Check if instances are lists, not sequences. ()

As a str is a sequence, the checks were not granular
enough and would allow lists or strings, when only
lists were valid.
This commit is contained in:
Patrick Cloke 2022-03-02 08:18:51 -05:00 committed by GitHub
parent f3f0ab10fe
commit 1103c5fe8a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 5 deletions
changelog.d
synapse

1
changelog.d/12128.misc Normal file
View file

@ -0,0 +1 @@
Fix data validation to compare to lists, not sequences.

View file

@ -1428,7 +1428,7 @@ class FederationClient(FederationBase):
# Validate children_state of the room. # Validate children_state of the room.
children_state = room.pop("children_state", []) children_state = room.pop("children_state", [])
if not isinstance(children_state, Sequence): if not isinstance(children_state, list):
raise InvalidResponseError("'room.children_state' must be a list") raise InvalidResponseError("'room.children_state' must be a list")
if any(not isinstance(e, dict) for e in children_state): if any(not isinstance(e, dict) for e in children_state):
raise InvalidResponseError("Invalid event in 'children_state' list") raise InvalidResponseError("Invalid event in 'children_state' list")
@ -1440,14 +1440,14 @@ class FederationClient(FederationBase):
# Validate the children rooms. # Validate the children rooms.
children = res.get("children", []) children = res.get("children", [])
if not isinstance(children, Sequence): if not isinstance(children, list):
raise InvalidResponseError("'children' must be a list") raise InvalidResponseError("'children' must be a list")
if any(not isinstance(r, dict) for r in children): if any(not isinstance(r, dict) for r in children):
raise InvalidResponseError("Invalid room in 'children' list") raise InvalidResponseError("Invalid room in 'children' list")
# Validate the inaccessible children. # Validate the inaccessible children.
inaccessible_children = res.get("inaccessible_children", []) inaccessible_children = res.get("inaccessible_children", [])
if not isinstance(inaccessible_children, Sequence): if not isinstance(inaccessible_children, list):
raise InvalidResponseError("'inaccessible_children' must be a list") raise InvalidResponseError("'inaccessible_children' must be a list")
if any(not isinstance(r, str) for r in inaccessible_children): if any(not isinstance(r, str) for r in inaccessible_children):
raise InvalidResponseError( raise InvalidResponseError(
@ -1630,7 +1630,7 @@ def _validate_hierarchy_event(d: JsonDict) -> None:
raise ValueError("Invalid event: 'content' must be a dict") raise ValueError("Invalid event: 'content' must be a dict")
via = content.get("via") via = content.get("via")
if not isinstance(via, Sequence): if not isinstance(via, list):
raise ValueError("Invalid event: 'via' must be a list") raise ValueError("Invalid event: 'via' must be a list")
if any(not isinstance(v, str) for v in via): if any(not isinstance(v, str) for v in via):
raise ValueError("Invalid event: 'via' must be a list of strings") raise ValueError("Invalid event: 'via' must be a list of strings")

View file

@ -857,7 +857,7 @@ class _RoomEntry:
def _has_valid_via(e: EventBase) -> bool: def _has_valid_via(e: EventBase) -> bool:
via = e.content.get("via") via = e.content.get("via")
if not via or not isinstance(via, Sequence): if not via or not isinstance(via, list):
return False return False
for v in via: for v in via:
if not isinstance(v, str): if not isinstance(v, str):