Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-05-02 10:56:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

Validate device_keys for C-S /keys/query requests (#10593)

Browse source 
* Validate device_keys for C-S /keys/query requests

Closes #10354

A small, not particularly critical fix. I'm interested in seeing if we
can find a more systematic approach though. #8445 is the place for any discussion.
This commit is contained in:
David Robertson 2021-08-20 15:47:03 +01:00 committed by GitHub
parent e81d62009e
commit ee3b2ac59a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 101 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

16
synapse/rest/client/keys.py
View file

@ -15,8 +15,9 @@
# limitations under the License.
import logging
from typing import Any
from synapse.api.errors import SynapseError
from synapse.api.errors import InvalidAPICallError, SynapseError
from synapse.http.servlet import (
RestServlet,
parse_integer,
@ -163,6 +164,19 @@ class KeyQueryServlet(RestServlet):
device_id = requester.device_id
timeout = parse_integer(request, "timeout", 10 * 1000)
body = parse_json_object_from_request(request)
device_keys = body.get("device_keys")
if not isinstance(device_keys, dict):
raise InvalidAPICallError("'device_keys' must be a JSON object")
def is_list_of_strings(values: Any) -> bool:
return isinstance(values, list) and all(isinstance(v, str) for v in values)
if any(not is_list_of_strings(keys) for keys in device_keys.values()):
raise InvalidAPICallError(
"'device_keys' values must be a list of strings",
)
result = await self.e2e_keys_handler.query_devices(
body, timeout, user_id, device_id
)