Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Strictly enforce canonicaljson requirements in a new room version#7381

Merged
clokep merged 13 commits intodevelopfrom
clokep/strict-json
May 14, 2020
Merged

Strictly enforce canonicaljson requirements in a new room version#7381
clokep merged 13 commits intodevelopfrom
clokep/strict-json

Conversation

@clokep
Copy link
Member

@clokep clokep commented Apr 30, 2020
edited
Loading

This PR does the following:

  • Adds an experimental room version which strictly adheres to the canonical JSON specification:
    • Rejects integers outside of the range of [-2 ^ 53 + 1, 2 ^ 53 - 1]
    • Rejects floats
    • Does not parse Python special values (NaN, Infinity, -Infinity)
  • Logic to strictly enforce this is added to the client-server API and the federation API.

Replaces #7356

Implements MSC2540: matrix-org/matrix-spec-proposals#2540.

To Do

  • Perform more testing with federation.
  • Does this need to be optimized? (Some really rough numbers show that this about doubles the runtime of event_from_pdu_json.)
    • No!
  • Can we consolidate some of this validation logic further?

@clokep clokep requested a review from a team April 30, 2020 18:28
@clokep
Copy link
Member Author

clokep commented Apr 30, 2020

Requesting review on this to get some thoughts on the approach.

clokep
clokep commented Apr 30, 2020
View reviewed changes
@clokep
Copy link
Member Author

clokep commented Apr 30, 2020

I did some testing with two different clients:

  • The server rejects bad messages from a client.
  • The server will reject a bad message over fedation from another server.
  • The server will reject a bad message while backfilling from another server.

Are there other scenarios to test?

@ara4n
Copy link
Member

ara4n commented May 2, 2020

It's not a canonicaljson thing, but, while we're adding a new room version, might be good to check that power levels have to be ints rather than strings (and perhaps sanitycheck other type safety in synapse)

@richvdh
Copy link
Member

richvdh commented May 4, 2020

power levels have to be ints rather than strings (and perhaps sanitycheck other type safety in synapse)

that is the thin end of a very large wedge. I think we're better off keeping this constrained for now.

anoadragon453
anoadragon453 reviewed May 13, 2020
View reviewed changes
synapse/events/utils.py
raise SynapseError(400, "JSON integer out of range", Codes.BAD_JSON)

elif isinstance(value, float):
# Note that Infinity, -Infinity, and NaN are also considered floats.
Copy link
Member

@anoadragon453 anoadragon453 May 13, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CanonicalJSON indeed does aim to represent all floats as ints, just in case anyone was unsure about blocking all floats: https://matrix.org/docs/spec/appendices#canonical-json

Copy link
Member Author

@clokep clokep May 13, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, as the description says all floats need to be rejected. I didn't find the specification super clear here unless you read into the grammar though. I think we could improve that.

@anoadragon453 anoadragon453 mentioned this pull request May 14, 2020
Closed
@clokep clokep requested a review from richvdh May 14, 2020 13:43
richvdh
richvdh reviewed May 14, 2020
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks like generally the right plan to me.

I wouldn't be too worried about performance here: event_from_pdu_json is called only once for each event, and it tends to happen on workers rather than on the master.

@clokep clokep marked this pull request as ready for review May 14, 2020 16:42
@clokep clokep requested a review from richvdh May 14, 2020 16:43
richvdh
richvdh approved these changes May 14, 2020
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@clokep clokep merged commit 56b66db into develop May 14, 2020
@clokep clokep deleted the clokep/strict-json branch May 14, 2020 17:24
This was referenced May 14, 2020
Merged
Open
phil-flex pushed a commit to phil-flex/synapse that referenced this pull request Jun 16, 2020
@clokep @phil-flex
Strictly enforce canonicaljson requirements in a new room version (ma…
040b9a0 
…trix-org#7381)
@clokep clokep mentioned this pull request Jul 23, 2020
Open
This was referenced Sep 22, 2022
Open
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@anoadragon453 anoadragon453 anoadragon453 left review comments

@richvdh richvdh richvdh approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@clokep @ara4n @richvdh @anoadragon453