akkoma/test/pleroma
Oneric 0c2b33458d Restrict media usage to owners
In Mastodon media can only be used by owners and only be associated with
a single post. We currently allow media to be associated with several
posts and until now did not limit their usage in posts to media owners.
However, media update and GET lookup was already limited to owners.
(In accordance with allowing media reuse, we also still allow GET
lookups of media already used in a post unlike Mastodon)

Allowing reuse isn’t problematic per se, but allowing use by non-owners
can be problematic if media ids of private-scoped posts can be guessed
since creating a new post with this media id will reveal the uploaded
file content and alt text.
Given media ids are currently just part of a sequentieal series shared
with some other objects, guessing media ids is with some persistence
indeed feasible.

E.g. sampline some public media ids from a real-world
instance with 112 total and 61 monthly-active users:

  17.465.096  at  t0
  17.472.673  at  t1 = t0 + 4h
  17.473.248  at  t2 = t1 + 20min

This gives about 30 new ids per minute of which most won't be
local media but remote and local posts, poll answers etc.
Assuming the default ratelimit of 15 post actions per 10s, scraping all
media for the 4h interval takes about 84 minutes and scraping the 20min
range mere 6.3 minutes. (Until the preceding commit, post updates were
not rate limited at all, allowing even faster scraping.)
If an attacker can infer (e.g. via reply to a follower-only post not
accessbile to the attacker) some sensitive information was uploaded
during a specific time interval and has some pointers regarding the
nature of the information, identifying the specific upload out of all
scraped media for this timerange is not impossible.

Thus restrict media usage to owners.

Checking ownership just in ActivitDraft would already be sufficient,
since when a scheduled status actually gets posted it goes through
ActivityDraft again, but would erroneously return a success status
when scheduling an illegal post.

Independently discovered and fixed by mint in Pleroma
1afde067b1
2024-05-22 20:30:18 +02:00
..
activity Prune old Update activities 2024-02-17 16:57:40 +01:00
akkoma Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
collections Only allow exact id matches 2024-03-25 14:05:05 -01:00
config Rename StripLocation to StripMetadata for temporal-proofing reasons 2024-04-16 20:37:00 +02:00
conversation fix flaky participation_test.exs 2022-10-23 12:33:31 +02:00
docs backend-i18n (#121) 2022-07-27 21:56:59 +00:00
ecto_type/activity_pub/object_validators Pipeline Ingestion: Note 2021-04-05 19:19:11 +02:00
emails Correct email links to be absolute URLs 2023-11-02 11:49:03 +00:00
emoji Proactively harden emoji pack against path traversal 2024-03-18 22:33:10 -01:00
http add a test for 503-rate-limiting 2024-05-06 23:36:00 +01:00
instances Don't mess with the cache on metadata update 2022-11-08 10:39:01 +00:00
integration Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
mfa Put matchers in matchers subpackage 2023-08-06 15:53:04 +01:00
migration_helper purge chat and shout endpoints 2022-07-21 11:29:28 +01:00
object fix pattern matching in fetch errors 2024-04-13 23:55:26 +01:00
password
repo/migrations Another keyword.equal? check 2023-08-06 16:36:18 +01:00
search Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
translators Add MRFs for direct message manipulation 2023-05-22 23:53:44 +01:00
upload exiftool: make stripped tags configurable 2024-04-26 18:57:24 +02:00
uploaders Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
user Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
web Restrict media usage to owners 2024-05-22 20:30:18 +02:00
workers Allow the Remote Fetcher to attempt fetching an unreachable instance 2024-04-12 20:33:21 +01:00
activity_test.exs Merge branch 'features/validators-note' into 'develop' 2021-06-01 01:51:38 +00:00
announcement_read_relationship_test.exs Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop' (#85) 2022-07-18 13:08:36 +00:00
announcement_test.exs Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop' (#85) 2022-07-18 13:08:36 +00:00
application_requirements_test.exs Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
bookmark_test.exs
captcha_test.exs
config_db_test.exs Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
config_test.exs
conversation_test.exs
emoji_test.exs Fix emoji qualification (#124) 2022-07-28 12:02:36 +00:00
filter_test.exs
following_relationship_test.exs
formatter_test.exs CI: Bump lint stage to elixir-1.12 2021-10-06 08:11:05 +02:00
frontend_test.exs
hashtag_test.exs
healthcheck_test.exs Add unordered list equality matcher 2023-08-06 15:58:11 +01:00
html_test.exs
http_test.exs mix format 2022-06-11 16:14:31 +01:00
instances_test.exs Add Signed Fetch Statistics (#312) 2022-11-26 19:22:56 +00:00
iso639_test.exs add inbound language test 2023-01-11 15:42:13 +00:00
job_queue_monitor_test.exs Support elixir1.15 2023-08-03 17:44:09 +01:00
keys_test.exs
list_test.exs
marker_test.exs
mfa_test.exs argon2 password hashing (#406) 2022-12-30 02:46:58 +00:00
moderation_log_test.exs CI: Bump lint stage to elixir-1.12 2021-10-06 08:11:05 +02:00
notification_test.exs Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
object_test.exs Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
otp_version_test.exs
pagination_test.exs
password_test.exs argon2 password hashing (#406) 2022-12-30 02:46:58 +00:00
registration_test.exs
repo_test.exs
report_note_test.exs
reverse_proxy_test.exs Sanitise Content-Type of media proxy URLs 2024-03-18 22:33:10 -01:00
runtime_test.exs
safe_jsonb_set_test.exs
scheduled_activity_test.exs
signature_test.exs duct-tape fix for #438 2024-05-11 05:30:18 +01:00
stats_test.exs
upload_test.exs Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
user_invite_token_test.exs
user_note_test.exs Add user_note_test.exs. 2023-05-12 02:18:24 +00:00
user_relationship_test.exs Tag Mock-tests as "mocked" and run them seperately 2023-08-04 12:50:50 +01:00
user_search_test.exs fix tests broken by relay defaults changing (#314) 2022-11-26 20:45:47 +00:00
user_test.exs Never fetch resource from ourselves 2024-03-25 14:05:05 -01:00
utils_test.exs extend custom runtime system (#108) 2022-07-24 16:42:43 +00:00
xml_builder_test.exs