HomePhabricator
Diffusion Comm d8ed20cf4b9c

[lib] Validate IDs in DM operations

Description

[lib] Validate IDs in DM operations

Summary:
We should check whether the IDs are thick - it protects us against an attacker who could try to create operations referencing thin thread entities.

https://linear.app/comm/issue/ENG-9826/validate-the-ids-from-the-dm-operations

Depends on D13848

Test Plan:
Tested a couple of scenarios:

  • sending a text message
  • changing thread settings
  • editing a message
  • reacting to a message
  • creating a sidebar

In the cases where another message was a target, tested that it works for both text and edit thread settings messages.

Reviewers: kamil, angelika

Reviewed By: kamil

Subscribers: ashoat

Differential Revision: https://phab.comm.dev/D13858

Details

Provenance
tomekAuthored on Nov 4 2024, 1:44 AM
Reviewer
kamil
Differential Revision
D13858: [lib] Validate IDs in DM operations
Parents
rCOMM8eec4d2895c3: [lib] Propagate thread infos to the notifs generating code
Branches
Unknown
Tags
Unknown