Merge pull request #1660 from matrix-org/rav/better_content_type_validation

More intelligent Content-Type parsing
This commit is contained in:
Richard van der Hoff 2016-11-30 16:54:03 +00:00 committed by GitHub
commit 8379a741cc

View File

@ -33,6 +33,7 @@ from synapse.api.errors import (
from signedjson.sign import sign_json from signedjson.sign import sign_json
import cgi
import simplejson as json import simplejson as json
import logging import logging
import random import random
@ -292,12 +293,7 @@ class MatrixFederationHttpClient(object):
if 200 <= response.code < 300: if 200 <= response.code < 300:
# We need to update the transactions table to say it was sent? # We need to update the transactions table to say it was sent?
c_type = response.headers.getRawHeaders("Content-Type") check_content_type_is_json(response.headers)
if "application/json" not in c_type:
raise RuntimeError(
"Content-Type not application/json"
)
body = yield preserve_context_over_fn(readBody, response) body = yield preserve_context_over_fn(readBody, response)
defer.returnValue(json.loads(body)) defer.returnValue(json.loads(body))
@ -342,12 +338,7 @@ class MatrixFederationHttpClient(object):
if 200 <= response.code < 300: if 200 <= response.code < 300:
# We need to update the transactions table to say it was sent? # We need to update the transactions table to say it was sent?
c_type = response.headers.getRawHeaders("Content-Type") check_content_type_is_json(response.headers)
if "application/json" not in c_type:
raise RuntimeError(
"Content-Type not application/json"
)
body = yield preserve_context_over_fn(readBody, response) body = yield preserve_context_over_fn(readBody, response)
@ -400,12 +391,7 @@ class MatrixFederationHttpClient(object):
if 200 <= response.code < 300: if 200 <= response.code < 300:
# We need to update the transactions table to say it was sent? # We need to update the transactions table to say it was sent?
c_type = response.headers.getRawHeaders("Content-Type") check_content_type_is_json(response.headers)
if "application/json" not in c_type:
raise RuntimeError(
"Content-Type not application/json"
)
body = yield preserve_context_over_fn(readBody, response) body = yield preserve_context_over_fn(readBody, response)
@ -525,3 +511,29 @@ def _flatten_response_never_received(e):
) )
else: else:
return "%s: %s" % (type(e).__name__, e.message,) return "%s: %s" % (type(e).__name__, e.message,)
def check_content_type_is_json(headers):
"""
Check that a set of HTTP headers have a Content-Type header, and that it
is application/json.
Args:
headers (twisted.web.http_headers.Headers): headers to check
Raises:
RuntimeError if the
"""
c_type = headers.getRawHeaders("Content-Type")
if c_type is None:
raise RuntimeError(
"No Content-Type header"
)
c_type = c_type[0] # only the first header
val, options = cgi.parse_header(c_type)
if val != "application/json":
raise RuntimeError(
"Content-Type not application/json: was '%s'" % c_type
)