Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSON Filter Parameter Validation Error on Room Event Endpoint #16922

Closed
TrevisGordan opened this issue Feb 14, 2024 · 0 comments · Fixed by #16923
Closed

JSON Filter Parameter Validation Error on Room Event Endpoint #16922

TrevisGordan opened this issue Feb 14, 2024 · 0 comments · Fixed by #16923

Comments

@TrevisGordan
Copy link
Contributor

Description

I've identified an issue with the /rooms/{roomId}/context/{eventId} endpoint when using the filter query parameter. Specifically, if the filter parameter is provided with invalid JSON objects, it leads to a 500 Internal Server Error due to the absence of JSON validation for this parameter.

To address this, I propose the introduction of a parse_json servlet function, which would be responsible for parsing JSON objects from query parameters, similar to the existing parse_integer or parse_string functions. Additionally, incorporating an INVALID_PARAM error response stating "...must be a valid JSON object..." will enhance parameter validation.

Here's an example implementation snippet:

filter_json = parse_json(request, "filter", encoding="utf-8")

(See room.py: GitHub - element-hq/synapse)

On a side note, the API schema specification currently specifies a "string" value for the "filter" parameter. This should be changed to a RoomEventFilter object for clarity and accuracy as per the Matrix Client-Server API v1.9.

I will be submitting a pull request shortly to implement these changes for review.

Steps to reproduce

  • Call Endpoint with invalid filter query parameter
  • Reproduce with:
    curl -X GET 'http://matrix.localhost/_matrix/client/v3/rooms/!636q39766251:example.com/context/$f3h4d129462ha:example.com?limit=3&filter=66696p746572&access_token=≤TOKEN>'

Homeserver

local

Synapse Version

1.94.0

Installation Method

Docker (matrixdotorg/synapse)

Database

PostgreSQL and sqllite

Workers

Multiple workers

Platform

K8t

Configuration

No response

Relevant log output

"""
2024-01-31 08:26:29,861 - synapse.http.server - 140 - ERROR - GET-122093 - Failed handle request via 'RoomEventContextServlet': <XForwardedForRequest at 0x7fffbe7ccc40 method='GET' uri='/_matrix/client/v3/rooms/!636q39766251:example.com/context/$f3h4d129462ha:example.com?limit=3&filter=66696p746572&access_token=<redacted>' clientproto='HTTP/1.1' site='8083'>
"""
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/synapse/http/server.py", line 326, in _async_render_wrapper
    callback_return = await self._async_render(request)
  File "/usr/local/lib/python3.9/dist-packages/synapse/http/server.py", line 538, in _async_render
    callback_return = await raw_callback_return
  File "/usr/local/lib/python3.9/dist-packages/synapse/rest/client/room.py", line 899, in on_GET
    self._hs, json_decoder.decode(filter_json)
  File "/usr/lib/python3.9/json/decoder.py", line 340, in decode
    raise JSONDecodeError("Extra data", s, end)
json.decoder.JSONDecodeError: Extra data: line 1 column 6 (char 5)

Anything else that would be useful to know?

No response
TrevisGordan added a commit to TrevisGordan/synapse that referenced this issue Feb 15, 2024
@TrevisGordan
Implements parse_json function at filter_json appearances.
a040208 
Validating the JSON query parameter should fix element-hq#16922
@TrevisGordan TrevisGordan mentioned this issue Feb 15, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Parse json validation TrevisGordan/synapse
1 participant
@TrevisGordan