Add additional validation to pusher URLs. (#8865)

Pusher URLs now must end in `/_matrix/push/v1/notify` per the
specification.

2 files changed, 16 insertions, 3 deletions

diff --git a/synapse/push/__init__.py b/synapse/push/__init__.py

index 5a437f9810..e462fb2e13 100644
--- a/synapse/push/__init__.py
+++ b/synapse/push/__init__.py
@@ -15,5 +15,4 @@
 
 
 class PusherConfigException(Exception):
-    def __init__(self, msg):
-        super().__init__(msg)
+    """An error occurred when creating a pusher."""
diff --git a/synapse/push/httppusher.py b/synapse/push/httppusher.py

index 0e845212a9..6a0ee8274c 100644
--- a/synapse/push/httppusher.py
+++ b/synapse/push/httppusher.py
@@ -14,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import logging
+import urllib.parse
 
 from prometheus_client import Counter
 
@@ -97,9 +98,22 @@ class HttpPusher:
         if self.data is None:
             raise PusherConfigException("data can not be null for HTTP pusher")
 
+        # Validate that there's a URL and it is of the proper form.
         if "url" not in self.data:
             raise PusherConfigException("'url' required in data for HTTP pusher")
-        self.url = self.data["url"]
+
+        url = self.data["url"]
+        if not isinstance(url, str):
+            raise PusherConfigException("'url' must be a string")
+        url_parts = urllib.parse.urlparse(url)
+        # Note that the specification also says the scheme must be HTTPS, but
+        # it isn't up to the homeserver to verify that.
+        if url_parts.path != "/_matrix/push/v1/notify":
+            raise PusherConfigException(
+                "'url' must have a path of '/_matrix/push/v1/notify'"
+            )
+
+        self.url = url
         self.http_client = hs.get_proxied_blacklisted_http_client()
         self.data_minus_url = {}
         self.data_minus_url.update(self.data)