Validate the max_rooms_per_space parameter to ensure it is non-negative. (#10611)

This commit is contained in:
Patrick Cloke 2021-08-16 12:01:30 -04:00 committed by GitHub
parent 0ace38b7b3
commit 5af83efe8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 39 additions and 9 deletions

1
changelog.d/10611.bugfix Normal file
View File

@ -0,0 +1 @@
Additional validation for the spaces summary API to avoid errors like `ValueError: Stop argument for islice() must be None or an integer`. The missing validation has existed since v1.31.0.

View File

@ -557,7 +557,14 @@ class FederationSpaceSummaryServlet(BaseFederationServlet):
room_id: str, room_id: str,
) -> Tuple[int, JsonDict]: ) -> Tuple[int, JsonDict]:
suggested_only = parse_boolean_from_args(query, "suggested_only", default=False) suggested_only = parse_boolean_from_args(query, "suggested_only", default=False)
max_rooms_per_space = parse_integer_from_args(query, "max_rooms_per_space") max_rooms_per_space = parse_integer_from_args(query, "max_rooms_per_space")
if max_rooms_per_space is not None and max_rooms_per_space < 0:
raise SynapseError(
400,
"Value for 'max_rooms_per_space' must be a non-negative integer",
Codes.BAD_JSON,
)
exclude_rooms = parse_strings_from_args(query, "exclude_rooms", default=[]) exclude_rooms = parse_strings_from_args(query, "exclude_rooms", default=[])
@ -586,10 +593,17 @@ class FederationSpaceSummaryServlet(BaseFederationServlet):
raise SynapseError(400, "bad value for 'exclude_rooms'", Codes.BAD_JSON) raise SynapseError(400, "bad value for 'exclude_rooms'", Codes.BAD_JSON)
max_rooms_per_space = content.get("max_rooms_per_space") max_rooms_per_space = content.get("max_rooms_per_space")
if max_rooms_per_space is not None and not isinstance(max_rooms_per_space, int): if max_rooms_per_space is not None:
raise SynapseError( if not isinstance(max_rooms_per_space, int):
400, "bad value for 'max_rooms_per_space'", Codes.BAD_JSON raise SynapseError(
) 400, "bad value for 'max_rooms_per_space'", Codes.BAD_JSON
)
if max_rooms_per_space < 0:
raise SynapseError(
400,
"Value for 'max_rooms_per_space' must be a non-negative integer",
Codes.BAD_JSON,
)
return 200, await self.handler.federation_space_summary( return 200, await self.handler.federation_space_summary(
origin, room_id, suggested_only, max_rooms_per_space, exclude_rooms origin, room_id, suggested_only, max_rooms_per_space, exclude_rooms

View File

@ -993,11 +993,19 @@ class RoomSpaceSummaryRestServlet(RestServlet):
) -> Tuple[int, JsonDict]: ) -> Tuple[int, JsonDict]:
requester = await self._auth.get_user_by_req(request, allow_guest=True) requester = await self._auth.get_user_by_req(request, allow_guest=True)
max_rooms_per_space = parse_integer(request, "max_rooms_per_space")
if max_rooms_per_space is not None and max_rooms_per_space < 0:
raise SynapseError(
400,
"Value for 'max_rooms_per_space' must be a non-negative integer",
Codes.BAD_JSON,
)
return 200, await self._room_summary_handler.get_space_summary( return 200, await self._room_summary_handler.get_space_summary(
requester.user.to_string(), requester.user.to_string(),
room_id, room_id,
suggested_only=parse_boolean(request, "suggested_only", default=False), suggested_only=parse_boolean(request, "suggested_only", default=False),
max_rooms_per_space=parse_integer(request, "max_rooms_per_space"), max_rooms_per_space=max_rooms_per_space,
) )
# TODO When switching to the stable endpoint, remove the POST handler. # TODO When switching to the stable endpoint, remove the POST handler.
@ -1014,10 +1022,17 @@ class RoomSpaceSummaryRestServlet(RestServlet):
) )
max_rooms_per_space = content.get("max_rooms_per_space") max_rooms_per_space = content.get("max_rooms_per_space")
if max_rooms_per_space is not None and not isinstance(max_rooms_per_space, int): if max_rooms_per_space is not None:
raise SynapseError( if not isinstance(max_rooms_per_space, int):
400, "'max_rooms_per_space' must be an integer", Codes.BAD_JSON raise SynapseError(
) 400, "'max_rooms_per_space' must be an integer", Codes.BAD_JSON
)
if max_rooms_per_space < 0:
raise SynapseError(
400,
"Value for 'max_rooms_per_space' must be a non-negative integer",
Codes.BAD_JSON,
)
return 200, await self._room_summary_handler.get_space_summary( return 200, await self._room_summary_handler.get_space_summary(
requester.user.to_string(), requester.user.to_string(),