Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-22 09:54:24 +01:00

adjust to new dev-model

This commit is contained in:
Michael Jerger 2024-03-04 13:57:33 +01:00
parent e41fa653d9
commit 93d7de147b
2 changed files with 136 additions and 36 deletions

View file

@ -0,0 +1,132 @@
# Threat Analysis for RemoteLogin propagation
See also [1] for getting an idea about the analysis.
## Technical Background
### Control Flow
```mermaid
sequenceDiagram
participant fs as foreign_repository_server
participant os as our_repository_server
fs ->> os: post /api/activitypub/repository-id/1/inbox {Like-Activity}
activate os
os ->> repository: load "1"
os ->> os: validate actor id inputs
activate os
os ->> FederationInfo: get by Host
os ->> os: if FederatonInfo not found
activate os
os ->> fs: get .well-known/nodeinfo
os ->> NodeInfoWellKnown: create & validate
os ->> fs: get api/v1/nodeinfo
os ->> NodeInfo: create & validate
os ->> FederationInfo: create
deactivate os
os ->> ForgeLike: validate
deactivate os
os ->> user: search for user with actor-id
os ->> os: create user if not found
activate os
os ->> fs: get /api/activitypub/user-id/{id from actor}
os ->> ForgePerson: validate
os ->> user: create user from ForgePerson
deactivate os
os ->> repository: execute star
os ->> FederationInfo: update latest activity
os -->> fs: 200 ok
deactivate os
```
### Data transferred
```
# NodeInfoWellKnown
{"links":[
{"href":"https://federated-repo.prod.meissa.de/api/v1/nodeinfo",
"rel":"http://nodeinfo.diaspora.software/ns/schema/2.1"}]}
# NodeInfo
{"version":"2.1",
"software":{"name":"gitea",
...}}
# LikeActivity
{"id": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345",
"type": "Like",
"actor": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1",
"object": "https://codeberg.org/api/v1/activitypub/repository-id/12"
"startTime": "2014-12-31T23:00:00-08:00"
}
# Person
{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
"type":"Person",
"preferredUsername":"stargoose9",
"name": "goose going to star the repo",
"publicKey":{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10#main-key",
"owner":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
"publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBoj...XAgMBAAE=\n-----END PUBLIC KEY-----\n"}}
```
### Data Flow
```mermaid
flowchart TD
A(User) --> |stars a federated repository| B(foreign repository server)
B --> |Like Activity| C(our repository server)
C --> |get NodeInfoWellKnown| B
C --> |get NodeInfo| B
C --> |get Person Actor| B
C --> |cache/create federated user locally| D(our database)
C --> |cache/create NodeInfo locally| D(our database)
C --> |add star to repo locally| D
```
## Analysis
### Assets
1. **Service Availability**: The availability of our or foreign servers.
2. **Instance Reputation**: We hope our project does not live on a spam instance.
3. **Project Reputation**: The reputation of an individual project.
### Actors
1. **Script Kiddies**: Boored teens, willing to do some illegal stuff without deep knowledge of tech details but broad knowledge across internet discussions. Able to do some bash / python scripting.
2. **Experienced Hacker**: Hacker with deep knowledge.
3. **Hacker**: Hacker with some knowledge.
4. **Malicious Fediverse Member**: Malicious Members of the fediverse, able to operate malicious forge instances.
5. **Malicious Forge Admin**: Admin of good reputation forge instance in the fediverse.
6. **Federated User**: Members of good reputation forge instance in the fediverse.
### Threat
1.
### Mitigations
1.
### DREAD-Score
| Threat | Damage | Reproducibility | Exploitability | Affected Users | Discoverability | Mitigations |
| :----- | :------ | :-------------- | :------------- | :------------- | :-------------- | :---------- |
| 1. | ... tbd | | | | | |
| 2. | ... tbd | | | | | |
Threat Score with values between 1 - 6
* Damage how severe would the damage be if the attack is successful? 6 is a very bad damage.
* Reproducibility how easy would the attack be reproducible? 6 is very easy to reproduce.
* Exploitability How much time, effort and experience are necessary to exploit the threat? 6 is very easy to make.
* Affected Users if a threat were exploited, how many percentage of users would be affected?
* Discoverability How easy can an attack be discovered? Does the attacker have to expect prosecution? 6 is very hard to discover / is not illegal
## Contributors
## Reference
[1]: https://owasp.org/www-community/Threat_Modeling_Process

View file

@ -108,24 +108,12 @@ git remote add forgejo git@codeberg.org:forgejo/forgejo.git
# rebase on top of forgejo/forge-development
git switch forgejo
git fetch forgejo
git reset --hard forgejo/forgejo-development
git push --force
git pull
git push
git switch forgejo-federated-star
git rebase forgejo
git push --force
# continue local development after rebase & force-push has happened
git reset --hard origin/forgejo-federated-star
```
# provide testinstance
``` bash
git switch test-release
git rebase --onto forgejo-federated-star
git merge forgejo/forgejo-branding
git push --force
git merge forgejo
git push
```
# generate swagger api client
@ -134,23 +122,3 @@ go run github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5 generate client -f '
# Documentation for learn & reference
# Thoughts on testing
I would like to be able to quickly test a change in the repo code.
For that i need:
A test server with federation enabled
A test user
A test repo
A test auth token (?)
A test request as input value to the API
An expected result for comparison with the output value.
Tests that provide some examples are:
tests/integration/api_activitypub_person_test.go
tests/integration/api_token_test.go
maybe tests/integration/api_repo_test.go