anonymousland-synapse/synapse/storage/databases/main
David Robertson 4f00432ce1
Fix potential leak of per-room profiles when the user dir is rebuilt. (#10981)
There are two steps to rebuilding the user directory:

1. a scan over rooms, followed by
2. a scan over local users.

The former reads avatars and display names from the `room_memberships`
table and therefore contains potentially private avatars and
display names. The latter reads from the the `profiles` table which only
contains public data; moreover it will overwrite any private profiles
that the rooms scan may have written to the user directory. This means
that the rebuild could leak private user while the rebuild was in
progress, only to later cover up the leaks once the rebuild had completed.

This change skips over local users when writing user_directory rows
when scanning rooms. Doing so means that it'll take longer for a rebuild
to make local users searchable, which is unfortunate. I think a future
PR can improve this by swapping the order of the two steps above. (And
indeed there's more to do here, e.g. copying from `profiles` without
going via Python.)

Small tidy-ups while I'm here:

* Remove duplicated code from test_initial. This was meant to be pulled into `purge_and_rebuild_user_dir`.
* Move `is_public` before updating sharing tables. No functional change; it's still before the first read of `is_public`.
* Don't bother creating a set from dict keys. Slightly nicer and makes the code simpler.

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2021-10-05 18:35:25 +01:00
..
__init__.py Verify ?chunk_id actually corresponds to an insertion event that exists (MSC2716) (#10776) 2021-09-15 09:34:30 +01:00
account_data.py Remove unnecessary parentheses around tuples returned from methods (#10889) 2021-09-23 11:59:07 +01:00
appservice.py Use direct references for some configuration variables (part 3) (#10885) 2021-09-23 07:13:34 -04:00
cache.py add a cache to have_seen_event (#9953) 2021-06-01 12:04:47 +01:00
censor_events.py Use direct references for configuration variables (part 6). (#10916) 2021-09-29 06:44:15 -04:00
client_ips.py Synapse 1.44.0rc3 (2021-10-04) 2021-10-04 15:33:42 +01:00
deviceinbox.py Remove unnecessary parentheses around tuples returned from methods (#10889) 2021-09-23 11:59:07 +01:00
devices.py Use direct references for some configuration variables (#10798) 2021-09-13 13:07:12 -04:00
directory.py Allow room_alias_name parameter to be handled by /createRoom calls on workers (#10757) 2021-09-06 14:37:15 +01:00
e2e_room_keys.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
end_to_end_keys.py Fix invalidating OTK count cache after claim (#10875) 2021-09-22 15:31:05 +01:00
event_federation.py Rename MSC2716 things from chunk to batch to match /batch_send endpoint (#10838) 2021-09-21 15:06:28 -05:00
event_push_actions.py Use direct references for some configuration variables (#10798) 2021-09-13 13:07:12 -04:00
events_bg_updates.py Fix remove_stale_pushers job on SQLite. (#10843) 2021-09-20 10:26:13 +01:00
events_forward_extremities.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
events_worker.py Remove unnecessary parentheses around tuples returned from methods (#10889) 2021-09-23 11:59:07 +01:00
events.py Fix logic flaw preventing tracking of MSC2716 events in existing room versions (#10962) 2021-10-05 11:51:57 -05:00
filtering.py Add type hints to filtering classes. (#10958) 2021-10-01 07:02:32 -04:00
group_server.py [pyupgrade] synapse/ (#10348) 2021-07-19 15:28:05 +01:00
keys.py Add missing type hints to synapse.util (#9982) 2021-05-24 15:32:01 -04:00
lock.py Fix dropping locks on shut down (#10433) 2021-07-20 14:24:25 +01:00
media_repository.py Add an admin API for unprotecting local media from quarantine (#10040) 2021-05-26 11:19:47 +01:00
metrics.py Use direct references for some configuration variables (#10798) 2021-09-13 13:07:12 -04:00
monthly_active_users.py Add functionality to remove deactivated users from the monthly_active_users table (#10947) 2021-10-04 08:34:42 -07:00
openid.py Convert additional databases to async/await part 2 (#8200) 2020-09-01 08:39:04 -04:00
presence.py Add a partial index to presence_stream to speed up startups (#10748) 2021-09-03 17:16:56 +01:00
profile.py Fix deactivate a user if he does not have a profile (#10252) 2021-07-06 13:08:53 +01:00
purge_events.py In _purge_history_txn, ensure that txn.fetchall has elements before accessing rows (#10690) 2021-09-24 09:19:51 +00:00
push_rule.py Use inline type hints in http/federation/, storage/ and util/ (#10381) 2021-07-15 12:46:54 -04:00
pusher.py Fix remove_stale_pushers job on SQLite. (#10843) 2021-09-20 10:26:13 +01:00
receipts.py Add type hints for event streams. (#10856) 2021-09-21 13:34:26 -04:00
registration.py Use direct references for configuration variables (part 7). (#10959) 2021-10-04 07:18:54 -04:00
rejections.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
relations.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
room_batch.py Ensure (room_id, next_batch_id) is unique to avoid cross-talk/conflicts between batches (MSC2716) (#10877) 2021-09-28 21:23:16 -05:00
room.py Use direct references for configuration variables (part 6). (#10916) 2021-09-29 06:44:15 -04:00
roommember.py Use direct references for configuration variables (part 4). (#10893) 2021-09-23 12:03:01 -04:00
search.py Use direct references for configuration variables (part 6). (#10916) 2021-09-29 06:44:15 -04:00
session.py Use direct references for some configuration variables (#10798) 2021-09-13 13:07:12 -04:00
signatures.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
state_deltas.py Remove unnecessary parentheses around tuples returned from methods (#10889) 2021-09-23 11:59:07 +01:00
state.py Fix remove_stale_pushers job on SQLite. (#10843) 2021-09-20 10:26:13 +01:00
stats.py Use direct references for configuration variables (part 5). (#10897) 2021-09-24 07:25:21 -04:00
stream.py Remove unnecessary parentheses around tuples returned from methods (#10889) 2021-09-23 11:59:07 +01:00
tags.py Use inline type hints in http/federation/, storage/ and util/ (#10381) 2021-07-15 12:46:54 -04:00
transactions.py Use direct references for some configuration variables (#10798) 2021-09-13 13:07:12 -04:00
ui_auth.py Fix remove_stale_pushers job on SQLite. (#10843) 2021-09-20 10:26:13 +01:00
user_directory.py Fix potential leak of per-room profiles when the user dir is rebuilt. (#10981) 2021-10-05 18:35:25 +01:00
user_erasure_store.py Minor @cachedList enhancements (#9975) 2021-05-14 11:12:36 +01:00