mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-24 08:57:03 -05:00
improve sequence
This commit is contained in:
parent
fe9f26305f
commit
b978642da0
1 changed files with 19 additions and 20 deletions
|
@ -1,4 +1,4 @@
|
||||||
# Threat analysis for the federated star activity
|
# Threat analysis for the federated Like Activity
|
||||||
|
|
||||||
See also [1] for getting an idea about the analysis.
|
See also [1] for getting an idea about the analysis.
|
||||||
|
|
||||||
|
@ -10,27 +10,25 @@ sequenceDiagram
|
||||||
participant fs as foreign_repository_server
|
participant fs as foreign_repository_server
|
||||||
participant os as our_repository_server
|
participant os as our_repository_server
|
||||||
|
|
||||||
fs ->> os: post /api/activitypub/repository-id/1/inbox {Start-Activity}
|
fs ->> os: post /api/activitypub/repository-id/1/inbox {Like-Activity}
|
||||||
activate os
|
activate os
|
||||||
os ->> os: validate request inputs
|
os ->> repository: load 1
|
||||||
activate os
|
activate os
|
||||||
|
os ->> os: validate actor id inputs
|
||||||
os ->> fs: get .well-known/nodeinfo
|
os ->> fs: get .well-known/nodeinfo
|
||||||
os ->> NodeInfoWellKnown: create & validate
|
os ->> NodeInfoWellKnown: create & validate
|
||||||
os ->> fs: get api/v1/nodeinfo
|
os ->> fs: get api/v1/nodeinfo
|
||||||
os ->> NodeInfo: create & validate
|
os ->> NodeInfo: create & validate
|
||||||
|
os ->> ForgeLike: validate
|
||||||
deactivate os
|
deactivate os
|
||||||
activate repository
|
|
||||||
os ->> repository: search for reop with object-id
|
|
||||||
deactivate repository
|
|
||||||
activate user
|
|
||||||
os ->> user: search for user with actor-id
|
os ->> user: search for user with actor-id
|
||||||
user ->> user: create if not found
|
os ->> os: create user if not found
|
||||||
activate user
|
activate os
|
||||||
user ->> fs: get /api/activitypub/user-id/{id from actor}
|
os ->> fs: get /api/activitypub/user-id/{id from actor}
|
||||||
user ->> user: validate response
|
os ->> ForgePerson: validate
|
||||||
user ->> user: create user from response
|
os ->> user: create user from response
|
||||||
deactivate user
|
deactivate os
|
||||||
deactivate user
|
|
||||||
os ->> repository: execute star action
|
os ->> repository: execute star action
|
||||||
os -->> fs: 200 ok
|
os -->> fs: 200 ok
|
||||||
deactivate os
|
deactivate os
|
||||||
|
@ -61,6 +59,7 @@ sequenceDiagram
|
||||||
{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
|
{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
|
||||||
"type":"Person",
|
"type":"Person",
|
||||||
"preferredUsername":"stargoose9",
|
"preferredUsername":"stargoose9",
|
||||||
|
"name": "goose going to star the repo",
|
||||||
"publicKey":{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10#main-key",
|
"publicKey":{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10#main-key",
|
||||||
"owner":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
|
"owner":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
|
||||||
"publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBoj...XAgMBAAE=\n-----END PUBLIC KEY-----\n"}}
|
"publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBoj...XAgMBAAE=\n-----END PUBLIC KEY-----\n"}}
|
||||||
|
@ -94,12 +93,12 @@ flowchart TD
|
||||||
|
|
||||||
### Threat
|
### Threat
|
||||||
|
|
||||||
1. Script Kiddi sends a Star Activity containing an attack actor url `http://attacked.target/very/special/path` in place of actor. Our repository server sends a `get Person Actor` request to this url. The target receives a DenialdOfService attack. We loose CPU & reputation.
|
1. Script Kiddi sends a Like Activity containing an attack actor url `http://attacked.target/very/special/path` in place of actor. Our repository server sends a `get Person Actor` request to this url. The target receives a DenialdOfService attack. We loose CPU & reputation.
|
||||||
2. Experienced hacker sends a Star Activity containing an actor url pointing to an evil forgejo instance. Our repository server sends an `get Person Actor` request to this instance and gets a person having sth. like `; drop database;` in its name. If our server tries to create a new user out of this persion, the db might be dropped.
|
2. Experienced hacker sends a Like Activity containing an actor url pointing to an evil forgejo instance. Our repository server sends an `get Person Actor` request to this instance and gets a person having sth. like `; drop database;` in its name. If our server tries to create a new user out of this persion, the db might be dropped.
|
||||||
3. OpenSource Promoter sends Star Activities containing non authorized Person Actors. The Actors listed as stargazer might get angry about this, we loose reputation.
|
3. OpenSource Promoter sends Star Activities containing non authorized Person Actors. The Actors listed as stargazer might get angry about this, we loose reputation.
|
||||||
4. Experienced Hacker records activities sent and replays some of them. Without order of activities (i.e. timestamp) we can not decide wether we should execute the activity again. If the replayed activities are Unstar Activity we might loose stars.
|
4. Experienced Hacker records activities sent and replays some of them. Without order of activities (i.e. timestamp) we can not decide wether we should execute the activity again. If the replayed activities are UnLike Activity we might loose stars.
|
||||||
5. Experienced Hacker records activities sends a massive amount of activities which leads to new user creation & storage loss. Our instance might fall out of service.
|
5. Experienced Hacker records activities sends a massive amount of activities which leads to new user creation & storage loss. Our instance might fall out of service.
|
||||||
6. Experienced Hacker may craft their malicious server to keep connections open. Then they send a Star activity with the actor URL pointing to that malicious server, and your background job keeps waiting for data. Then they send more such requests, until you exhaust your limit of file descriptors openable for your system and cause a DoS (by causing cascading failures all over the system, given file descriptors are used for about everything, from files, to sockets, to pipes). See also [Slowloris@wikipedia][2].
|
6. Experienced Hacker may craft their malicious server to keep connections open. Then they send a Like Activity with the actor URL pointing to that malicious server, and your background job keeps waiting for data. Then they send more such requests, until you exhaust your limit of file descriptors openable for your system and cause a DoS (by causing cascading failures all over the system, given file descriptors are used for about everything, from files, to sockets, to pipes). See also [Slowloris@wikipedia][2].
|
||||||
|
|
||||||
### Mitigations
|
### Mitigations
|
||||||
|
|
||||||
|
@ -133,5 +132,5 @@ In adition to direct commiter our special thanks goes to the experts joining our
|
||||||
|
|
||||||
## Reference
|
## Reference
|
||||||
|
|
||||||
* [1]: https://geballte-sicherheit.de/threat-modelling-bedrohungsanalyse-7-teil-einstufung-von-bedrohungen-ranking-of-threats/
|
[1]: https://geballte-sicherheit.de/threat-modelling-bedrohungsanalyse-7-teil-einstufung-von-bedrohungen-ranking-of-threats/
|
||||||
* [2]: https://en.wikipedia.org/wiki/Slowloris_(computer_security)
|
[2]: https://en.wikipedia.org/wiki/Slowloris_(computer_security)
|
Loading…
Reference in a new issue