Ensure a group ID is valid before trying to get rooms for it. (#8129)

author: Patrick Cloke <clokep@users.noreply.github.com> 2020-08-20 06:41:32 -0400
committer: GitHub <noreply@github.com> 2020-08-20 06:41:32 -0400
commit: 731dfff3478d44cfe9b00491c353ca1086a70994 (patch)
tree: 45aec458b045fd6d846361e93b3d223c6ff32a05 /synapse
parent: Do not assume calls to runInteraction return Deferreds. (#8133) (diff)
download: synapse-731dfff3478d44cfe9b00491c353ca1086a70994.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/synapse/rest/client/v2_alpha/groups.py b/synapse/rest/client/v2_alpha/groups.py
index d84a6d7e11..13ecf7005d 100644
--- a/synapse/rest/client/v2_alpha/groups.py
+++ b/synapse/rest/client/v2_alpha/groups.py
@@ -16,6 +16,7 @@
 
 import logging
 
+from synapse.api.errors import SynapseError
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
 from synapse.types import GroupID
 
@@ -325,6 +326,9 @@ class GroupRoomServlet(RestServlet):
         requester = await self.auth.get_user_by_req(request, allow_guest=True)
         requester_user_id = requester.user.to_string()
 
+        if not GroupID.is_valid(group_id):
+            raise SynapseError(400, "%s was not legal group ID" % (group_id,))
+
         result = await self.groups_handler.get_rooms_in_group(
             group_id, requester_user_id
         )
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-08-20 06:41:32 -0400
committer	GitHub <noreply@github.com>	2020-08-20 06:41:32 -0400
commit	731dfff3478d44cfe9b00491c353ca1086a70994 (patch)
tree	45aec458b045fd6d846361e93b3d223c6ff32a05 /synapse
parent	Do not assume calls to runInteraction return Deferreds. (#8133) (diff)
download	synapse-731dfff3478d44cfe9b00491c353ca1086a70994.tar.xz