Fix: LD Signaturesで署名された投稿の検索許可（検索範囲）が改竄できる問題

spec/lib/activitypub/activity/create_spec.rb

@@ -632,7 +632,7 @@ RSpec.describe ActivityPub::Activity::Create do
         end
 
         context 'with direct' do
-          let(:searchable_by) { '' }
+          let(:searchable_by) { 'https://example.com/actor' }
 
           it 'create status' do
             status = sender.statuses.first
@@ -642,6 +642,17 @@ RSpec.describe ActivityPub::Activity::Create do
           end
         end
 
+        context 'with empty array' do
+          let(:searchable_by) { '' }
+
+          it 'create status' do
+            status = sender.statuses.first
+
+            expect(status).to_not be_nil
+            expect(status.searchability).to be_nil
+          end
+        end
+
         context 'with direct when not specify' do
           let(:searchable_by) { nil }
 

spec/lib/activitypub/tag_manager_spec.rb

@@ -210,7 +210,7 @@ RSpec.describe ActivityPub::TagManager do
 
     it 'returns empty array for direct status' do
       status    = Fabricate(:status, searchability: :direct)
-      expect(subject.searchable_by(status)).to eq []
+      expect(subject.searchable_by(status)).to eq ["https://cb6e6126.ngrok.io/users/#{status.account.username}"]
     end
 
     it 'returns as:Limited array for limited status' do