test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

# Pleroma: A lightweight social networking server
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
  use Pleroma.DataCase

  alias Pleroma.Config
  alias Pleroma.Emoji
  alias Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy

  setup do
    emoji_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/stolen")

    Emoji.reload()

    message = %{
      "type" => "Create",
      "object" => %{
        "emoji" => [{"firedfox", "https://example.org/emoji/firedfox.png"}],
        "actor" => "https://example.org/users/admin"
      }
    }

    on_exit(fn ->
      File.rm_rf!(emoji_path)
    end)

    [message: message, path: emoji_path]
  end

  test "does nothing by default", %{message: message} do
    refute "firedfox" in installed()

    assert {:ok, _message} = StealEmojiPolicy.filter(message)

    refute "firedfox" in installed()
  end

  test "Steals emoji on unknown shortcode from allowed remote host", %{
    message: message,
    path: path
  } do
    refute "firedfox" in installed()
    refute File.exists?(path)

    Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox.png"} ->
      %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.jpg")}
    end)

    clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468)

    assert {:ok, _message} = StealEmojiPolicy.filter(message)

    assert "firedfox" in installed()
    assert File.exists?(path)

    assert path
           |> Path.join("firedfox.png")
           |> File.exists?()
  end

  test "rejects invalid shortcodes", %{path: path} do
    message = %{
      "type" => "Create",
      "object" => %{
        "emoji" => [{"fired/fox", "https://example.org/emoji/firedfox"}],
        "actor" => "https://example.org/users/admin"
      }
    }

    fullpath = Path.join(path, "fired/fox.png")

    Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox"} ->
      %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.jpg")}
    end)

    clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468)

    refute "firedfox" in installed()
    refute File.exists?(path)

    assert {:ok, _message} = StealEmojiPolicy.filter(message)

    refute "fired/fox" in installed()
    refute File.exists?(fullpath)
  end

  test "reject regex shortcode", %{message: message} do
    refute "firedfox" in installed()

    clear_config(:mrf_steal_emoji,
      hosts: ["example.org"],
      size_limit: 284_468,
      rejected_shortcodes: [~r/firedfox/]
    )

    assert {:ok, _message} = StealEmojiPolicy.filter(message)

    refute "firedfox" in installed()
  end

  test "reject string shortcode", %{message: message} do
    refute "firedfox" in installed()

    clear_config(:mrf_steal_emoji,
      hosts: ["example.org"],
      size_limit: 284_468,
      rejected_shortcodes: ["firedfox"]
    )

    assert {:ok, _message} = StealEmojiPolicy.filter(message)

    refute "firedfox" in installed()
  end

  test "reject if size is above the limit", %{message: message} do
    refute "firedfox" in installed()

    Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox.png"} ->
      %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.jpg")}
    end)

    clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 50_000)

    assert {:ok, _message} = StealEmojiPolicy.filter(message)

    refute "firedfox" in installed()
  end

  test "reject if host returns error", %{message: message} do
    refute "firedfox" in installed()

    Tesla.Mock.mock(fn %{method: :get, url: "https://example.org/emoji/firedfox.png"} ->
      {:ok, %Tesla.Env{status: 404, body: "Not found"}}
    end)

    clear_config(:mrf_steal_emoji, hosts: ["example.org"], size_limit: 284_468)

    ExUnit.CaptureLog.capture_log(fn ->
      assert {:ok, _message} = StealEmojiPolicy.filter(message)
    end) =~ "MRF.StealEmojiPolicy: Failed to fetch https://example.org/emoji/firedfox.png"

    refute "firedfox" in installed()
  end

  defp installed, do: Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
end