From 1d6e5dfc376f3c0c2120055cc093161e76419f98 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 9 May 2018 16:16:22 +0200 Subject: [PATCH] Improve video torrent AP object validator --- .../custom-validators/activitypub/activity.ts | 8 +++--- .../custom-validators/activitypub/videos.ts | 25 ++++++++++--------- server/lib/activitypub/videos.ts | 4 +-- .../validators/activitypub/activity.ts | 2 -- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/server/helpers/custom-validators/activitypub/activity.ts b/server/helpers/custom-validators/activitypub/activity.ts index 7e4dccefb..cabedaf20 100644 --- a/server/helpers/custom-validators/activitypub/activity.ts +++ b/server/helpers/custom-validators/activitypub/activity.ts @@ -11,9 +11,9 @@ import { isUndoActivityValid } from './undo' import { isVideoCommentCreateActivityValid, isVideoCommentDeleteActivityValid } from './video-comments' import { isVideoFlagValid, - isVideoTorrentCreateActivityValid, + sanitizeAndCheckVideoTorrentCreateActivity, isVideoTorrentDeleteActivityValid, - isVideoTorrentUpdateActivityValid + sanitizeAndCheckVideoTorrentUpdateActivity } from './videos' import { isViewActivityValid } from './view' @@ -62,13 +62,13 @@ export { function checkCreateActivity (activity: any) { return isViewActivityValid(activity) || isDislikeActivityValid(activity) || - isVideoTorrentCreateActivityValid(activity) || + sanitizeAndCheckVideoTorrentCreateActivity(activity) || isVideoFlagValid(activity) || isVideoCommentCreateActivityValid(activity) } function checkUpdateActivity (activity: any) { - return isVideoTorrentUpdateActivityValid(activity) || + return sanitizeAndCheckVideoTorrentUpdateActivity(activity) || isActorUpdateActivityValid(activity) } diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts index 8ec7df49a..0d2e8766d 100644 --- a/server/helpers/custom-validators/activitypub/videos.ts +++ b/server/helpers/custom-validators/activitypub/videos.ts @@ -12,14 +12,14 @@ import { } from '../videos' import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' -function isVideoTorrentCreateActivityValid (activity: any) { +function sanitizeAndCheckVideoTorrentCreateActivity (activity: any) { return isBaseActivityValid(activity, 'Create') && - isVideoTorrentObjectValid(activity.object) + sanitizeAndCheckVideoTorrentObject(activity.object) } -function isVideoTorrentUpdateActivityValid (activity: any) { +function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) { return isBaseActivityValid(activity, 'Update') && - isVideoTorrentObjectValid(activity.object) + sanitizeAndCheckVideoTorrentObject(activity.object) } function isVideoTorrentDeleteActivityValid (activity: any) { @@ -42,13 +42,17 @@ function isActivityPubVideoDurationValid (value: string) { isVideoDurationValid(value.replace(/[^0-9]+/g, '')) } -function isVideoTorrentObjectValid (video: any) { +function sanitizeAndCheckVideoTorrentObject (video: any) { + if (!setValidRemoteTags(video)) return false + if (!setValidRemoteVideoUrls(video)) return false + if (!setRemoteVideoTruncatedContent(video)) return false + if (!setValidAttributedTo(video)) return false + return video.type === 'Video' && isActivityPubUrlValid(video.id) && isVideoNameValid(video.name) && isActivityPubVideoDurationValid(video.duration) && isUUIDValid(video.uuid) && - setValidRemoteTags(video) && (!video.category || isRemoteNumberIdentifierValid(video.category)) && (!video.licence || isRemoteNumberIdentifierValid(video.licence)) && (!video.language || isRemoteStringIdentifierValid(video.language)) && @@ -57,24 +61,21 @@ function isVideoTorrentObjectValid (video: any) { isBooleanValid(video.commentsEnabled) && isDateValid(video.published) && isDateValid(video.updated) && - setRemoteVideoTruncatedContent(video) && (!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) && isRemoteVideoIconValid(video.icon) && - setValidRemoteVideoUrls(video) && video.url.length !== 0 && - setValidAttributedTo(video) && video.attributedTo.length !== 0 } // --------------------------------------------------------------------------- export { - isVideoTorrentCreateActivityValid, - isVideoTorrentUpdateActivityValid, + sanitizeAndCheckVideoTorrentCreateActivity, + sanitizeAndCheckVideoTorrentUpdateActivity, isVideoTorrentDeleteActivityValid, isRemoteStringIdentifierValid, isVideoFlagValid, - isVideoTorrentObjectValid + sanitizeAndCheckVideoTorrentObject } // --------------------------------------------------------------------------- diff --git a/server/lib/activitypub/videos.ts b/server/lib/activitypub/videos.ts index 7cb1fe240..b81acbb35 100644 --- a/server/lib/activitypub/videos.ts +++ b/server/lib/activitypub/videos.ts @@ -5,7 +5,7 @@ import * as request from 'request' import { ActivityIconObject } from '../../../shared/index' import { VideoTorrentObject } from '../../../shared/models/activitypub/objects' import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos' -import { isVideoTorrentObjectValid } from '../../helpers/custom-validators/activitypub/videos' +import { sanitizeAndCheckVideoTorrentObject } from '../../helpers/custom-validators/activitypub/videos' import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos' import { retryTransactionWrapper } from '../../helpers/database-utils' import { logger } from '../../helpers/logger' @@ -317,7 +317,7 @@ async function fetchRemoteVideo (videoUrl: string): Promise const { body } = await doRequest(options) - if (isVideoTorrentObjectValid(body) === false) { + if (sanitizeAndCheckVideoTorrentObject(body) === false) { logger.debug('Remote video JSON is not valid.', { body }) return undefined } diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts index 4aace4c8e..3f9057c0c 100644 --- a/server/middlewares/validators/activitypub/activity.ts +++ b/server/middlewares/validators/activitypub/activity.ts @@ -1,10 +1,8 @@ import * as express from 'express' -import { body } from 'express-validator/check' import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' import { logger } from '../../../helpers/logger' import { getServerActor } from '../../../helpers/utils' import { ActorModel } from '../../../models/activitypub/actor' -import { areValidationErrors } from '../utils' async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) { logger.debug('Checking activity pub parameters')