This commit is contained in:
Alexander Strizhakov 2020-12-25 11:30:36 +03:00
parent aafd7b44ce
commit 7bfb041658
No known key found for this signature in database
GPG key ID: 022896A53AEF1381
2 changed files with 104 additions and 65 deletions

View file

@ -10,13 +10,12 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
@moduledoc "Detect new emojis by their shortcode and steals them" @moduledoc "Detect new emojis by their shortcode and steals them"
@behaviour Pleroma.Web.ActivityPub.MRF @behaviour Pleroma.Web.ActivityPub.MRF
defp remote_host?(host), do: host != Config.get([Pleroma.Web.Endpoint, :url, :host])
defp accept_host?(host), do: host in Config.get([:mrf_steal_emoji, :hosts], []) defp accept_host?(host), do: host in Config.get([:mrf_steal_emoji, :hosts], [])
defp steal_emoji({shortcode, url}, emoji_dir_path) do defp steal_emoji({shortcode, url}, emoji_dir_path) do
url = Pleroma.Web.MediaProxy.url(url) url = Pleroma.Web.MediaProxy.url(url)
{:ok, response} = Pleroma.HTTP.get(url)
with {:ok, %{status: status} = response} when status in 200..299 <- Pleroma.HTTP.get(url) do
size_limit = Config.get([:mrf_steal_emoji, :size_limit], 50_000) size_limit = Config.get([:mrf_steal_emoji, :size_limit], 50_000)
if byte_size(response.body) <= size_limit do if byte_size(response.body) <= size_limit do
@ -27,11 +26,12 @@ defp steal_emoji({shortcode, url}, emoji_dir_path) do
|> Path.basename() |> Path.basename()
|> Path.extname() |> Path.extname()
file_path = Path.join([emoji_dir_path, shortcode <> (extension || ".png")]) file_path = Path.join(emoji_dir_path, shortcode <> (extension || ".png"))
with :ok <- File.write(file_path, response.body) do case File.write(file_path, response.body) do
:ok ->
shortcode shortcode
else
e -> e ->
Logger.warn("MRF.StealEmojiPolicy: Failed to write to #{file_path}: #{inspect(e)}") Logger.warn("MRF.StealEmojiPolicy: Failed to write to #{file_path}: #{inspect(e)}")
nil nil
@ -45,17 +45,18 @@ defp steal_emoji({shortcode, url}, emoji_dir_path) do
nil nil
end end
rescue else
e -> e ->
Logger.warn("MRF.StealEmojiPolicy: Failed to fetch #{url}: #{inspect(e)}") Logger.warn("MRF.StealEmojiPolicy: Failed to fetch #{url}: #{inspect(e)}")
nil nil
end end
end
@impl true @impl true
def filter(%{"object" => %{"emoji" => foreign_emojis, "actor" => actor}} = message) do def filter(%{"object" => %{"emoji" => foreign_emojis, "actor" => actor}} = message) do
host = URI.parse(actor).host host = URI.parse(actor).host
if remote_host?(host) and accept_host?(host) do if host != Pleroma.Web.Endpoint.host() and accept_host?(host) do
installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end) installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
emoji_dir_path = emoji_dir_path =
@ -70,10 +71,11 @@ def filter(%{"object" => %{"emoji" => foreign_emojis, "actor" => actor}} = messa
new_emojis = new_emojis =
foreign_emojis foreign_emojis
|> Enum.filter(fn {shortcode, _url} -> shortcode not in installed_emoji end) |> Enum.reject(fn {shortcode, _url} -> shortcode in installed_emoji end)
|> Enum.filter(fn {shortcode, _url} -> |> Enum.filter(fn {shortcode, _url} ->
reject_emoji? = reject_emoji? =
Config.get([:mrf_steal_emoji, :rejected_shortcodes], []) [:mrf_steal_emoji, :rejected_shortcodes]
|> Config.get([])
|> Enum.find(false, fn regex -> String.match?(shortcode, regex) end) |> Enum.find(false, fn regex -> String.match?(shortcode, regex) end)
!reject_emoji? !reject_emoji?

View file

@ -6,6 +6,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
use Pleroma.DataCase use Pleroma.DataCase
alias Pleroma.Config alias Pleroma.Config
alias Pleroma.Emoji
alias Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy alias Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy
setup_all do setup_all do
@ -14,55 +15,91 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
end end
setup do setup do
emoji_path = Path.join(Config.get([:instance, :static_dir]), "emoji/stolen") emoji_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/stolen")
File.rm_rf!(emoji_path)
File.mkdir!(emoji_path)
Pleroma.Emoji.reload() Emoji.reload()
message = %{
"type" => "Create",
"object" => %{
"emoji" => [{"firedfox", "https://example.org/emoji/firedfox.png"}],
"actor" => "https://example.org/users/admin"
}
}
on_exit(fn -> on_exit(fn ->
File.rm_rf!(emoji_path) File.rm_rf!(emoji_path)
end) end)
:ok [message: message, path: emoji_path]
end end
test "does nothing by default" do test "does nothing by default", %{message: message} do
installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end) refute "firedfox" in installed()
refute "firedfox" in installed_emoji
message = %{ assert {:ok, _message} = StealEmojiPolicy.filter(message)
"type" => "Create",
"object" => %{
"emoji" => [{"firedfox", "https://example.org/emoji/firedfox.png"}],
"actor" => "https://example.org/users/admin"
}
}
assert {:ok, message} == StealEmojiPolicy.filter(message) refute "firedfox" in installed()
installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
refute "firedfox" in installed_emoji
end end
test "Steals emoji on unknown shortcode from allowed remote host" do test "Steals emoji on unknown shortcode from allowed remote host", %{
installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end) message: message,
refute "firedfox" in installed_emoji path: path
} do
refute "firedfox" in installed()
refute File.exists?(path)
message = %{ clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468)
"type" => "Create",
"object" => %{
"emoji" => [{"firedfox", "https://example.org/emoji/firedfox.png"}],
"actor" => "https://example.org/users/admin"
}
}
clear_config([:mrf_steal_emoji, :hosts], ["example.org"]) assert {:ok, _message} = StealEmojiPolicy.filter(message)
clear_config([:mrf_steal_emoji, :size_limit], 284_468)
assert {:ok, message} == StealEmojiPolicy.filter(message) assert "firedfox" in installed()
assert File.exists?(path)
installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end) assert path
assert "firedfox" in installed_emoji |> Path.join("firedfox.png")
|> File.exists?()
end end
test "reject shortcode", %{message: message} do
refute "firedfox" in installed()
clear_config(:mrf_steal_emoji,
hosts: ["example.org"],
size_limit: 284_468,
rejected_shortcodes: [~r/firedfox/]
)
assert {:ok, _message} = StealEmojiPolicy.filter(message)
refute "firedfox" in installed()
end
test "reject if size is above the limit", %{message: message} do
refute "firedfox" in installed()
clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 50_000)
assert {:ok, _message} = StealEmojiPolicy.filter(message)
refute "firedfox" in installed()
end
test "reject if host returns error", %{message: message} do
refute "firedfox" in installed()
Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox.png"} ->
{:ok, %Tesla.Env{status: 404, body: "Not found"}}
end)
clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468)
ExUnit.CaptureLog.capture_log(fn ->
assert {:ok, _message} = StealEmojiPolicy.filter(message)
end) =~ "MRF.StealEmojiPolicy: Failed to fetch https://example.org/emoji/firedfox.png"
refute "firedfox" in installed()
end
defp installed, do: Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
end end