2016-01-07 05:26:29 +01:00
|
|
|
# Copyright 2014-2016 OpenMarket Ltd
|
2014-12-03 17:07:21 +01:00
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
2021-08-26 18:07:58 +02:00
|
|
|
import collections.abc
|
2022-05-30 11:47:09 +02:00
|
|
|
from typing import Iterable, Type, Union, cast
|
2020-11-03 13:13:48 +01:00
|
|
|
|
2021-08-26 18:07:58 +02:00
|
|
|
import jsonschema
|
|
|
|
|
2019-05-08 18:01:30 +02:00
|
|
|
from synapse.api.constants import MAX_ALIAS_LENGTH, EventTypes, Membership
|
|
|
|
from synapse.api.errors import Codes, SynapseError
|
2019-04-01 11:24:38 +02:00
|
|
|
from synapse.api.room_versions import EventFormatVersions
|
2020-11-03 13:13:48 +01:00
|
|
|
from synapse.config.homeserver import HomeServerConfig
|
|
|
|
from synapse.events import EventBase
|
|
|
|
from synapse.events.builder import EventBuilder
|
2021-08-26 18:07:58 +02:00
|
|
|
from synapse.events.utils import (
|
|
|
|
CANONICALJSON_MAX_INT,
|
|
|
|
CANONICALJSON_MIN_INT,
|
|
|
|
validate_canonicaljson,
|
|
|
|
)
|
2020-11-03 13:13:48 +01:00
|
|
|
from synapse.federation.federation_server import server_matches_acl_event
|
2021-10-13 13:24:07 +02:00
|
|
|
from synapse.types import EventID, JsonDict, RoomID, UserID
|
2018-07-09 08:09:20 +02:00
|
|
|
|
2014-12-03 17:07:21 +01:00
|
|
|
|
2020-09-04 12:54:56 +02:00
|
|
|
class EventValidator:
|
2021-10-13 13:24:07 +02:00
|
|
|
def validate_new(self, event: EventBase, config: HomeServerConfig) -> None:
|
2019-01-29 11:34:49 +01:00
|
|
|
"""Validates the event has roughly the right format
|
|
|
|
|
2022-06-09 16:51:34 +02:00
|
|
|
Suitable for checking a locally-created event. It has stricter checks than
|
|
|
|
is appropriate for an event received over federation (for which, see
|
|
|
|
event_auth.validate_event_for_room_version)
|
|
|
|
|
2019-01-29 11:34:49 +01:00
|
|
|
Args:
|
2020-11-03 13:13:48 +01:00
|
|
|
event: The event to validate.
|
|
|
|
config: The homeserver's configuration.
|
2019-01-29 11:34:49 +01:00
|
|
|
"""
|
|
|
|
self.validate_builder(event)
|
2014-12-03 17:07:21 +01:00
|
|
|
|
2022-09-07 12:08:20 +02:00
|
|
|
if event.format_version == EventFormatVersions.ROOM_V1_V2:
|
2019-01-29 18:23:47 +01:00
|
|
|
EventID.from_string(event.event_id)
|
2014-12-03 17:07:21 +01:00
|
|
|
|
2014-12-10 18:59:47 +01:00
|
|
|
required = [
|
2019-01-28 18:00:14 +01:00
|
|
|
"auth_events",
|
2014-12-10 18:59:47 +01:00
|
|
|
"content",
|
2019-01-28 18:00:14 +01:00
|
|
|
"hashes",
|
2014-12-10 18:59:47 +01:00
|
|
|
"origin",
|
2019-01-28 18:00:14 +01:00
|
|
|
"prev_events",
|
2014-12-10 18:59:47 +01:00
|
|
|
"sender",
|
|
|
|
"type",
|
|
|
|
]
|
|
|
|
|
|
|
|
for k in required:
|
2021-11-02 14:55:52 +01:00
|
|
|
if k not in event:
|
2014-12-10 18:59:47 +01:00
|
|
|
raise SynapseError(400, "Event does not have key %s" % (k,))
|
2014-12-03 17:07:21 +01:00
|
|
|
|
|
|
|
# Check that the following keys have string values
|
2019-06-20 11:32:02 +02:00
|
|
|
event_strings = ["origin"]
|
2014-12-03 17:07:21 +01:00
|
|
|
|
2019-01-29 11:34:49 +01:00
|
|
|
for s in event_strings:
|
2020-06-16 14:51:47 +02:00
|
|
|
if not isinstance(getattr(event, s), str):
|
2019-01-29 11:36:46 +01:00
|
|
|
raise SynapseError(400, "'%s' not a string type" % (s,))
|
2014-12-03 17:07:21 +01:00
|
|
|
|
2020-05-14 19:24:01 +02:00
|
|
|
# Depending on the room version, ensure the data is spec compliant JSON.
|
|
|
|
if event.room_version.strict_canonicaljson:
|
|
|
|
# Note that only the client controlled portion of the event is
|
|
|
|
# checked, since we trust the portions of the event we created.
|
|
|
|
validate_canonicaljson(event.content)
|
|
|
|
|
2019-05-08 18:01:30 +02:00
|
|
|
if event.type == EventTypes.Aliases:
|
|
|
|
if "aliases" in event.content:
|
|
|
|
for alias in event.content["aliases"]:
|
|
|
|
if len(alias) > MAX_ALIAS_LENGTH:
|
|
|
|
raise SynapseError(
|
|
|
|
400,
|
2019-06-20 11:32:02 +02:00
|
|
|
(
|
|
|
|
"Can't create aliases longer than"
|
|
|
|
" %d characters" % (MAX_ALIAS_LENGTH,)
|
|
|
|
),
|
2019-05-08 18:01:30 +02:00
|
|
|
Codes.INVALID_PARAM,
|
|
|
|
)
|
|
|
|
|
2019-11-04 18:09:22 +01:00
|
|
|
if event.type == EventTypes.Retention:
|
2020-08-24 19:21:04 +02:00
|
|
|
self._validate_retention(event)
|
2019-11-04 18:09:22 +01:00
|
|
|
|
2020-11-03 13:13:48 +01:00
|
|
|
if event.type == EventTypes.ServerACL:
|
2021-09-13 19:07:12 +02:00
|
|
|
if not server_matches_acl_event(config.server.server_name, event):
|
2020-11-03 13:13:48 +01:00
|
|
|
raise SynapseError(
|
|
|
|
400, "Can't create an ACL event that denies the local server"
|
|
|
|
)
|
|
|
|
|
2021-08-26 18:07:58 +02:00
|
|
|
if event.type == EventTypes.PowerLevels:
|
|
|
|
try:
|
|
|
|
jsonschema.validate(
|
|
|
|
instance=event.content,
|
|
|
|
schema=POWER_LEVELS_SCHEMA,
|
|
|
|
cls=plValidator,
|
|
|
|
)
|
|
|
|
except jsonschema.ValidationError as e:
|
|
|
|
if e.path:
|
|
|
|
# example: "users_default": '0' is not of type 'integer'
|
2022-05-30 11:47:09 +02:00
|
|
|
# cast safety: path entries can be integers, if we fail to validate
|
|
|
|
# items in an array. However the POWER_LEVELS_SCHEMA doesn't expect
|
|
|
|
# to see any arrays.
|
|
|
|
message = (
|
|
|
|
'"' + cast(str, e.path[-1]) + '": ' + e.message # noqa: B306
|
|
|
|
)
|
2021-08-26 18:07:58 +02:00
|
|
|
# jsonschema.ValidationError.message is a valid attribute
|
|
|
|
else:
|
|
|
|
# example: '0' is not of type 'integer'
|
|
|
|
message = e.message # noqa: B306
|
|
|
|
# jsonschema.ValidationError.message is a valid attribute
|
|
|
|
|
|
|
|
raise SynapseError(
|
|
|
|
code=400,
|
|
|
|
msg=message,
|
|
|
|
errcode=Codes.BAD_JSON,
|
|
|
|
)
|
|
|
|
|
2021-10-13 13:24:07 +02:00
|
|
|
def _validate_retention(self, event: EventBase) -> None:
|
2019-11-04 18:09:22 +01:00
|
|
|
"""Checks that an event that defines the retention policy for a room respects the
|
2020-08-24 19:21:04 +02:00
|
|
|
format enforced by the spec.
|
2019-11-04 18:09:22 +01:00
|
|
|
|
|
|
|
Args:
|
2020-11-03 13:13:48 +01:00
|
|
|
event: The event to validate.
|
2019-11-04 18:09:22 +01:00
|
|
|
"""
|
2020-10-14 13:00:52 +02:00
|
|
|
if not event.is_state():
|
|
|
|
raise SynapseError(code=400, msg="must be a state event")
|
|
|
|
|
2019-11-04 18:09:22 +01:00
|
|
|
min_lifetime = event.content.get("min_lifetime")
|
|
|
|
max_lifetime = event.content.get("max_lifetime")
|
|
|
|
|
|
|
|
if min_lifetime is not None:
|
Prefer `type(x) is int` to `isinstance(x, int)` (#14945)
* Perfer `type(x) is int` to `isinstance(x, int)`
This covered all additional instances I could see where `x` was
user-controlled.
The remaining cases are
```
$ rg -s 'isinstance.*[^_]int'
tests/replication/_base.py
576: if isinstance(obj, int):
synapse/util/caches/stream_change_cache.py
136: assert isinstance(stream_pos, int)
214: assert isinstance(stream_pos, int)
246: assert isinstance(stream_pos, int)
267: assert isinstance(stream_pos, int)
synapse/replication/tcp/external_cache.py
133: if isinstance(result, int):
synapse/metrics/__init__.py
100: if isinstance(calls, (int, float)):
synapse/handlers/appservice.py
262: assert isinstance(new_token, int)
synapse/config/_util.py
62: if isinstance(p, int):
```
which cover metrics, logic related to `jsonschema`, and replication and
data streams. AFAICS these are all internal to Synapse
* Changelog
2023-01-31 11:33:07 +01:00
|
|
|
if type(min_lifetime) is not int:
|
2019-11-04 18:09:22 +01:00
|
|
|
raise SynapseError(
|
|
|
|
code=400,
|
|
|
|
msg="'min_lifetime' must be an integer",
|
|
|
|
errcode=Codes.BAD_JSON,
|
|
|
|
)
|
|
|
|
|
|
|
|
if max_lifetime is not None:
|
Prefer `type(x) is int` to `isinstance(x, int)` (#14945)
* Perfer `type(x) is int` to `isinstance(x, int)`
This covered all additional instances I could see where `x` was
user-controlled.
The remaining cases are
```
$ rg -s 'isinstance.*[^_]int'
tests/replication/_base.py
576: if isinstance(obj, int):
synapse/util/caches/stream_change_cache.py
136: assert isinstance(stream_pos, int)
214: assert isinstance(stream_pos, int)
246: assert isinstance(stream_pos, int)
267: assert isinstance(stream_pos, int)
synapse/replication/tcp/external_cache.py
133: if isinstance(result, int):
synapse/metrics/__init__.py
100: if isinstance(calls, (int, float)):
synapse/handlers/appservice.py
262: assert isinstance(new_token, int)
synapse/config/_util.py
62: if isinstance(p, int):
```
which cover metrics, logic related to `jsonschema`, and replication and
data streams. AFAICS these are all internal to Synapse
* Changelog
2023-01-31 11:33:07 +01:00
|
|
|
if type(max_lifetime) is not int:
|
2019-11-04 18:09:22 +01:00
|
|
|
raise SynapseError(
|
|
|
|
code=400,
|
|
|
|
msg="'max_lifetime' must be an integer",
|
|
|
|
errcode=Codes.BAD_JSON,
|
|
|
|
)
|
|
|
|
|
|
|
|
if (
|
|
|
|
min_lifetime is not None
|
|
|
|
and max_lifetime is not None
|
|
|
|
and min_lifetime > max_lifetime
|
|
|
|
):
|
|
|
|
raise SynapseError(
|
|
|
|
code=400,
|
|
|
|
msg="'min_lifetime' can't be greater than 'max_lifetime",
|
|
|
|
errcode=Codes.BAD_JSON,
|
|
|
|
)
|
|
|
|
|
2021-10-13 13:24:07 +02:00
|
|
|
def validate_builder(self, event: Union[EventBase, EventBuilder]) -> None:
|
2019-01-28 18:00:14 +01:00
|
|
|
"""Validates that the builder/event has roughly the right format. Only
|
|
|
|
checks values that we expect a proto event to have, rather than all the
|
|
|
|
fields an event would have
|
|
|
|
"""
|
|
|
|
|
2019-06-20 11:32:02 +02:00
|
|
|
strings = ["room_id", "sender", "type"]
|
2019-01-28 18:00:14 +01:00
|
|
|
|
|
|
|
if hasattr(event, "state_key"):
|
|
|
|
strings.append("state_key")
|
|
|
|
|
|
|
|
for s in strings:
|
2020-06-16 14:51:47 +02:00
|
|
|
if not isinstance(getattr(event, s), str):
|
2019-01-28 18:00:14 +01:00
|
|
|
raise SynapseError(400, "Not '%s' a string type" % (s,))
|
|
|
|
|
|
|
|
RoomID.from_string(event.room_id)
|
2014-12-09 11:58:31 +01:00
|
|
|
UserID.from_string(event.sender)
|
2014-12-12 11:56:14 +01:00
|
|
|
|
|
|
|
if event.type == EventTypes.Message:
|
2019-06-20 11:32:02 +02:00
|
|
|
strings = ["body", "msgtype"]
|
2014-12-12 11:56:14 +01:00
|
|
|
|
|
|
|
self._ensure_strings(event.content, strings)
|
|
|
|
|
|
|
|
elif event.type == EventTypes.Topic:
|
|
|
|
self._ensure_strings(event.content, ["topic"])
|
2019-07-31 17:36:20 +02:00
|
|
|
self._ensure_state_event(event)
|
2014-12-12 11:56:14 +01:00
|
|
|
elif event.type == EventTypes.Name:
|
|
|
|
self._ensure_strings(event.content, ["name"])
|
2019-07-31 17:36:20 +02:00
|
|
|
self._ensure_state_event(event)
|
2019-01-28 18:00:14 +01:00
|
|
|
elif event.type == EventTypes.Member:
|
|
|
|
if "membership" not in event.content:
|
|
|
|
raise SynapseError(400, "Content has not membership key")
|
|
|
|
|
|
|
|
if event.content["membership"] not in Membership.LIST:
|
|
|
|
raise SynapseError(400, "Invalid membership key")
|
|
|
|
|
2019-07-31 17:36:20 +02:00
|
|
|
self._ensure_state_event(event)
|
2019-07-31 16:52:27 +02:00
|
|
|
elif event.type == EventTypes.Tombstone:
|
|
|
|
if "replacement_room" not in event.content:
|
|
|
|
raise SynapseError(400, "Content has no replacement_room key")
|
|
|
|
|
|
|
|
if event.content["replacement_room"] == event.room_id:
|
2019-08-01 14:14:25 +02:00
|
|
|
raise SynapseError(
|
|
|
|
400, "Tombstone cannot reference the room it was sent in"
|
|
|
|
)
|
2019-07-31 16:52:27 +02:00
|
|
|
|
2019-07-31 17:36:20 +02:00
|
|
|
self._ensure_state_event(event)
|
|
|
|
|
2021-10-13 13:24:07 +02:00
|
|
|
def _ensure_strings(self, d: JsonDict, keys: Iterable[str]) -> None:
|
2014-12-12 11:56:14 +01:00
|
|
|
for s in keys:
|
|
|
|
if s not in d:
|
|
|
|
raise SynapseError(400, "'%s' not in content" % (s,))
|
2020-06-16 14:51:47 +02:00
|
|
|
if not isinstance(d[s], str):
|
2019-01-29 11:36:46 +01:00
|
|
|
raise SynapseError(400, "'%s' not a string type" % (s,))
|
2019-07-31 17:36:20 +02:00
|
|
|
|
2021-10-13 13:24:07 +02:00
|
|
|
def _ensure_state_event(self, event: Union[EventBase, EventBuilder]) -> None:
|
2019-07-31 17:36:20 +02:00
|
|
|
if not event.is_state():
|
|
|
|
raise SynapseError(400, "'%s' must be state events" % (event.type,))
|
2021-08-26 18:07:58 +02:00
|
|
|
|
|
|
|
|
|
|
|
POWER_LEVELS_SCHEMA = {
|
|
|
|
"type": "object",
|
|
|
|
"properties": {
|
|
|
|
"ban": {"$ref": "#/definitions/int"},
|
|
|
|
"events": {"$ref": "#/definitions/objectOfInts"},
|
|
|
|
"events_default": {"$ref": "#/definitions/int"},
|
|
|
|
"invite": {"$ref": "#/definitions/int"},
|
|
|
|
"kick": {"$ref": "#/definitions/int"},
|
|
|
|
"notifications": {"$ref": "#/definitions/objectOfInts"},
|
|
|
|
"redact": {"$ref": "#/definitions/int"},
|
|
|
|
"state_default": {"$ref": "#/definitions/int"},
|
|
|
|
"users": {"$ref": "#/definitions/objectOfInts"},
|
|
|
|
"users_default": {"$ref": "#/definitions/int"},
|
|
|
|
},
|
|
|
|
"definitions": {
|
|
|
|
"int": {
|
|
|
|
"type": "integer",
|
|
|
|
"minimum": CANONICALJSON_MIN_INT,
|
|
|
|
"maximum": CANONICALJSON_MAX_INT,
|
|
|
|
},
|
|
|
|
"objectOfInts": {
|
|
|
|
"type": "object",
|
|
|
|
"additionalProperties": {"$ref": "#/definitions/int"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-10-13 13:24:07 +02:00
|
|
|
# This could return something newer than Draft 7, but that's the current "latest"
|
|
|
|
# validator.
|
2022-01-25 21:29:28 +01:00
|
|
|
def _create_power_level_validator() -> Type[jsonschema.Draft7Validator]:
|
2021-08-26 18:07:58 +02:00
|
|
|
validator = jsonschema.validators.validator_for(POWER_LEVELS_SCHEMA)
|
|
|
|
|
|
|
|
# by default jsonschema does not consider a frozendict to be an object so
|
|
|
|
# we need to use a custom type checker
|
|
|
|
# https://python-jsonschema.readthedocs.io/en/stable/validate/?highlight=object#validating-with-additional-types
|
|
|
|
type_checker = validator.TYPE_CHECKER.redefine(
|
|
|
|
"object", lambda checker, thing: isinstance(thing, collections.abc.Mapping)
|
|
|
|
)
|
|
|
|
|
|
|
|
return jsonschema.validators.extend(validator, type_checker=type_checker)
|
|
|
|
|
|
|
|
|
|
|
|
plValidator = _create_power_level_validator()
|