[lib] Validate IDs in DM operations
d8ed20cf4b9c
Actions

Description

[lib] Validate IDs in DM operations

Summary:
We should check whether the IDs are thick - it protects us against an attacker who could try to create operations referencing thin thread entities.

https://linear.app/comm/issue/ENG-9826/validate-the-ids-from-the-dm-operations

Depends on D13848

Test Plan:
Tested a couple of scenarios:

sending a text message
changing thread settings
editing a message
reacting to a message
creating a sidebar

In the cases where another message was a target, tested that it works for both text and edit thread settings messages.

Reviewers: kamil, angelika

Reviewed By: kamil

Subscribers: ashoat

Differential Revision: https://phab.comm.dev/D13858

Details

Provenance

tomek

Authored on Mon, Nov 4, 1:44 AM

Reviewer

kamil

Differential Revision

D13858: [lib] Validate IDs in DM operations

Parents

rCOMM8eec4d2895c3: [lib] Propagate thread infos to the notifs generating code

Branches

Unknown

Tags

Unknown

Event Timeline

tomek committed rCOMMd8ed20cf4b9c: [lib] Validate IDs in DM operations (authored by tomek).Fri, Nov 8, 4:29 AM

tomek added an edge: D13858: [lib] Validate IDs in DM operations.

bartek mentioned this in D13888: [lib] Stop shimming Blob-hosted multimedia messages.Fri, Nov 8, 6:20 AM

Changes (3)

Path

Size

lib/

types/

dm-ops.js

utils/

validation-utils.js

web/

redux/

initial-state-gate.js

rCOMMd8ed20cf4b9c

View Options

lib/types/dm-ops.js

View Options

lib/utils/validation-utils.js

View Options

web/redux/initial-state-gate.js

[lib] Validate IDs in DM operationsd8ed20cf4b9cActions

Description

Details

Event Timeline

Changes (3)

rCOMMd8ed20cf4b9c

lib/types/dm-ops.js

lib/utils/validation-utils.js

web/redux/initial-state-gate.js

[lib] Validate IDs in DM operations
d8ed20cf4b9c
Actions