summary refs log tree commit diff
path: root/synapse/http
diff options
context:
space:
mode:
authorPatrick Cloke <clokep@users.noreply.github.com>2023-02-28 10:11:20 -0500
committerGitHub <noreply@github.com>2023-02-28 10:11:20 -0500
commite746f80b4fd57fb0296c06c11c8d1240fe118c45 (patch)
treef9711b6eb58551a1514002d3f60d945559a5d035 /synapse/http
parentAdd documentation for caching in a module (#14026) (diff)
downloadsynapse-e746f80b4fd57fb0296c06c11c8d1240fe118c45.tar.xz
Do not accept pattern_type from user input in push rules. (#15088)
Internally the push rules module uses a `pattern_type` property for `event_match`
conditions (and `related_event_match`) to mark the condition as matching the
current user's Matrix ID or localpart.

This is leaky to the Client-Server API where a user can successfully set a condition
which provides `pattern_type` instead of `pattern` (note that there's no benefit to
doing this -- the user can just use their own Matrix ID or localpart instead). When
serializing back to the client the `pattern_type` property is converted into a proper
`pattern`.

The following changes are made to avoid this:

* Separate the `KnownCondition::EventMatch` enum value into `EventMatch`
  and `EventMatchType`, each with their own expected properties. (Note that a
  similar change is made for `RelatedEventMatch`.)
* Make it such that the `pattern_type` variants serialize to the same condition kind,
  but cannot be deserialized (since they're only provided by base rules).
* As a final tweak, convert `user_id` vs. `user_localpart` values into an enum.
Diffstat (limited to 'synapse/http')
0 files changed, 0 insertions, 0 deletions