mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-25 14:35:40 +00:00
adjust to new dev-model
This commit is contained in:
parent
e41fa653d9
commit
93d7de147b
|
@ -0,0 +1,132 @@
|
||||||
|
# Threat Analysis for RemoteLogin propagation
|
||||||
|
|
||||||
|
See also [1] for getting an idea about the analysis.
|
||||||
|
|
||||||
|
## Technical Background
|
||||||
|
### Control Flow
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
sequenceDiagram
|
||||||
|
participant fs as foreign_repository_server
|
||||||
|
participant os as our_repository_server
|
||||||
|
|
||||||
|
fs ->> os: post /api/activitypub/repository-id/1/inbox {Like-Activity}
|
||||||
|
activate os
|
||||||
|
os ->> repository: load "1"
|
||||||
|
os ->> os: validate actor id inputs
|
||||||
|
activate os
|
||||||
|
os ->> FederationInfo: get by Host
|
||||||
|
os ->> os: if FederatonInfo not found
|
||||||
|
activate os
|
||||||
|
os ->> fs: get .well-known/nodeinfo
|
||||||
|
os ->> NodeInfoWellKnown: create & validate
|
||||||
|
os ->> fs: get api/v1/nodeinfo
|
||||||
|
os ->> NodeInfo: create & validate
|
||||||
|
os ->> FederationInfo: create
|
||||||
|
deactivate os
|
||||||
|
os ->> ForgeLike: validate
|
||||||
|
deactivate os
|
||||||
|
|
||||||
|
os ->> user: search for user with actor-id
|
||||||
|
os ->> os: create user if not found
|
||||||
|
activate os
|
||||||
|
os ->> fs: get /api/activitypub/user-id/{id from actor}
|
||||||
|
os ->> ForgePerson: validate
|
||||||
|
os ->> user: create user from ForgePerson
|
||||||
|
deactivate os
|
||||||
|
os ->> repository: execute star
|
||||||
|
os ->> FederationInfo: update latest activity
|
||||||
|
os -->> fs: 200 ok
|
||||||
|
deactivate os
|
||||||
|
```
|
||||||
|
|
||||||
|
### Data transferred
|
||||||
|
|
||||||
|
```
|
||||||
|
# NodeInfoWellKnown
|
||||||
|
{"links":[
|
||||||
|
{"href":"https://federated-repo.prod.meissa.de/api/v1/nodeinfo",
|
||||||
|
"rel":"http://nodeinfo.diaspora.software/ns/schema/2.1"}]}
|
||||||
|
|
||||||
|
# NodeInfo
|
||||||
|
{"version":"2.1",
|
||||||
|
"software":{"name":"gitea",
|
||||||
|
...}}
|
||||||
|
|
||||||
|
# LikeActivity
|
||||||
|
{"id": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345",
|
||||||
|
"type": "Like",
|
||||||
|
"actor": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1",
|
||||||
|
"object": "https://codeberg.org/api/v1/activitypub/repository-id/12"
|
||||||
|
"startTime": "2014-12-31T23:00:00-08:00"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Person
|
||||||
|
{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
|
||||||
|
"type":"Person",
|
||||||
|
"preferredUsername":"stargoose9",
|
||||||
|
"name": "goose going to star the repo",
|
||||||
|
"publicKey":{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10#main-key",
|
||||||
|
"owner":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
|
||||||
|
"publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBoj...XAgMBAAE=\n-----END PUBLIC KEY-----\n"}}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Data Flow
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
flowchart TD
|
||||||
|
A(User) --> |stars a federated repository| B(foreign repository server)
|
||||||
|
B --> |Like Activity| C(our repository server)
|
||||||
|
C --> |get NodeInfoWellKnown| B
|
||||||
|
C --> |get NodeInfo| B
|
||||||
|
C --> |get Person Actor| B
|
||||||
|
C --> |cache/create federated user locally| D(our database)
|
||||||
|
C --> |cache/create NodeInfo locally| D(our database)
|
||||||
|
C --> |add star to repo locally| D
|
||||||
|
```
|
||||||
|
|
||||||
|
## Analysis
|
||||||
|
### Assets
|
||||||
|
|
||||||
|
1. **Service Availability**: The availability of our or foreign servers.
|
||||||
|
2. **Instance Reputation**: We hope our project does not live on a spam instance.
|
||||||
|
3. **Project Reputation**: The reputation of an individual project.
|
||||||
|
|
||||||
|
### Actors
|
||||||
|
|
||||||
|
1. **Script Kiddies**: Boored teens, willing to do some illegal stuff without deep knowledge of tech details but broad knowledge across internet discussions. Able to do some bash / python scripting.
|
||||||
|
2. **Experienced Hacker**: Hacker with deep knowledge.
|
||||||
|
3. **Hacker**: Hacker with some knowledge.
|
||||||
|
4. **Malicious Fediverse Member**: Malicious Members of the fediverse, able to operate malicious forge instances.
|
||||||
|
5. **Malicious Forge Admin**: Admin of good reputation forge instance in the fediverse.
|
||||||
|
6. **Federated User**: Members of good reputation forge instance in the fediverse.
|
||||||
|
|
||||||
|
### Threat
|
||||||
|
|
||||||
|
1.
|
||||||
|
|
||||||
|
### Mitigations
|
||||||
|
|
||||||
|
1.
|
||||||
|
|
||||||
|
### DREAD-Score
|
||||||
|
|
||||||
|
| Threat | Damage | Reproducibility | Exploitability | Affected Users | Discoverability | Mitigations |
|
||||||
|
| :----- | :------ | :-------------- | :------------- | :------------- | :-------------- | :---------- |
|
||||||
|
| 1. | ... tbd | | | | | |
|
||||||
|
| 2. | ... tbd | | | | | |
|
||||||
|
|
||||||
|
Threat Score with values between 1 - 6
|
||||||
|
|
||||||
|
* Damage – how severe would the damage be if the attack is successful? 6 is a very bad damage.
|
||||||
|
* Reproducibility – how easy would the attack be reproducible? 6 is very easy to reproduce.
|
||||||
|
* Exploitability – How much time, effort and experience are necessary to exploit the threat? 6 is very easy to make.
|
||||||
|
* Affected Users – if a threat were exploited, how many percentage of users would be affected?
|
||||||
|
* Discoverability – How easy can an attack be discovered? Does the attacker have to expect prosecution? 6 is very hard to discover / is not illegal
|
||||||
|
|
||||||
|
## Contributors
|
||||||
|
|
||||||
|
|
||||||
|
## Reference
|
||||||
|
|
||||||
|
[1]: https://owasp.org/www-community/Threat_Modeling_Process
|
|
@ -108,24 +108,12 @@ git remote add forgejo git@codeberg.org:forgejo/forgejo.git
|
||||||
# rebase on top of forgejo/forge-development
|
# rebase on top of forgejo/forge-development
|
||||||
git switch forgejo
|
git switch forgejo
|
||||||
git fetch forgejo
|
git fetch forgejo
|
||||||
git reset --hard forgejo/forgejo-development
|
git pull
|
||||||
git push --force
|
git push
|
||||||
|
|
||||||
git switch forgejo-federated-star
|
git switch forgejo-federated-star
|
||||||
git rebase forgejo
|
git merge forgejo
|
||||||
git push --force
|
git push
|
||||||
|
|
||||||
# continue local development after rebase & force-push has happened
|
|
||||||
git reset --hard origin/forgejo-federated-star
|
|
||||||
```
|
|
||||||
|
|
||||||
# provide testinstance
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
git switch test-release
|
|
||||||
git rebase --onto forgejo-federated-star
|
|
||||||
git merge forgejo/forgejo-branding
|
|
||||||
git push --force
|
|
||||||
```
|
```
|
||||||
|
|
||||||
# generate swagger api client
|
# generate swagger api client
|
||||||
|
@ -134,23 +122,3 @@ go run github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5 generate client -f '
|
||||||
|
|
||||||
# Documentation for learn & reference
|
# Documentation for learn & reference
|
||||||
|
|
||||||
|
|
||||||
# Thoughts on testing
|
|
||||||
|
|
||||||
I would like to be able to quickly test a change in the repo code.
|
|
||||||
For that i need:
|
|
||||||
A test server with federation enabled
|
|
||||||
A test user
|
|
||||||
A test repo
|
|
||||||
A test auth token (?)
|
|
||||||
|
|
||||||
A test request as input value to the API
|
|
||||||
An expected result for comparison with the output value.
|
|
||||||
|
|
||||||
Tests that provide some examples are:
|
|
||||||
|
|
||||||
tests/integration/api_activitypub_person_test.go
|
|
||||||
|
|
||||||
tests/integration/api_token_test.go
|
|
||||||
|
|
||||||
maybe tests/integration/api_repo_test.go
|
|
||||||
|
|
Loading…
Reference in a new issue