Do not fetch anything from blocked instances

2024-11-09 09:52:13 +00:00 · 2022-12-10 00:09:45 +00:00 · 2022-12-10 00:09:45 +00:00 · 68894089e8
parent a1515f9a60
commit 68894089e8
4 changed files with 33 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -23,6 +23,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Follow/Block/Mute imports now spin off into *n* tasks to avoid the oban timeout
 - Transient activities recieved from remote servers are no longer persisted in the database
 - Overhauled static-fe view for logged-out users
+- Blocked instances will now not be sent _any_ requests, even fetch ones that would get rejected by MRF anyhow

 ## Removed
 - FollowBotPolicy
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@ -116,7 +116,11 @@ defmodule Pleroma.Object.Fetcher do

  # Note: will create a Create activity, which we need internally at the moment.
  def fetch_object_from_id(id, options \\ []) do
-    with {_, nil} <- {:fetch_object, Object.get_cached_by_ap_id(id)},
+    with %URI{} = uri <- URI.parse(id),
+         # If we have instance restrictions, apply them here to prevent fetching from unwanted instances
+         {:ok, nil} <- Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_reject(uri),
+         {:ok, _} <- Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_accept(uri),
+         {_, nil} <- {:fetch_object, Object.get_cached_by_ap_id(id)},
         {_, true} <- {:allowed_depth, Federator.allowed_thread_distance?(options[:depth])},
         {_, {:ok, data}} <- {:fetch, fetch_and_contain_remote_object_from_id(id)},
         {_, nil} <- {:normalize, Object.normalize(data, fetch: false)},
@ -155,6 +159,9 @@ defmodule Pleroma.Object.Fetcher do
      {:fetch, {:error, error}} ->
        {:error, error}

+      {:reject, reason} ->
+        {:reject, reason}
+
      e ->
        e
    end
--- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
@ -13,7 +13,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do

  require Pleroma.Constants

-  defp check_accept(%{host: actor_host} = _actor_info) do
+  def check_accept(%{host: actor_host} = _actor_info) do
    accepts =
      instance_list(:accept)
      |> MRF.subdomains_regex()
@ -26,7 +26,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
    end
  end

-  defp check_reject(%{host: actor_host} = _actor_info) do
+  def check_reject(%{host: actor_host} = _actor_info) do
    rejects =
      instance_list(:reject)
      |> MRF.subdomains_regex()
--- a/test/pleroma/object/fetcher_test.exs
+++ b/test/pleroma/object/fetcher_test.exs
@ -161,6 +161,28 @@ defmodule Pleroma.Object.FetcherTest do
               )
    end

+    test "does not fetch anything from a rejected instance" do
+      clear_config([:mrf_simple, :reject], [{"evil.example.org", "i said so"}])
+
+      assert {:reject, _} =
+               Fetcher.fetch_object_from_id("http://evil.example.org/@admin/99541947525187367")
+    end
+
+    test "does not fetch anything if mrf_simple accept is on" do
+      clear_config([:mrf_simple, :accept], [{"mastodon.example.org", "i said so"}])
+      clear_config([:mrf_simple, :reject], [])
+
+      assert {:reject, _} =
+               Fetcher.fetch_object_from_id(
+                 "http://notlisted.example.org/@admin/99541947525187367"
+               )
+
+      assert {:ok, _object} =
+               Fetcher.fetch_object_from_id(
+                 "http://mastodon.example.org/@admin/99541947525187367"
+               )
+    end
+
    test "it resets instance reachability on successful fetch" do
      id = "http://mastodon.example.org/@admin/99541947525187367"
      Instances.set_consistently_unreachable(id)