mirror
/
akkoma
mirror of https://akkoma.dev/AkkomaGang/akkoma
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
akkoma/test/support
History
Oneric 066d5b48ed Fix Content-Type sanitisation for emoji and local uploads 
This was accidentally broken in c8e0f7848b
due to a one-letter mistake in the plug option name and an absence of
tests. Therefore it was once again possible to serve e.g. Javascript or
CSS payloads via uploads and emoji.
However due to other protections it was still NOT possible for anyone to
serve any payload with an ActivityPub Content-Type. With the CSP policy
hardening from previous JS payload exloits predating the Content-Type
sanitisation, there is currently no known way of abusing this weakened
Content-Type sanitisation, but should be fixed regardless.

This commit fixes the option name and adds tests to ensure
such a regression doesn't occur again in the future.

Reported-by: Lain Soykaf <lain@lain.com>
 		2025-03-10 19:45:26 +01:00
..
builders argon2 password hashing (#406) 2022-12-30 02:46:58 +00:00
captcha Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
matchers Fix signature checking 2023-08-07 16:17:17 +01:00
web Fix Content-Type sanitisation for emoji and local uploads 2025-03-10 19:45:26 +01:00
api_spec_helpers.ex CI: Bump lint stage to elixir-1.12 2021-10-06 08:11:05 +02:00
cachex_proxy.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
channel_case.ex Mox mode setup tweak; refactoring. 2021-01-19 00:23:39 +03:00
cluster.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
conn_case.ex Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
data_case.ex Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
elasticsearch_mock.ex Add elasticsearch tests 2022-06-30 16:53:21 +01:00
factory.ex Purge obsolete ap_enabled indicator 2025-01-07 20:27:26 +01:00
helpers.ex mix format 2024-10-26 05:05:48 +01:00
http_request_mock.ex Prevent key-actor mapping poisoning and key take overs 2025-02-14 22:10:25 +01:00
matching_helpers.ex mix format 2024-10-26 05:05:48 +01:00
mocks.ex Fix tests 2024-06-09 18:28:00 +01:00
mrf_module_mock.ex MRF: create MRF.Policy behaviour separate from MRF module 2021-06-07 14:22:08 -05:00
null_cache.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
oban_helpers.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
websocket_client.ex Disconnect streaming sessions when token is revoked 2022-08-27 19:07:48 +01:00