summary refs log tree commit diff
path: root/synapse/storage/stats.py
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/storage/stats.py')
-rw-r--r--synapse/storage/stats.py12
1 files changed, 12 insertions, 0 deletions
diff --git a/synapse/storage/stats.py b/synapse/storage/stats.py

index 0445b97b4a..a372f35eae 100644
--- a/synapse/storage/stats.py
+++ b/synapse/storage/stats.py
@@ -15,6 +15,7 @@
 # limitations under the License.
 
 import logging
+from itertools import chain
 
 from twisted.internet import defer
 
@@ -160,6 +161,17 @@ class StatsStore(StateDeltasStore):
         quantised_ts = self.quantise_stats_time(int(ts))
         end_ts = quantised_ts + self.stats_bucket_size
 
+        for field in chain(fields.keys(), absolute_fields.keys()):
+            if (
+                field not in ABSOLUTE_STATS_FIELDS[stats_type]
+                and field not in PER_SLICE_FIELDS[stats_type]
+            ):
+                # guard against potential SQL injection dodginess
+                raise ValueError(
+                    "%s is not a recognised field"
+                    " for stats type %s" % (field, stats_type)
+                )
+
         field_sqls = ["%s = %s + ?" % (field, field) for field in fields.keys()]
         field_values = list(fields.values())
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-07 21:09:47 +0000