Page MenuHomePhabricator

[lib] Validate IDs in DM operations
Needs ReviewPublic

Authored by tomek on Mon, Nov 4, 6:47 AM.

Details

Reviewers
kamil
angelika
Summary

We should check whether the IDs are thick - it protects us against an attacker who could try to create operations referencing thin thread entities.

https://linear.app/comm/issue/ENG-9826/validate-the-ids-from-the-dm-operations

Depends on D13848

Test Plan

Tested a couple of scenarios:

  • sending a text message
  • changing thread settings
  • editing a message
  • reacting to a message
  • creating a sidebar

In the cases where another message was a target, tested that it works for both text and edit thread settings messages.

Diff Detail

Repository
rCOMM Comm
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage