matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reverting usage of RE2 (WIP):

Browse Source 
**Breaking changes**

The livechat v13 introduced a new library to handle regular expressions in forbidden words, to avoid
[ReDOS](https://en.wikipedia.org/wiki/ReDoS) attacks.
Unfortunately, this library was not able to install itself properly on some systems, and some admins were not able
to install the livechat plugin.

That's why we have disabled this library in v14, and introduce a new settings to enable regexp in forbidden words.
By default this settings is disabled, and your users won't be able to use regexp in their forbidden words.

The risk by enabling this feature is that a malicious user could cause a denial of service for the chat bot, by using a
special crafted regular expression in their channel options, and sending a special crafter message in one of their
rooms. If you trust your users (those who have rights to livestream), you can enable the settings. Otherwise it is not
recommanded. See the documentation for more informations.

**Minor changes and fixes**

* Channel's forbidden words: new "enable" column.
* New settings to enable regular expressions for channel forbidden words.
* "Channel advanced configuration" settings: removing the "experimental feature" label.
This commit is contained in:
John Livingston
2025-06-19 12:07:39 +02:00
parent e41529b61f
commit 3624dd5c3c
65 changed files with 343 additions and 2145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
languages/en.yml
View File

@ -627,7 +627,7 @@ prosody_firewall_configuration_help: |
Don't hesitate to share your configurations with the community (for example by adding some examples in the plugin documentation).
prosody_firewall_disabled_warning: |
Warning: mod_firewall is disabled in the livechat <a href="/admin/plugins/show/peertube-plugin-livechat" target="_blank">plugin settings</a>, you have to enable it if you want this configuration to be taken into account.
prosody_firewall_file_enabled: Enabled
enabled: Enabled
prosody_firewall_name: Name
prosody_firewall_name_desc: |
Can only contain: alphanumerical characters, underscores and hyphens.
@ -681,3 +681,8 @@ converse_theme_warning_description: |
Otherwise some user may experience issues depending on the Peertube theme they use.
</span>
back_to_last_msg: Go back to last message
enable_users_regexp: Enable regular expressions for channel's forbidden words
enable_users_regexp_description: |
When enabling this feature, streamers will be able to use Regular Expressions when configuring the chat bot.
You should not enable this feature if you don't trust your users (those who can create chat rooms, in other words: those who can create live streams).
A malicious user could create a specially crafted regular expression, and cause a bot denial of service.