Be stricter about JSON that is accepted by Synapse (#8106)

2025-07-31 23:38:36 -04:00 · 2020-08-19 07:26:03 -04:00 · 2020-08-19 07:26:03 -04:00 · eebf52be06
commit eebf52be06
parent d89692ea84
20 changed files with 85 additions and 62 deletions
--- a/synapse/storage/_base.py
+++ b/synapse/storage/_base.py
@ -19,12 +19,11 @@ import random
 from abc import ABCMeta
 from typing import Any, Optional

-from canonicaljson import json
-
 from synapse.storage.database import LoggingTransaction  # noqa: F401
 from synapse.storage.database import make_in_list_sql_clause  # noqa: F401
 from synapse.storage.database import DatabasePool
 from synapse.types import Collection, get_domain_from_id
+from synapse.util import json_decoder

 logger = logging.getLogger(__name__)

@ -99,13 +98,13 @@ def db_to_json(db_content):
    if isinstance(db_content, memoryview):
        db_content = db_content.tobytes()

-    # Decode it to a Unicode string before feeding it to json.loads, since
+    # Decode it to a Unicode string before feeding it to the JSON decoder, since
    # Python 3.5 does not support deserializing bytes.
    if isinstance(db_content, (bytes, bytearray)):
        db_content = db_content.decode("utf8")

    try:
-        return json.loads(db_content)
+        return json_decoder.decode(db_content)
    except Exception:
        logging.warning("Tried to decode '%r' as JSON and failed", db_content)
        raise
--- a/synapse/storage/databases/main/events_worker.py
+++ b/synapse/storage/databases/main/events_worker.py
@ -596,8 +596,20 @@ class EventsWorkerStore(SQLBaseStore):
            if not allow_rejected and rejected_reason:
                continue

-            d = db_to_json(row["json"])
-            internal_metadata = db_to_json(row["internal_metadata"])
+            # If the event or metadata cannot be parsed, log the error and act
+            # as if the event is unknown.
+            try:
+                d = db_to_json(row["json"])
+            except ValueError:
+                logger.error("Unable to parse json from event: %s", event_id)
+                continue
+            try:
+                internal_metadata = db_to_json(row["internal_metadata"])
+            except ValueError:
+                logger.error(
+                    "Unable to parse internal_metadata from event: %s", event_id
+                )
+                continue

            format_version = row["format_version"]
            if format_version is None: