Validate data passed to REST api endpoints #13147

DMRobertson · 2022-06-30T21:00:57Z

Tracking issue for https://github.com/matrix-org/synapse/milestone/9

List files which contain rest endpoints as follows:

As with #12651 (comment), we should concentrate on finding something which provides good error messages first, and good type information second. I think Pydantic is the best choice; I've had a go with it in https://github.com/matrix-org/synapse/commits/dmr/oidc-config-pydantic for validating some of our config. The rest endpoint payloads should be considerably simpler to validate.

$ rg -l --case-sensitive "def .*(POST|PUT|DELETE|GET).*\(" synapse | sort | sed -e 's/^/- [ ] /'

To generate todo lists for each individual file, use the following write-only program:

sed -n -e 's/.*class \(.*\)(.*Servlet):.*/- [ ] \1/p' -e 's/.*def on_\(.*\)(.*/  - \1/p' synapse/rest/client/devices.py

app

synapse/app/generic_worker.py

federation

synapse/federation/transport/server/federation.py
synapse/federation/transport/server/init.py

http

synapse/http/server.py

metrics

synapse/metrics/_exposition.py

rest/admin

rest/client

rest/key

synapse/rest/key/v2/local_key_resource.py (nothing to validate)
synapse/rest/key/v2/remote_key_resource.py Validate input to /key/query endpoint. #16183

rest/media

synapse/rest/media/v1/config_resource.py (nothing to validate)
synapse/rest/media/v1/download_resource.py
synapse/rest/media/v1/preview_url_resource.py
synapse/rest/media/v1/thumbnail_resource.py
synapse/rest/media/v1/upload_resource.py

rest/synapse/client

synapse/rest/synapse/client/new_user_consent.py
synapse/rest/synapse/client/oidc/callback_resource.py
synapse/rest/synapse/client/password_reset.py
synapse/rest/synapse/client/pick_idp.py
synapse/rest/synapse/client/pick_username.py
synapse/rest/synapse/client/saml2/metadata_resource.py
synapse/rest/synapse/client/saml2/response_resource.py
synapse/rest/synapse/client/sso_register.py
synapse/rest/synapse/client/unsubscribe.py

rest miscellaneous

synapse/rest/consent/consent_resource.py
synapse/rest/well_known.py (nothing to validate)
synapse/rest/health.py (nothing to validate)

The text was updated successfully, but these errors were encountered:

DMRobertson added this to the Validate data passed to REST endpoints milestone Jun 30, 2022

DMRobertson added A-Validation 500 (mostly) errors due to lack of event/parameter validation T-Task Refactoring, removal, replacement, enabling or disabling functionality, other engineering tasks. labels Jun 30, 2022

DMRobertson mentioned this issue Aug 9, 2022

Create Room Client API Fails with { errcode: 'M_UNKNOWN', error: 'Internal server error' } #13482

Closed

dklimpel mentioned this issue Nov 29, 2022

Thumbnailer fails with requested width=0 or height=0 #14579

Open

DMRobertson mentioned this issue Jan 30, 2023

Prefer type(x) is int to isinstance(x, int) #14945

Merged

clokep mentioned this issue Aug 1, 2023

Add dict instance check before accessing it #15944

Closed

4 tasks

clokep mentioned this issue Aug 25, 2023

Validate input to /key/query endpoint. #16183

Merged

matrixbot mentioned this issue Dec 21, 2023

Validate data passed to REST api endpoints element-hq/synapse#13147

Open

75 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validate data passed to REST api endpoints #13147

Validate data passed to REST api endpoints #13147

DMRobertson commented Jun 30, 2022 •

edited by clokep

Loading

Validate data passed to REST api endpoints #13147

Validate data passed to REST api endpoints #13147

Comments

DMRobertson commented Jun 30, 2022 • edited by clokep Loading

app

federation

http

metrics

rest/admin

rest/client

rest/key

rest/media

rest/synapse/client

rest miscellaneous

DMRobertson commented Jun 30, 2022 •

edited by clokep

Loading