Add basic domain validation for DomainSpecificString.is_valid. (#9071)

This checks that the domain given to `DomainSpecificString.is_valid` (e.g. `UserID`, `RoomAlias`, etc.) is of a valid form. Previously some validation was done on the localpart (e.g. the sigil), but not the domain portion.
matrix-org · Jan 13, 2021 · 98a64b7 · 98a64b7
1 parent aa4d8c1
commit 98a64b7
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/changelog.d/9071.bugfix b/changelog.d/9071.bugfix
@@ -0,0 +1 @@
+Fix "Failed to send request" errors when a client provides an invalid room alias.
diff --git a/synapse/types.py b/synapse/types.py
@@ -37,6 +37,7 @@
 from unpaddedbase64 import decode_base64
 
 from synapse.api.errors import Codes, SynapseError
+from synapse.http.endpoint import parse_and_validate_server_name
 
 if TYPE_CHECKING:
     from synapse.appservice.api import ApplicationService
@@ -257,8 +258,13 @@ def to_string(self) -> str:
 
     @classmethod
     def is_valid(cls: Type[DS], s: str) -> bool:
+        """Parses the input string and attempts to ensure it is valid."""
         try:
-            cls.from_string(s)
+            obj = cls.from_string(s)
+            # Apply additional validation to the domain. This is only done
+            # during  is_valid (and not part of from_string) since it is
+            # possible for invalid data to exist in room-state, etc.
+            parse_and_validate_server_name(obj.domain)
             return True
         except Exception:
             return False

diff --git a/tests/test_types.py b/tests/test_types.py
@@ -58,6 +58,10 @@ def test_build(self):
 
         self.assertEquals(room.to_string(), "#channel:my.domain")
 
+    def test_validate(self):
+        id_string = "#test:domain,test"
+        self.assertFalse(RoomAlias.is_valid(id_string))
+
 
 class GroupIDTestCase(unittest.TestCase):
     def test_parse(self):