Handle malformed values of notification.room in power level events (#14942)

* Better test for bad values in power levels events The previous test only checked that Synapse didn't raise an exception, but didn't check that we had correctly interpreted the value of the dodgy power level. It also conflated two things: bad room notification levels, and bad user levels. There _is_ logic for converting the latter to integers, but we should test it separately. * Check we ignore types that don't convert to int * Handle `None` values in `notifications.room` * Changelog * Also test that bad values are rejected by event auth * Docstring * linter scripttttttttt
2025-08-08 23:02:23 -04:00 · 2023-01-30 21:29:30 +00:00 · 2023-01-30 21:29:30 +00:00 · 510d4b06e7
commit 510d4b06e7
parent 43c7d814e6
4 changed files with 127 additions and 16 deletions
--- a/tests/test_event_auth.py
+++ b/tests/test_event_auth.py
@ -13,7 +13,7 @@
 # limitations under the License.

 import unittest
-from typing import Collection, Dict, Iterable, List, Optional
+from typing import Any, Collection, Dict, Iterable, List, Optional

 from parameterized import parameterized

@ -728,6 +728,36 @@ class EventAuthTestCase(unittest.TestCase):
                pl_event.room_version, pl_event2, {("fake_type", "fake_key"): pl_event}
            )

+    def test_room_v10_rejects_other_non_integer_power_levels(self) -> None:
+        """We should reject PLs that are non-integer, non-string JSON values.
+
+        test_room_v10_rejects_string_power_levels above handles the string case.
+        """
+
+        def create_event(pl_event_content: Dict[str, Any]) -> EventBase:
+            return make_event_from_dict(
+                {
+                    "room_id": TEST_ROOM_ID,
+                    **_maybe_get_event_id_dict_for_room_version(RoomVersions.V10),
+                    "type": "m.room.power_levels",
+                    "sender": "@test:test.com",
+                    "state_key": "",
+                    "content": pl_event_content,
+                    "signatures": {"test.com": {"ed25519:0": "some9signature"}},
+                },
+                room_version=RoomVersions.V10,
+            )
+
+        contents: Iterable[Dict[str, Any]] = [
+            {"notifications": {"room": None}},
+            {"users": {"@alice:wonderland": []}},
+            {"users_default": {}},
+        ]
+        for content in contents:
+            event = create_event(content)
+            with self.assertRaises(SynapseError):
+                event_auth._check_power_levels(event.room_version, event, {})
+

 # helpers for making events
 TEST_DOMAIN = "example.com"