Skip to content

Audit or add validation to rest endpoints in synapse/rest/client/filter.py #14265

New issue
New issue
Open
Open
Audit or add validation to rest endpoints in synapse/rest/client/filter.py#14265
Labels
A-ValidationT-EnhancementZ-Cleanup
@matrixbot

Description

@matrixbot
matrixbot
opened on Dec 20, 2023

This issue has been migrated from #14265.

Only one endpoint here: CreateFilterRestServlet's POST

(there's a GET endpoint but there's not much to validate there)

We have a JSONSchema for filter definitions. Could try using https://pydantic-docs.helpmanual.io/datamodel_code_generator/ to generate the model rather than doing it from first principles.

python -c 'from synapse.api.filtering import USER_FILTER_SCHEMA; import json; print(json.dumps(USER_FILTER_SCHEMA))' | datamodel-codegen --input-file-type jsonschema --strict-types str int bool float

# generated by datamodel-codegen:
#   filename:  <stdin>
#   timestamp: 2022-10-21T21:37:20+00:00

from __future__ import annotations

from enum import Enum
from typing import List, Optional

from pydantic import BaseModel, Extra, Field, StrictBool, StrictFloat, StrictStr, constr


class EventFormat(Enum):
    client = 'client'
    federation = 'federation'


class RoomIdArray(BaseModel):
    __root__: List[StrictStr]


class UserIdArray(BaseModel):
    __root__: List[StrictStr]


class Filter(BaseModel):
    class Config:
        extra = Extra.forbid

    limit: Optional[StrictFloat] = None
    senders: Optional[UserIdArray] = None
    not_senders: Optional[UserIdArray] = None
    types: Optional[List[StrictStr]] = None
    not_types: Optional[List[StrictStr]] = None
    org_matrix_msc3874_rel_types: Optional[List[StrictStr]] = Field(
        None, alias='org.matrix.msc3874.rel_types'
    )
    org_matrix_msc3874_not_rel_types: Optional[List[StrictStr]] = Field(
        None, alias='org.matrix.msc3874.not_rel_types'
    )


class RoomEventFilter(BaseModel):
    class Config:
        extra = Extra.forbid

    limit: Optional[StrictFloat] = None
    senders: Optional[UserIdArray] = None
    not_senders: Optional[UserIdArray] = None
    types: Optional[List[StrictStr]] = None
    not_types: Optional[List[StrictStr]] = None
    rooms: Optional[RoomIdArray] = None
    not_rooms: Optional[RoomIdArray] = None
    contains_url: Optional[StrictBool] = None
    lazy_load_members: Optional[StrictBool] = None
    include_redundant_members: Optional[StrictBool] = None
    unread_thread_notifications: Optional[StrictBool] = None
    org_matrix_msc3773_unread_thread_notifications: Optional[StrictBool] = Field(
        None, alias='org.matrix.msc3773.unread_thread_notifications'
    )
    org_matrix_labels: Optional[List[StrictStr]] = Field(
        None, alias='org.matrix.labels'
    )
    org_matrix_not_labels: Optional[List[StrictStr]] = Field(
        None, alias='org.matrix.not_labels'
    )
    related_by_senders: Optional[List[StrictStr]] = None
    related_by_rel_types: Optional[List[StrictStr]] = None


class RoomFilter(BaseModel):
    class Config:
        extra = Extra.forbid

    not_rooms: Optional[RoomIdArray] = None
    rooms: Optional[RoomIdArray] = None
    ephemeral: Optional[RoomEventFilter] = None
    include_leave: Optional[StrictBool] = None
    state: Optional[RoomEventFilter] = None
    timeline: Optional[RoomEventFilter] = None
    account_data: Optional[RoomEventFilter] = None


class Model(BaseModel):
    class Config:
        extra = Extra.forbid

    presence: Optional[Filter] = None
    account_data: Optional[Filter] = None
    room: Optional[RoomFilter] = None
    event_format: Optional[EventFormat] = None
    event_fields: Optional[List[constr(regex=r'^((?!\\\\).)*$', strict=True)]] = None

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-ValidationT-EnhancementZ-Cleanup

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions