From a4b7b5c132f2bc4a7ba7d7ad90c2136cb12602ee Mon Sep 17 00:00:00 2001
From: multiple creatures <dev@multiple-creature.party>
Date: Thu, 8 Aug 2019 20:09:21 -0500
Subject: fedi privacy - reject incoming out-of-scope posts addressed to
 private/unresolvable accounts & not addressed to any local users

---
 app/lib/activitypub/activity/create.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 37aac4d59..c95317646 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -52,12 +52,15 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     @tags     = []
     @mentions = []
     @params   = {}
+    @potential_scope_leak = false
 
     process_status_params
     return reject_payload! if twitter_retweet? || recipient_rejects_replies?
     process_tags
     process_audience
 
+    return reject_payload! if potential_scope_leak?
+
     @params[:visibility] = :unlisted if @params[:visibility] == :public && @account.force_unlisted?
     @params[:sensitive] = true if @account.force_sensitive?
 
@@ -197,6 +200,10 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     end
   end
 
+  def potential_scope_leak?
+    @potential_scope_leak && @mentions.blank?
+  end
+
   def process_hashtag(tag)
     return if tag['name'].blank?
 
@@ -222,7 +229,10 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     account = account_from_uri(tag['href'])
     account = ::FetchRemoteAccountService.new.call(tag['href']) if account.nil?
 
-    return if account.nil?
+    if account.nil?
+      @potential_scope_leak = true
+      return
+    end
 
     @mentions << Mention.new(account: account, silent: false)
   end
-- 
cgit