Fix handling of malformed ActivityPub payloads when URIs are nil (#7370)
* Fix handling of malformed ActivityPub payloads when URIs are nil * Gracefully handle JSON-LD canonicalization failures
This commit is contained in:
parent
661f7e6d9d
commit
c947e2e4c5
@ -86,6 +86,8 @@ class ActivityPub::TagManager
|
||||
end
|
||||
|
||||
def local_uri?(uri)
|
||||
return false if uri.nil?
|
||||
|
||||
uri = Addressable::URI.parse(uri)
|
||||
host = uri.normalized_host
|
||||
host = "#{host}:#{uri.port}" if uri.port
|
||||
@ -99,6 +101,8 @@ class ActivityPub::TagManager
|
||||
end
|
||||
|
||||
def uri_to_resource(uri, klass)
|
||||
return if uri.nil?
|
||||
|
||||
if local_uri?(uri)
|
||||
case klass.name
|
||||
when 'Account'
|
||||
|
@ -34,6 +34,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
|
||||
end
|
||||
|
||||
def trustworthy_attribution?(uri, attributed_to)
|
||||
return false if uri.nil? || attributed_to.nil?
|
||||
Addressable::URI.parse(uri).normalized_host.casecmp(Addressable::URI.parse(attributed_to).normalized_host).zero?
|
||||
end
|
||||
|
||||
|
@ -45,5 +45,8 @@ class ActivityPub::ProcessCollectionService < BaseService
|
||||
|
||||
def verify_account!
|
||||
@account = ActivityPub::LinkedDataSignature.new(@json).verify_account!
|
||||
rescue JSON::LD::JsonLdError => e
|
||||
Rails.logger.debug "Could not verify LD-Signature for #{value_or_id(@json['actor'])}: #{e.message}"
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user