From 78c3c56ca56ee0c34eca24431a9b7feb4baee1ca Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 1 Jan 2023 23:37:17 +0000 Subject: [PATCH] Don't distribute unsigned remote activities --- src/Worker/Notifier.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/Worker/Notifier.php b/src/Worker/Notifier.php index 0b7460c53d..2e8721feee 100644 --- a/src/Worker/Notifier.php +++ b/src/Worker/Notifier.php @@ -42,6 +42,7 @@ use Friendica\Protocol\Diaspora; use Friendica\Protocol\Delivery; use Friendica\Protocol\OStatus; use Friendica\Protocol\Salmon; +use Friendica\Util\LDSignature; use Friendica\Util\Network; use Friendica\Util\Strings; @@ -794,6 +795,7 @@ class Notifier } Logger::info('Origin item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); + $check_signature = false; } elseif (!Post\Activity::exists($target_item['uri-id'])) { Logger::info('Remote item is no AP post. It will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); return ['count' => 0, 'contacts' => []]; @@ -805,6 +807,7 @@ class Notifier } Logger::info('Remote item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); + $check_signature = ($target_item['gravity'] == Item::GRAVITY_ACTIVITY); } else { Logger::info('Remote activity will not be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); return ['count' => 0, 'contacts' => []]; @@ -816,12 +819,17 @@ class Notifier } // Fill the item cache - $cache = ActivityPub\Transmitter::createCachedActivityFromItem($target_item['id'], true); - if (empty($cache)) { + $activity = ActivityPub\Transmitter::createCachedActivityFromItem($target_item['id'], true); + if (empty($activity)) { Logger::info('Item cache was not created. The post will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); return ['count' => 0, 'contacts' => []]; } + if ($check_signature && !LDSignature::isSigned($activity)) { + Logger::info('Unsigned remote activity will not be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); + return ['count' => 0, 'contacts' => []]; + } + $delivery_queue_count = 0; $contacts = [];