fedi/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-22 13:45:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

update ThreatAnalysis for Like Aktivity

Browse source
This commit is contained in:
Michael Jerger 2024-01-04 18:25:43 +01:00
parent 6e46739090
commit fe9f26305f
1 changed files with 33 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
docs/unsure-where-to-put/threat_analysis_star_activity.md
View file

@ -13,6 +13,12 @@ sequenceDiagram
fs ->> os: post /api/activitypub/repository-id/1/inbox {Start-Activity} fs ->> os: post /api/activitypub/repository-id/1/inbox {Start-Activity}
activate os activate os
os ->> os: validate request inputs os ->> os: validate request inputs
activate os
os ->> fs: get .well-known/nodeinfo
os ->> NodeInfoWellKnown: create & validate
os ->> fs: get api/v1/nodeinfo
os ->> NodeInfo: create & validate
deactivate os
activate repository activate repository
os ->> repository: search for reop with object-id os ->> repository: search for reop with object-id
deactivate repository deactivate repository
@ -21,6 +27,7 @@ sequenceDiagram
user ->> user: create if not found user ->> user: create if not found
activate user activate user
user ->> fs: get /api/activitypub/user-id/{id from actor} user ->> fs: get /api/activitypub/user-id/{id from actor}
user ->> user: validate response
user ->> user: create user from response user ->> user: create user from response
deactivate user deactivate user
deactivate user deactivate user
@ -32,24 +39,31 @@ sequenceDiagram
### Data transfered ### Data transfered
``` ```
# edn notation # NodeInfoWellKnown
{@context [ {"links":[
"as": "https://www.w3.org/ns/activitystreams#", {"href":"https://federated-repo.prod.meissa.de/api/v1/nodeinfo",
"forge": "https://forgefed.org/ns#",], "rel":"http://nodeinfo.diaspora.software/ns/schema/2.1"}]}
::as/id "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345",
::as/type "Star",
::forge/source "forgejo",
::as/actor "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1",
::as/object "https://codeberg.org/api/v1/activitypub/repository-id/12"
}
# json notation # NodeInfo
{"version":"2.1",
"software":{"name":"gitea",
...}}
# LikeActivity
{"id": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345", {"id": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345",
"type": "Star", "type": "Like",
"source": "forgejo",
"actor": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1", "actor": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1",
"object": "https://codeberg.org/api/v1/activitypub/repository-id/12" "object": "https://codeberg.org/api/v1/activitypub/repository-id/12"
"startTime": "2014-12-31T23:00:00-08:00"
} }
# Person
{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
"type":"Person",
"preferredUsername":"stargoose9",
"publicKey":{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10#main-key",
"owner":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
"publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBoj...XAgMBAAE=\n-----END PUBLIC KEY-----\n"}}
``` ```
### Data Flow ### Data Flow
@ -57,9 +71,12 @@ sequenceDiagram
```mermaid ```mermaid
flowchart TD flowchart TD
A(User) --> |stars a federated repository| B(foreign repository server) A(User) --> |stars a federated repository| B(foreign repository server)
B --> |Star Activity| C(our repository server) B --> |Like Activity| C(our repository server)
C --> |get NodeInfoWellKnown| B
C --> |get NodeInfo| B
C --> |get Person Actor| B C --> |get Person Actor| B
C --> |create federated user localy| D(our database) C --> |cache/create federated user localy| D(our database)
C --> |cache/create NodeInfo localy| D(our database)
C --> |add star to repo localy| D C --> |add star to repo localy| D
``` ```
@ -100,7 +117,7 @@ flowchart TD
| 1. | ... tbd | | | | | | | 1. | ... tbd | | | | | |
| 2. | ... tbd | | | | | | | 2. | ... tbd | | | | | |
Bewertet wird mit Schulnoten von 1 - 6 Threat Score with values between 1 - 6
* Damage wie groß wäre der Schaden, wenn der Angriff erfolgreich ist? 6 ist ein sehr schlimmer Schaden. * Damage wie groß wäre der Schaden, wenn der Angriff erfolgreich ist? 6 ist ein sehr schlimmer Schaden.
* Reproducibility wie einfach wäre der Angriff reproduzierbar? 6 ist sehr einfach zu reproduzieren. * Reproducibility wie einfach wäre der Angriff reproduzierbar? 6 ist sehr einfach zu reproduzieren.