Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

validate room alias before interacting with the room directory #13106

Merged
merged 5 commits into from
Jun 22, 2022
Merged

validate room alias before interacting with the room directory #13106

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3862d25
patch: validate room alias prior to calling internal functions
santhoshivan23 Jun 19, 2022
2ab8510
add changelog entry for PR #13106
santhoshivan23 Jun 19, 2022
2173f94
linted rest/client/directory.py
santhoshivan23 Jun 19, 2022
b1b3748
format changelog entry
santhoshivan23 Jun 20, 2022
f776fba
Rectifies error codes for invalid params and test cases for invalid r…
santhoshivan23 Jun 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/13106.bugfix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Validates room alias before calling internal functions
DMRobertson marked this conversation as resolved.
Show resolved Hide resolved
6 changes: 6 additions & 0 deletions synapse/rest/client/directory.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ def __init__(self, hs: "HomeServer"):
self.auth = hs.get_auth()

async def on_GET(self, request: Request, room_alias: str) -> Tuple[int, JsonDict]:
if not RoomAlias.is_valid(room_alias):
raise SynapseError(400, "Room alias invalid", errcode=Codes.BAD_JSON)
room_alias_obj = RoomAlias.from_string(room_alias)

res = await self.directory_handler.get_association(room_alias_obj)
Expand All @@ -55,6 +57,8 @@ async def on_GET(self, request: Request, room_alias: str) -> Tuple[int, JsonDict
async def on_PUT(
self, request: SynapseRequest, room_alias: str
) -> Tuple[int, JsonDict]:
if not RoomAlias.is_valid(room_alias):
raise SynapseError(400, "Room alias invalid", errcode=Codes.BAD_JSON)
room_alias_obj = RoomAlias.from_string(room_alias)

content = parse_json_object_from_request(request)
Expand Down Expand Up @@ -89,6 +93,8 @@ async def on_PUT(
async def on_DELETE(
self, request: SynapseRequest, room_alias: str
) -> Tuple[int, JsonDict]:
if not RoomAlias.is_valid(room_alias):
raise SynapseError(400, "Room alias invalid", errcode=Codes.BAD_JSON)
room_alias_obj = RoomAlias.from_string(room_alias)
requester = await self.auth.get_user_by_req(request)

Expand Down