Browse Source

MRF: ensure that subdomain_match calls are case-insensitive

underscore-world
Ariadne Conill 1 month ago
parent
commit
9cfc289594
3 changed files with 21 additions and 6 deletions
  1. 1
    0
      CHANGELOG.md
  2. 1
    1
      lib/pleroma/web/activity_pub/mrf.ex
  3. 19
    5
      test/web/activity_pub/mrf/mrf_test.exs

+ 1
- 0
CHANGELOG.md View File

@@ -40,6 +40,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
40 40
 - Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag
41 41
 - Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.
42 42
 - Report email not being sent to admins when the reporter is a remote user
43
+- MRF: ensure that subdomain_match calls are case-insensitive
43 44
 
44 45
 ### Added
45 46
 - MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)

+ 1
- 1
lib/pleroma/web/activity_pub/mrf.ex View File

@@ -28,7 +28,7 @@ defmodule Pleroma.Web.ActivityPub.MRF do
28 28
 
29 29
   @spec subdomains_regex([String.t()]) :: [Regex.t()]
30 30
   def subdomains_regex(domains) when is_list(domains) do
31
-    for domain <- domains, do: ~r(^#{String.replace(domain, "*.", "(.*\\.)*")}$)
31
+    for domain <- domains, do: ~r(^#{String.replace(domain, "*.", "(.*\\.)*")}$)i
32 32
   end
33 33
 
34 34
   @spec subdomain_match?([Regex.t()], String.t()) :: boolean()

+ 19
- 5
test/web/activity_pub/mrf/mrf_test.exs View File

@@ -4,8 +4,8 @@ defmodule Pleroma.Web.ActivityPub.MRFTest do
4 4
 
5 5
   test "subdomains_regex/1" do
6 6
     assert MRF.subdomains_regex(["unsafe.tld", "*.unsafe.tld"]) == [
7
-             ~r/^unsafe.tld$/,
8
-             ~r/^(.*\.)*unsafe.tld$/
7
+             ~r/^unsafe.tld$/i,
8
+             ~r/^(.*\.)*unsafe.tld$/i
9 9
            ]
10 10
   end
11 11
 
@@ -13,7 +13,7 @@ defmodule Pleroma.Web.ActivityPub.MRFTest do
13 13
     test "common domains" do
14 14
       regexes = MRF.subdomains_regex(["unsafe.tld", "unsafe2.tld"])
15 15
 
16
-      assert regexes == [~r/^unsafe.tld$/, ~r/^unsafe2.tld$/]
16
+      assert regexes == [~r/^unsafe.tld$/i, ~r/^unsafe2.tld$/i]
17 17
 
18 18
       assert MRF.subdomain_match?(regexes, "unsafe.tld")
19 19
       assert MRF.subdomain_match?(regexes, "unsafe2.tld")
@@ -24,7 +24,7 @@ defmodule Pleroma.Web.ActivityPub.MRFTest do
24 24
     test "wildcard domains with one subdomain" do
25 25
       regexes = MRF.subdomains_regex(["*.unsafe.tld"])
26 26
 
27
-      assert regexes == [~r/^(.*\.)*unsafe.tld$/]
27
+      assert regexes == [~r/^(.*\.)*unsafe.tld$/i]
28 28
 
29 29
       assert MRF.subdomain_match?(regexes, "unsafe.tld")
30 30
       assert MRF.subdomain_match?(regexes, "sub.unsafe.tld")
@@ -35,12 +35,26 @@ defmodule Pleroma.Web.ActivityPub.MRFTest do
35 35
     test "wildcard domains with two subdomains" do
36 36
       regexes = MRF.subdomains_regex(["*.unsafe.tld"])
37 37
 
38
-      assert regexes == [~r/^(.*\.)*unsafe.tld$/]
38
+      assert regexes == [~r/^(.*\.)*unsafe.tld$/i]
39 39
 
40 40
       assert MRF.subdomain_match?(regexes, "unsafe.tld")
41 41
       assert MRF.subdomain_match?(regexes, "sub.sub.unsafe.tld")
42 42
       refute MRF.subdomain_match?(regexes, "sub.anotherunsafe.tld")
43 43
       refute MRF.subdomain_match?(regexes, "sub.unsafe.tldanother")
44 44
     end
45
+
46
+    test "matches are case-insensitive" do
47
+      regexes = MRF.subdomains_regex(["UnSafe.TLD", "UnSAFE2.Tld"])
48
+
49
+      assert regexes == [~r/^UnSafe.TLD$/i, ~r/^UnSAFE2.Tld$/i]
50
+
51
+      assert MRF.subdomain_match?(regexes, "UNSAFE.TLD")
52
+      assert MRF.subdomain_match?(regexes, "UNSAFE2.TLD")
53
+      assert MRF.subdomain_match?(regexes, "unsafe.tld")
54
+      assert MRF.subdomain_match?(regexes, "unsafe2.tld")
55
+
56
+      refute MRF.subdomain_match?(regexes, "EXAMPLE.COM")
57
+      refute MRF.subdomain_match?(regexes, "example.com")
58
+    end
45 59
   end
46 60
 end

Loading…
Cancel
Save