From 8236aca55cc5f9e661d269c47209ff9a430cbda3 Mon Sep 17 00:00:00 2001 From: Stefan Rossbach Date: Mon, 20 Jul 2020 14:17:11 +0200 Subject: [PATCH] [INTERNAL][CORE] Adds security check for received activities It was possible to impersonate yourself as another session user (required a custom modification). --- core/src/saros/session/ISarosSession.java | 2 +- .../session/internal/ActivitySequencer.java | 4 +-- .../saros/session/internal/SarosSession.java | 27 ++++++++++++++----- .../internal/ActivitySequencerTest.java | 2 +- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/core/src/saros/session/ISarosSession.java b/core/src/saros/session/ISarosSession.java index eea1c3231f..ad068c9b6a 100644 --- a/core/src/saros/session/ISarosSession.java +++ b/core/src/saros/session/ISarosSession.java @@ -235,7 +235,7 @@ void changePermission(User user, Permission permission) Set getUnavailableColors(); /** FOR INTERNAL USE ONLY ! */ - void exec(List activities); + void exec(JID jid, List activities); /** * Adds an {@link IActivityProducer} so the production of its activities will be noticed. diff --git a/core/src/saros/session/internal/ActivitySequencer.java b/core/src/saros/session/internal/ActivitySequencer.java index e2db01afb5..06ba66296f 100644 --- a/core/src/saros/session/internal/ActivitySequencer.java +++ b/core/src/saros/session/internal/ActivitySequencer.java @@ -339,7 +339,7 @@ private void executeActivities( return; } - sarosSession.exec(activities); + sarosSession.exec(sender, activities); } /** Sends an activity to the given recipients. */ @@ -359,7 +359,7 @@ public void sendActivity(List recipients, final IActivity activity) { new Runnable() { @Override public void run() { - sarosSession.exec(Collections.singletonList(activity)); + sarosSession.exec(user.getJID(), Collections.singletonList(activity)); } }); } diff --git a/core/src/saros/session/internal/SarosSession.java b/core/src/saros/session/internal/SarosSession.java index 6432fe1f26..321b1a9d55 100644 --- a/core/src/saros/session/internal/SarosSession.java +++ b/core/src/saros/session/internal/SarosSession.java @@ -638,23 +638,38 @@ public ConcurrentDocumentClient getConcurrentDocumentClient() { } @Override - public void exec(List activities) { + public void exec(JID jid, List activities) { /** * @JTourBusStop 7, Activity sending, Incoming activities: * *

Incoming activities will arrive here. The ActivitySequencer calls this method for * activities received over the Network Layer. */ - final List valid = new ArrayList(); + final List validActivities = new ArrayList(); // Check every incoming activity for validity for (IActivity activity : activities) { - if (activity.isValid()) valid.add(activity); - else log.error("could not handle incoming activity: " + activity); + + if (!activity.isValid()) { + log.error("could not handle incoming activity: " + activity); + continue; + } + + final User source = activity.getSource(); + + assert jid != null && source != null; + + if (isHost() && !source.getJID().strictlyEquals(jid)) { + log.warn("detected spoofed activity from: " + jid + " -> " + activity); + // TODO kick the user + continue; + } + + validActivities.add(activity); } - List processed = activityQueuer.process(valid); - activityHandler.handleIncomingActivities(processed); + final List executableActivites = activityQueuer.process(validActivities); + activityHandler.handleIncomingActivities(executableActivites); } /* diff --git a/core/test/junit/saros/session/internal/ActivitySequencerTest.java b/core/test/junit/saros/session/internal/ActivitySequencerTest.java index 79748de61e..b2bf1d6932 100644 --- a/core/test/junit/saros/session/internal/ActivitySequencerTest.java +++ b/core/test/junit/saros/session/internal/ActivitySequencerTest.java @@ -289,7 +289,7 @@ private static ISarosSession createSessionMock( final Capture> capture = Capture.newInstance(); - session.exec(EasyMock.capture(capture)); + session.exec(EasyMock.anyObject(JID.class), EasyMock.capture(capture)); EasyMock.expectLastCall() .andAnswer(() -> receivedActivitiesBuffer.addAll(capture.getValue()))