Matrix-Mirrors/mjolnir
1
0
Fork 0
mirror of https://github.com/matrix-org/mjolnir.git synced 2024-10-01 01:36:06 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #524 from matrix-org/hs/mention-spam-protection

Browse Source 
Add protection for mention spam
This commit is contained in:
Will Hunt 2024-09-20 13:00:27 +01:00 committed by GitHub
commit 5ecdb8d581
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 176 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
src/protections/MentionSpam.ts Normal file
View File

@ -0,0 +1,71 @@
/*
Copyright 2024 The Matrix.org Foundation C.I.C.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import { Protection } from "./IProtection";
import { Mjolnir } from "../Mjolnir";
import { LogLevel, Permalinks, UserID } from "@vector-im/matrix-bot-sdk";
import { NumberProtectionSetting } from "./ProtectionSettings";
export const DEFAULT_MAX_MENTIONS = 10;
export class MentionSpam extends Protection {
settings = {
maxMentions: new NumberProtectionSetting(DEFAULT_MAX_MENTIONS, 1),
};
constructor() {
super();
}
public get name(): string {
return 'MentionSpam';
}
public get description(): string {
return "If a user posts many mentions, that message is redacted. No bans are issued.";
}
public checkMentions(body: unknown|undefined, htmlBody: unknown|undefined, mentionArray: unknown|undefined): boolean {
const max = this.settings.maxMentions.value;
if (Array.isArray(mentionArray) && mentionArray.length > max) {
return true;
}
if (typeof body === "string" && body.split('@').length - 1 > max) {
return true;
}
if (typeof htmlBody === "string" && htmlBody.split('%40').length - 1 > max) {
return true;
}
return false;
}
public async handleEvent(mjolnir: Mjolnir, roomId: string, event: any): Promise<any> {
if (event['type'] === 'm.room.message') {
let content = event['content'] || {};
const explicitMentions = content["m.mentions"]?.user_ids;
const hitLimit = this.checkMentions(content.body, content.formatted_body, explicitMentions);
if (hitLimit) {
await mjolnir.managementRoomOutput.logMessage(LogLevel.WARN, "MentionSpam", `Redacting event from ${event['sender']} for spamming mentions. ${Permalinks.forEvent(roomId, event['event_id'], [new UserID(await mjolnir.client.getUserId()).domain])}`);
// Redact the event
if (!mjolnir.config.noop) {
await mjolnir.client.redactEvent(roomId, event['event_id'], "Message was detected as spam.");
} else {
await mjolnir.managementRoomOutput.logMessage(LogLevel.WARN, "MentionSpam", `Tried to redact ${event['event_id']} in ${roomId} but Mjolnir is running in no-op mode`, roomId);
}
}
}
}
}

6
src/protections/ProtectionManager.ts
View File

@ -1,5 +1,5 @@
/* /*
Copyright 2019 - 2022 The Matrix.org Foundation C.I.C. Copyright 2019 - 2024 The Matrix.org Foundation C.I.C.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
@ -32,6 +32,7 @@ import { ERROR_KIND_FATAL, ERROR_KIND_PERMISSION } from "../ErrorCache";
import { RoomUpdateError } from "../models/RoomUpdateError"; import { RoomUpdateError } from "../models/RoomUpdateError";
import { LocalAbuseReports } from "./LocalAbuseReports"; import { LocalAbuseReports } from "./LocalAbuseReports";
import {NsfwProtection} from "./NsfwProtection"; import {NsfwProtection} from "./NsfwProtection";
import { MentionSpam } from "./MentionSpam";
const PROTECTIONS: Protection[] = [ const PROTECTIONS: Protection[] = [
new FirstMessageIsImage(), new FirstMessageIsImage(),
@ -43,7 +44,8 @@ const PROTECTIONS: Protection[] = [
new DetectFederationLag(), new DetectFederationLag(),
new JoinWaveShortCircuit(), new JoinWaveShortCircuit(),
new LocalAbuseReports(), new LocalAbuseReports(),
new NsfwProtection() new NsfwProtection(),
new MentionSpam()
]; ];
const ENABLED_PROTECTIONS_EVENT_TYPE = "org.matrix.mjolnir.enabled_protections"; const ENABLED_PROTECTIONS_EVENT_TYPE = "org.matrix.mjolnir.enabled_protections";

101
test/integration/mentionSpamProtectionTest.ts Normal file
View File

@ -0,0 +1,101 @@
import {newTestUser} from "./clientHelper";
import {MatrixClient} from "@vector-im/matrix-bot-sdk";
import {getFirstReaction} from "./commands/commandUtils";
import {strict as assert} from "assert";
import { DEFAULT_MAX_MENTIONS } from "../../src/protections/MentionSpam";
describe("Test: Mention spam protection", function () {
let client: MatrixClient;
let room: string;
this.beforeEach(async function () {
client = await newTestUser(this.config.homeserverUrl, {name: {contains: "mention-spam-protection"}});
await client.start();
const mjolnirId = await this.mjolnir.client.getUserId();
room = await client.createRoom({ invite: [mjolnirId] });
await client.joinRoom(room);
await client.joinRoom(this.config.managementRoom);
await client.setUserPowerLevel(mjolnirId, room, 100);
})
this.afterEach(async function () {
await client.stop();
})
function delay(ms: number) {
return new Promise(resolve => setTimeout(resolve, ms));
}
it("does not redact a normal message", async function() {
await client.sendMessage(this.mjolnir.managementRoomId, { msgtype: 'm.text', body: `!mjolnir rooms add ${room}` });
await getFirstReaction(client, this.mjolnir.managementRoomId, '✅', async () => {
return await client.sendMessage(this.mjolnir.managementRoomId, { msgtype: 'm.text', body: "!mjolnir enable MentionSpam" });
});
const testMessage = await client.sendText(room, 'Hello world');
await delay(500);
const fetchedEvent = await client.getEvent(room, testMessage);
assert.equal(Object.keys(fetchedEvent.content).length, 2, "This event should not have been redacted");
});
it("does not redact a message with some mentions", async function() {
await client.sendMessage(this.mjolnir.managementRoomId, { msgtype: 'm.text', body: `!mjolnir rooms add ${room}` });
await getFirstReaction(client, this.mjolnir.managementRoomId, '✅', async () => {
return await client.sendMessage(this.mjolnir.managementRoomId, { msgtype: 'm.text', body: "!mjolnir enable MentionSpam" });
});
// Also covers HTML mentions
const mentionUsers = Array.from({length: DEFAULT_MAX_MENTIONS}, (_, i) => `@user${i}:example.org`);
const messageWithTextMentions = await client.sendText(room, mentionUsers.join(' '));
const messageWithHTMLMentions = await client.sendHtmlText(room,
mentionUsers.map(u => `<a href=\"https://matrix.to/#/${encodeURIComponent(u)}\">${u}</a>`).join(' '));
const messageWithMMentions = await client.sendMessage(room, {
msgtype: 'm.text',
body: 'Hello world',
['m.mentions']: {
user_ids: mentionUsers
}
});
await delay(500);
const fetchedTextEvent = await client.getEvent(room, messageWithTextMentions);
assert.equal(Object.keys(fetchedTextEvent.content).length, 2, "This event should not have been redacted");
const fetchedHTMLEvent = await client.getEvent(room, messageWithHTMLMentions);
assert.equal(Object.keys(fetchedHTMLEvent.content).length, 4, "This event should not have been redacted");
const fetchedMentionsEvent = await client.getEvent(room, messageWithMMentions);
assert.equal(Object.keys(fetchedMentionsEvent.content).length, 3, "This event should not have been redacted");
});
it("does redact a message with too many mentions", async function() {
await client.sendMessage(this.mjolnir.managementRoomId, { msgtype: 'm.text', body: `!mjolnir rooms add ${room}` });
await getFirstReaction(client, this.mjolnir.managementRoomId, '✅', async () => {
return await client.sendMessage(this.mjolnir.managementRoomId, { msgtype: 'm.text', body: "!mjolnir enable MentionSpam" });
});
// Also covers HTML mentions
const mentionUsers = Array.from({length: DEFAULT_MAX_MENTIONS+1}, (_, i) => `@user${i}:example.org`);
const messageWithTextMentions = await client.sendText(room, mentionUsers.join(' '));
const messageWithHTMLMentions = await client.sendHtmlText(room,
mentionUsers.map(u => `<a href=\"https://matrix.to/#/${encodeURIComponent(u)}\">${u}</a>`).join(' '));
const messageWithMMentions = await client.sendMessage(room, {
msgtype: 'm.text',
body: 'Hello world',
['m.mentions']: {
user_ids: mentionUsers
}
});
await delay(500);
const fetchedTextEvent = await client.getEvent(room, messageWithTextMentions);
assert.equal(Object.keys(fetchedTextEvent.content).length, 0, "This event should have been redacted");
const fetchedHTMLEvent = await client.getEvent(room, messageWithHTMLMentions);
assert.equal(Object.keys(fetchedHTMLEvent.content).length, 0, "This event should have been redacted");
const fetchedMentionsEvent = await client.getEvent(room, messageWithMMentions);
assert.equal(Object.keys(fetchedMentionsEvent.content).length, 0, "This event should have been redacted");
});
});