From dd59f1ecbf861cf23d6b3497cddb4b7d352c11ee Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Tue, 26 Jul 2022 11:14:05 +0100 Subject: [PATCH] Log when we get an invalid body on certain CS-API requests Some endpoints currently accept an invalid JSON object in the request body, which we should stop. As a starting point, let's log when it happens so that we can fix it. --- changelog.d/13386.misc | 1 + synapse/rest/client/room.py | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 changelog.d/13386.misc diff --git a/changelog.d/13386.misc b/changelog.d/13386.misc new file mode 100644 index 0000000000..ac0d9c9c08 --- /dev/null +++ b/changelog.d/13386.misc @@ -0,0 +1 @@ +Log when we get an invalid request body on room membership requests. diff --git a/synapse/rest/client/room.py b/synapse/rest/client/room.py index 2f513164cb..42a2c72b81 100644 --- a/synapse/rest/client/room.py +++ b/synapse/rest/client/room.py @@ -319,9 +319,10 @@ class JoinRoomAliasServlet(ResolveRoomIdMixin, TransactionRestServlet): try: content = parse_json_object_from_request(request) - except Exception: + except Exception as e: # Turns out we used to ignore the body entirely, and some clients # cheekily send invalid bodies. + logger.warning("Ignoring invalid body on POST %s: %s", request.path, e) content = {} # twisted.web.server.Request.args is incorrectly defined as Optional[Any] @@ -855,9 +856,10 @@ class RoomMembershipRestServlet(TransactionRestServlet): try: content = parse_json_object_from_request(request) - except Exception: + except Exception as e: # Turns out we used to ignore the body entirely, and some clients # cheekily send invalid bodies. + logger.warning("Ignoring invalid body on POST %s: %s", request.path, e) content = {} if membership_action == "invite" and self._has_3pid_invite_keys(content):