about summary refs log tree commit diff
path: root/app/lib
diff options
context:
space:
mode:
authormultiple creatures <dev@multiple-creature.party>2019-08-08 20:09:21 -0500
committermultiple creatures <dev@multiple-creature.party>2019-08-08 20:09:21 -0500
commita4b7b5c132f2bc4a7ba7d7ad90c2136cb12602ee (patch)
treedc4f9d95ed0917557f1cad341649115b249bc68d /app/lib
parente496fd473fd71f2deda0b3a8265e6e03a4e6b4c7 (diff)
fedi privacy - reject incoming out-of-scope posts addressed to private/unresolvable accounts & not addressed to any local users
Diffstat (limited to 'app/lib')
-rw-r--r--app/lib/activitypub/activity/create.rb12
1 files changed, 11 insertions, 1 deletions
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 37aac4d59..c95317646 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -52,12 +52,15 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     @tags     = []
     @mentions = []
     @params   = {}
+    @potential_scope_leak = false
 
     process_status_params
     return reject_payload! if twitter_retweet? || recipient_rejects_replies?
     process_tags
     process_audience
 
+    return reject_payload! if potential_scope_leak?
+
     @params[:visibility] = :unlisted if @params[:visibility] == :public && @account.force_unlisted?
     @params[:sensitive] = true if @account.force_sensitive?
 
@@ -197,6 +200,10 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     end
   end
 
+  def potential_scope_leak?
+    @potential_scope_leak && @mentions.blank?
+  end
+
   def process_hashtag(tag)
     return if tag['name'].blank?
 
@@ -222,7 +229,10 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     account = account_from_uri(tag['href'])
     account = ::FetchRemoteAccountService.new.call(tag['href']) if account.nil?
 
-    return if account.nil?
+    if account.nil?
+      @potential_scope_leak = true
+      return
+    end
 
     @mentions << Mention.new(account: account, silent: false)
   end