aboutsummaryrefslogtreecommitdiffstats
path: root/spec
Commit message (Collapse)AuthorAgeFilesLines
* util.xml: Do not allow doctypes, comments or processing instructionsJonas Schäfer2022-01-101-1/+33
| | | | | | | | | | | | | | | | | | Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
* util.pubsub: Fix item store resize to "max"Kim Alvefur2022-01-061-0/+20
| | | | | Previously this would end up passing the "max" directly to the underlying storage.
* util.stanza: Cover :find method in testsKim Alvefur2021-12-311-0/+12
| | | | This method is a bit complex so good to have some test coverage
* util.stanza: Increase test coverage to cover validation errorsKim Alvefur2021-12-311-0/+25
|
* util_datamapper: Fix typo in unit testsKim Alvefur2021-12-291-1/+1
|
* util.datamapper: Add support for $ref pointersKim Alvefur2021-12-291-1/+3
| | | | Allows reuse of repetitive definitions in schemas.
* mod_tombstones: Add a very basic test caseKim Alvefur2021-12-232-0/+41
|
* mod_roster: pass correct username to roster-item-removedJonas Schäfer2021-12-221-0/+75
| | | | | | | | | | | The other invocations use it that way, and the only listener in trunk which uses it (in mod_presence) expects it that way. Passing the username of the JID from the removed entry causes incorrect unavailable presence stanzas to be sent, allegedly kicking people off MUCs. Fixes #1121.
* util.smqueue: Simplify compat table, fix dependent modules (thanks Martin)Kim Alvefur2021-12-161-0/+26
| | | | | | There was an off-by-one in the modulo calculation. Switching to a plain old array-table makes the apparent size of the queue wrong, but since some of the queue may not be available this is likely for the best.
* util.smqueue: Abstract queue with acknowledgements and overflowKim Alvefur2021-12-141-0/+55
| | | | | | | | Meant to be used in mod_smacks for XEP-0198 Meant to have a larger virtual size than actual number of items stored, on the theory that in most cases, the excess will be acked before needed for a resumption event.
* util.format: Ensure metatable __tostring results are also sanitizedKim Alvefur2021-12-131-0/+16
|
* util.format: Fix some formats expecting positive numbers in Lua 5.2Kim Alvefur2021-12-111-4/+4
| | | | Amazing how string.format behaves differently under each Lua version
* util.format: ALL THE TESTS!!!Kim Alvefur2021-12-111-0/+842
| | | | | | The more tests I made, the more Lua 5.1 quirks I discovered. Tests generated using a tool plus some touch-up.
* util.format: Also handle the %p format added in Lua 5.4Kim Alvefur2021-12-111-0/+9
|
* util.format: Ensure sanitation of strings passed to wrong formatKim Alvefur2021-12-111-0/+1
| | | | | | | | | Ie. log("debug", "%d", "\1\2\3") should not result in garbage. Also optimizing for the common case of ASCII string passed to %s and early returns everywhere. Returning nil from a gsub callback keeps the original substring.
* util.format: Escape invalid UTF-8 by passing trough serializationKim Alvefur2021-12-101-0/+4
| | | | | | Should prevent invalid UTF-8 from making it into the logs, which can cause trouble with terminals or log viewers or other tools, such as when grep determines that log files are binary.
* MUC: Remove <{muc}x> tags in some errorsKim Alvefur2021-12-082-4/+0
| | | | | Including the payload of the stanza that caused the error is optional and we're generally not doing it anywhere else.
* MUC: Remove remaining deprecated numeric error codesKim Alvefur2021-12-081-1/+1
| | | | | | The numeric error codes seems to have been removed from the examples in XEP-0045 version 1.24, and were deprecated even by RFC 3920 in 2004, only allowed for backwards compatibility.
* util.async tests: Explicitly import match from luassert (luacheck)Matthew Wild2021-11-291-0/+1
|
* util.async: Add next-tick configurationMatthew Wild2021-11-291-0/+46
| | | | | | | | Running woken runners in the next iteration of the event loop prevents unexpected recursion, unexpected tracebacks, and is generally more predictable. The pattern is borrowed from util.promise, where we're now doing the same.
* util.async: Add sleep() method with configurable scheduling backendMatthew Wild2021-11-291-0/+54
| | | | | | | | | No scheduler set by default, so it will error (we plan to initialize it in util.startup). We wanted to avoid a hard dependency on util.timer (which in turn depends on network backends, etc.), and we didn't add timer.sleep() because we didn't want to add a hard dependency on util.async for things that don't need it.
* util.promise: Fix testKim Alvefur2021-11-261-1/+1
| | | | | Could not reproduce locally but it complained in CI that > spec/util_promise_spec.lua:676: Cannot spy on type 'nil', only on functions or callable elements
* util.promise: Support delayed promise executionKim Alvefur2019-01-051-0/+14
|
* util.human.io: Fix cutting of UTF-8 into piecesKim Alvefur2021-11-121-0/+19
| | | | Down the rabbit hole we go...
* util.dataforms: Ensure larger integers are serialized as suchKim Alvefur2021-10-281-0/+6
| | | | | | | Assumes that most number fields are integers, as most numeric types listed in XEP-0122 are, as are all such fields in Prosody as of this. Otherwise %g produces something like 1.1259e+15
* util.dataforms: Scope integer handling testsKim Alvefur2021-10-261-26/+29
| | | | | So they're separate from the datetime tests, and any future validation tests
* util.dataforms: Turn number values into timestamps for datetime fieldsKim Alvefur2021-10-261-1/+1
| | | | Makes it symmetric with parsing.
* util.dataforms: Coerce number values for boolean fieldsKim Alvefur2021-10-261-0/+10
| | | | | Makes more sense than coercing to a string, which would always be truthy.
* util.dataforms: Add support for datetime field types via XEP-0122Kim Alvefur2021-10-251-0/+14
|
* mod_pubsub,mod_pep: Advertise maximum number of items via XEP-0122Kim Alvefur2021-10-204-6/+6
| | | | | | Clients would generally be using the "max" symbol instead of discovering this, but this also gets us validation and earlier rejection of out of bounds values.
* mod_pubsub: Prevent max_items from being set to zeroKim Alvefur2021-10-204-6/+18
| | | | | | | Disable persistence instead if no items should be persisted. XEP-0060 is not entirely clear on what either of those option really mean.
* mod_pubsub,mod_pep: Implement 'send_last_published_item' option #1436Kim Alvefur2021-10-195-0/+206
| | | | | | | | Default left as 'never' in mod_pubsub to preserve the previous behavior. Unclear if this is desirable, but can always be changed later. In mod_pep this allows turning off the automatic resending of most recent item.
* util.argparse: Add test for #1691Kim Alvefur2021-10-121-0/+7
|
* util.argparse: TestsKim Alvefur2021-10-121-0/+46
|
* util.array: Add :slice() method + testsMatthew Wild2021-09-121-0/+19
| | | | Behaviour follows the same logic as string.sub (so yes, 1-indexed).
* util.stanza: Add :get_child_with_attr() + testsMatthew Wild2021-09-121-0/+20
|
* mod_pubsub: Add support for limiting result size #1608Kim Alvefur2021-09-051-0/+196
|
* util.pubsub: Add support for limiting number of items to retrieveKim Alvefur2021-09-051-0/+57
| | | | | Hopefully this will eventually be upgraded to RSM, which is why the argument is called 'resultspec' and is a table.
* mod_external_services: Validate required attributes on credentials requestsKim Alvefur2021-08-291-0/+14
|
* core.storagemanager: Respect archive ids issued by storage drivers in testsKim Alvefur2021-08-151-5/+6
| | | | | | Storage drivers may issue their own IDs tho none of the included ones do this atm, but the 3rd party module mod_storage_xmlarchive has its special format.
* Fix various spelling errors (thanks codespell)Kim Alvefur2021-07-272-2/+2
| | | | | Also special thanks to timeless, for wordlessly reminding me to check for typos.
* util.pubsub: Signal that 'persistent-items' is unsupported when disabledKim Alvefur2021-07-221-2/+2
| | | | | | XEP-0060 says that this the way to indicate that 'persistent-items' is unsupported, but doesn't explicitly say if it being disabled in the node configuration also counts as unsupported.
* util.pubsub: Fix behavior of persist_items disabledKim Alvefur2021-07-221-0/+19
| | | | | | | | | | | | | When set to 'false' there is no need for a persistence interface at all, since items are not persisted after being broadcast. Had started wondering if maybe the behavior was wrong, after reading parts of XEP-0060 that pointed in that direction. Some discussion of this can be found in logs of xmpp:xsf@muc.xmpp.org?join from around 2021-07-20 Thanks to Ralph for confirming.
* mod_pubsub: Explicitly enable persistence by default to preserve behaviorKim Alvefur2021-07-211-1/+1
| | | | | | Since nodes were always persistent according to the XEP-0060 definition. Whether data is stored in memory or on disk was not what this setting was meant for.
* scansion tests: Enable 'expose_publisher' since we test for itKim Alvefur2021-07-251-0/+1
|
* mod_pubsub: Fix inclusion of publisher (fixes #1399)Kim Alvefur2019-05-015-15/+15
|
* Merge 0.11->trunkKim Alvefur2021-07-231-57/+83
|\
| * MUC: Fix logic for access to affiliation lists0.11.10Kim Alvefur2021-07-221-57/+83
| | | | | | | | | | | | Fixes https://prosody.im/security/advisory_20210722/ Backs out 4d7b925652d9
* | scansion tests: Allow specifying network settings via environment variableKim Alvefur2021-07-111-2/+1
| | | | | | | | | | | | | | Allows testing e.g. opportunistic writes or other settings easily in CI or otherwise without editing the config file. make integration-test PROSODY_NETWORK_SETTINGS='{"opportunistic_writes":true}'
* | scansion tests: Allow specifying network backend via environment variableKim Alvefur2021-07-111-1/+1
| | | | | | | | | | | | | | To make it easier to test select and event without having to edit the config file, e.g. in CI. make integration-test PROSODY_NETWORK_BACKEND=event