From 6af49270a9b1ddbdf8836139597b66695d8e1606 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 2 Jan 2024 15:12:33 +0100 Subject: [PATCH] MRF: Log sensible error for subdomains_regex --- changelog.d/mrf-regex-error.fix | 1 + lib/pleroma/web/activity_pub/mrf.ex | 13 +++++++++++-- test/pleroma/web/activity_pub/mrf_test.exs | 13 ++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 changelog.d/mrf-regex-error.fix diff --git a/changelog.d/mrf-regex-error.fix b/changelog.d/mrf-regex-error.fix new file mode 100644 index 0000000000..2c43bc04a5 --- /dev/null +++ b/changelog.d/mrf-regex-error.fix @@ -0,0 +1 @@ +MRF: Log sensible error for subdomains_regex diff --git a/lib/pleroma/web/activity_pub/mrf.ex b/lib/pleroma/web/activity_pub/mrf.ex index 7f6dce9258..1071f8e6eb 100644 --- a/lib/pleroma/web/activity_pub/mrf.ex +++ b/lib/pleroma/web/activity_pub/mrf.ex @@ -1,5 +1,5 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2022 Pleroma Authors +# Copyright © 2017-2023 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.ActivityPub.MRF do @@ -139,7 +139,16 @@ defp get_policies(_), do: [] @spec subdomains_regex([String.t()]) :: [Regex.t()] def subdomains_regex(domains) when is_list(domains) do - for domain <- domains, do: ~r(^#{String.replace(domain, "*.", "(.*\\.)*")}$)i + for domain <- domains do + try do + target = String.replace(domain, "*.", "(.*\\.)*") + ~r<^#{target}$>i + rescue + e -> + Logger.error("MRF: Invalid subdomain Regex: #{domain}") + reraise e, __STACKTRACE__ + end + end end @spec subdomain_match?([Regex.t()], String.t()) :: boolean() diff --git a/test/pleroma/web/activity_pub/mrf_test.exs b/test/pleroma/web/activity_pub/mrf_test.exs index 4ad45c8180..3ead737928 100644 --- a/test/pleroma/web/activity_pub/mrf_test.exs +++ b/test/pleroma/web/activity_pub/mrf_test.exs @@ -1,10 +1,13 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2022 Pleroma Authors +# Copyright © 2017-2023 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.ActivityPub.MRFTest do use ExUnit.Case use Pleroma.Tests.Helpers + + import ExUnit.CaptureLog + alias Pleroma.Web.ActivityPub.MRF test "subdomains_regex/1" do @@ -61,6 +64,14 @@ test "matches are case-insensitive" do refute MRF.subdomain_match?(regexes, "EXAMPLE.COM") refute MRF.subdomain_match?(regexes, "example.com") end + + @tag capture_log: true + test "logs sensible error on accidental wildcard" do + assert_raise Regex.CompileError, fn -> + assert capture_log(MRF.subdomains_regex(["*unsafe.tld"])) =~ + "MRF: Invalid subdomain Regex: *unsafe.tld" + end + end end describe "instance_list_from_tuples/1" do