Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-08-17 03:40:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

Reject mentions on the C-S API which are invalid. (#15311)

Browse source 
Invalid mentions data received over the Client-Server API should
be rejected with a 400 error. This will hopefully stop clients from
sending invalid data, although does not help with data received
over federation.
This commit is contained in:
Patrick Cloke 2023-03-24 08:31:14 -04:00 committed by GitHub
parent e6af49fbea
commit 68a6717312
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 105 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

94
tests/push/test_bulk_push_rule_evaluator.py
View file

@ -243,22 +243,28 @@ class TestBulkPushRuleEvaluator(HomeserverTestCase):
)
# Non-dict mentions should be ignored.
mentions: Any
for mentions in (None, True, False, 1, "foo", []):
self.assertFalse(
self._create_and_process(
bulk_evaluator, {EventContentFields.MSC3952_MENTIONS: mentions}
#
# Avoid C-S validation as these aren't expected.
with patch(
"synapse.events.validator.EventValidator.validate_new",
new=lambda s, event, config: True,
):
mentions: Any
for mentions in (None, True, False, 1, "foo", []):
self.assertFalse(
self._create_and_process(
bulk_evaluator, {EventContentFields.MSC3952_MENTIONS: mentions}
)
)
)
# A non-list should be ignored.
for mentions in (None, True, False, 1, "foo", {}):
self.assertFalse(
self._create_and_process(
bulk_evaluator,
{EventContentFields.MSC3952_MENTIONS: {"user_ids": mentions}},
# A non-list should be ignored.
for mentions in (None, True, False, 1, "foo", {}):
self.assertFalse(
self._create_and_process(
bulk_evaluator,
{EventContentFields.MSC3952_MENTIONS: {"user_ids": mentions}},
)
)
)
# The Matrix ID appearing anywhere in the list should notify.
self.assertTrue(
@ -291,26 +297,32 @@ class TestBulkPushRuleEvaluator(HomeserverTestCase):
)
# Invalid entries in the list are ignored.
self.assertFalse(
self._create_and_process(
bulk_evaluator,
{
EventContentFields.MSC3952_MENTIONS: {
"user_ids": [None, True, False, {}, []]
}
},
#
# Avoid C-S validation as these aren't expected.
with patch(
"synapse.events.validator.EventValidator.validate_new",
new=lambda s, event, config: True,
):
self.assertFalse(
self._create_and_process(
bulk_evaluator,
{
EventContentFields.MSC3952_MENTIONS: {
"user_ids": [None, True, False, {}, []]
}
},
)
)
)
self.assertTrue(
self._create_and_process(
bulk_evaluator,
{
EventContentFields.MSC3952_MENTIONS: {
"user_ids": [None, True, False, {}, [], self.alice]
}
},
self.assertTrue(
self._create_and_process(
bulk_evaluator,
{
EventContentFields.MSC3952_MENTIONS: {
"user_ids": [None, True, False, {}, [], self.alice]
}
},
)
)
)
# The legacy push rule should not mention if the mentions field exists.
self.assertFalse(
@ -351,14 +363,20 @@ class TestBulkPushRuleEvaluator(HomeserverTestCase):
)
# Invalid data should not notify.
mentions: Any
for mentions in (None, False, 1, "foo", [], {}):
self.assertFalse(
self._create_and_process(
bulk_evaluator,
{EventContentFields.MSC3952_MENTIONS: {"room": mentions}},
#
# Avoid C-S validation as these aren't expected.
with patch(
"synapse.events.validator.EventValidator.validate_new",
new=lambda s, event, config: True,
):
mentions: Any
for mentions in (None, False, 1, "foo", [], {}):
self.assertFalse(
self._create_and_process(
bulk_evaluator,
{EventContentFields.MSC3952_MENTIONS: {"room": mentions}},
)
)
)
# The legacy push rule should not mention if the mentions field exists.
self.assertFalse(