Fix handling of malformed ActivityPub payloads when URIs are nil (#7370)

* Fix handling of malformed ActivityPub payloads when URIs are nil * Gracefully handle JSON-LD canonicalization failures

Fix handling of malformed ActivityPub payloads when URIs are nil (#7370)
c947e2e4 · Eugen Rochko · GitHub · 661f7e6d · c947e2e4 · c947e2e4
--- a/app/lib/activitypub/tag_manager.rb
+++ b/app/lib/activitypub/tag_manager.rb
@@ -86,6 +86,8 @@ class ActivityPub::TagManager
  end

  def local_uri?(uri)
+    return false if uri.nil?
+
    uri  = Addressable::URI.parse(uri)
    host = uri.normalized_host
    host = "#{host}:#{uri.port}" if uri.port
@@ -99,6 +101,8 @@ class ActivityPub::TagManager
  end

  def uri_to_resource(uri, klass)
+    return if uri.nil?
+
    if local_uri?(uri)
      case klass.name
      when 'Account'

--- a/app/services/activitypub/fetch_remote_status_service.rb
+++ b/app/services/activitypub/fetch_remote_status_service.rb
@@ -34,6 +34,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService
  end

  def trustworthy_attribution?(uri, attributed_to)
+    return false if uri.nil? || attributed_to.nil?
    Addressable::URI.parse(uri).normalized_host.casecmp(Addressable::URI.parse(attributed_to).normalized_host).zero?
  end


--- a/app/services/activitypub/process_collection_service.rb
+++ b/app/services/activitypub/process_collection_service.rb
@@ -45,5 +45,8 @@ class ActivityPub::ProcessCollectionService < BaseService

  def verify_account!
    @account = ActivityPub::LinkedDataSignature.new(@json).verify_account!
+  rescue JSON::LD::JsonLdError => e
+    Rails.logger.debug "Could not verify LD-Signature for #{value_or_id(@json['actor'])}: #{e.message}"
+    nil
  end
 end