mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 06:03:51 +03:00
mitigate Block by future StartTime
This commit is contained in:
parent
1b35bd2911
commit
0ddc2db46a
4 changed files with 21 additions and 2 deletions
|
@ -30,7 +30,7 @@ At the moment we discuss threats arising by this feature. If you are interested
|
||||||
# 2024-01 Federated staring with Like Activity
|
# 2024-01 Federated staring with Like Activity
|
||||||
|
|
||||||
We did the next step. We now use a plain Like Activity for expressing the Star action.
|
We did the next step. We now use a plain Like Activity for expressing the Star action.
|
||||||
In addition we fixed some bugs & improved security by validating every input we get on federation.
|
In addition we fixed some bugs, made error responses more meaningful, improved security by validating every input we get on federation & mitigate identified threats (SlowLories, Block by future StartTime & various Replay Attacks).
|
||||||
|
|
||||||
At https://federated-repo.prod.meissa.de/buero/star-me you can try out the current code the same way as described above with the following activity (maybe find an unused user by alteranting the actors user-id).
|
At https://federated-repo.prod.meissa.de/buero/star-me you can try out the current code the same way as described above with the following activity (maybe find an unused user by alteranting the actors user-id).
|
||||||
|
|
||||||
|
@ -44,4 +44,6 @@ At https://federated-repo.prod.meissa.de/buero/star-me you can try out the curre
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Please consider to increment the `startTime` for each api-request - maybe use the current time is a good idea.
|
||||||
|
|
||||||
In case of interest find the current roadmap at: https://codeberg.org/forgejo/forgejo/pulls/1680
|
In case of interest find the current roadmap at: https://codeberg.org/forgejo/forgejo/pulls/1680
|
||||||
|
|
|
@ -96,7 +96,8 @@ flowchart TD
|
||||||
|
|
||||||
1. **Script Kiddies**: Boored teens, willing to do some illegal stuff without deep knowlege of tech details but broad knowlege across internet discussions. Able to do some bash / python scripting.
|
1. **Script Kiddies**: Boored teens, willing to do some illegal stuff without deep knowlege of tech details but broad knowlege across internet discussions. Able to do some bash / python scripting.
|
||||||
2. **Experienced Hacker**: Hacker with deep knowlege.
|
2. **Experienced Hacker**: Hacker with deep knowlege.
|
||||||
3. **OpenSource Promoter**: Developers motivated to increase (or decrease) star count for some dedicated projects.
|
3. **Hacker**: Hacker with some knowledge.
|
||||||
|
4. **OpenSource Promoter**: Developers motivated to increase (or decrease) star count for some dedicated projects.
|
||||||
|
|
||||||
### Threat
|
### Threat
|
||||||
|
|
||||||
|
@ -107,6 +108,7 @@ flowchart TD
|
||||||
5. **Reply**: Experienced Hacker records activities sends a massive amount of activities which leads to new user creation & storage loss. Our instance might fall out of service.
|
5. **Reply**: Experienced Hacker records activities sends a massive amount of activities which leads to new user creation & storage loss. Our instance might fall out of service.
|
||||||
6. **Reply out of Order**: Experienced Hacker records activities sends again Unlike Activities happend but was succeded by an Like. Our instance accept the Unlike and removes a star. Our repositore gets rated unintended bad.
|
6. **Reply out of Order**: Experienced Hacker records activities sends again Unlike Activities happend but was succeded by an Like. Our instance accept the Unlike and removes a star. Our repositore gets rated unintended bad.
|
||||||
7. **DOS by Slowlories**: Experienced Hacker may craft their malicious server to keep connections open. Then they send a Like Activity with the actor URL pointing to that malicious server, and your background job keeps waiting for data. Then they send more such requests, until you exhaust your limit of file descriptors openable for your system and cause a DoS (by causing cascading failures all over the system, given file descriptors are used for about everything, from files, to sockets, to pipes). See also [Slowloris@wikipedia][2].
|
7. **DOS by Slowlories**: Experienced Hacker may craft their malicious server to keep connections open. Then they send a Like Activity with the actor URL pointing to that malicious server, and your background job keeps waiting for data. Then they send more such requests, until you exhaust your limit of file descriptors openable for your system and cause a DoS (by causing cascading failures all over the system, given file descriptors are used for about everything, from files, to sockets, to pipes). See also [Slowloris@wikipedia][2].
|
||||||
|
8. **Block by future StartTime**: Hacker sends an Activity having `startTime` in far future. Our Instance does no longer accept Activities till they have far far future `startTime` from the actors instance.
|
||||||
|
|
||||||
### Mitigations
|
### Mitigations
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
package forgefed
|
package forgefed
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"code.gitea.io/gitea/modules/timeutil"
|
"code.gitea.io/gitea/modules/timeutil"
|
||||||
|
@ -39,6 +40,9 @@ func (info FederationInfo) Validate() []string {
|
||||||
result = append(result, validation.ValidateNotEmpty(info.HostFqdn, "HostFqdn")...)
|
result = append(result, validation.ValidateNotEmpty(info.HostFqdn, "HostFqdn")...)
|
||||||
result = append(result, validation.ValidateMaxLen(info.HostFqdn, 255, "HostFqdn")...)
|
result = append(result, validation.ValidateMaxLen(info.HostFqdn, 255, "HostFqdn")...)
|
||||||
result = append(result, info.NodeInfo.Validate()...)
|
result = append(result, info.NodeInfo.Validate()...)
|
||||||
|
if !info.LatestActivity.IsZero() && info.LatestActivity.After(time.Now().Add(10*time.Minute)) {
|
||||||
|
result = append(result, fmt.Sprintf("Latest Activity may not be far futurer: %v", info.LatestActivity))
|
||||||
|
}
|
||||||
|
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,4 +30,15 @@ func Test_FederationInfoValidation(t *testing.T) {
|
||||||
if res, _ := validation.IsValid(sut); res {
|
if res, _ := validation.IsValid(sut); res {
|
||||||
t.Errorf("sut should be invalid")
|
t.Errorf("sut should be invalid")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sut = FederationInfo{
|
||||||
|
HostFqdn: "host.do.main",
|
||||||
|
NodeInfo: NodeInfo{
|
||||||
|
Source: "forgejo",
|
||||||
|
},
|
||||||
|
LatestActivity: time.Now().Add(1 * time.Hour),
|
||||||
|
}
|
||||||
|
if res, _ := validation.IsValid(sut); res {
|
||||||
|
t.Errorf("sut should be invalid")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue