Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate data passed to REST api endpoints #13147

Open
14 of 75 tasks
matrixbot opened this issue Dec 19, 2023 · 0 comments
Open
14 of 75 tasks

Validate data passed to REST api endpoints #13147

matrixbot opened this issue Dec 19, 2023 · 0 comments
Labels
A-Validation T-Task

Comments

@matrixbot
Copy link
Collaborator

matrixbot commented Dec 19, 2023
edited
Loading

This issue has been migrated from #13147.

Tracking issue for https://github.com/matrix-org/synapse/milestone/9

List files which contain rest endpoints as follows:

As with matrix-org/synapse#12651 (comment), we should concentrate on finding something which provides good error messages first, and good type information second. I think Pydantic is the best choice; I've had a go with it in https://github.com/matrix-org/synapse/commits/dmr/oidc-config-pydantic for validating some of our config. The rest endpoint payloads should be considerably simpler to validate.

$ rg -l --case-sensitive "def .*(POST|PUT|DELETE|GET).*\(" synapse | sort | sed -e 's/^/- [ ] /'

To generate todo lists for each individual file, use the following write-only program:

sed -n -e 's/.*class \(.*\)(.*Servlet):.*/- [ ] \1/p' -e 's/.*def on_\(.*\)(.*/  - \1/p' synapse/rest/client/devices.py

app

  • synapse/app/generic_worker.py

federation

  • synapse/federation/transport/server/federation.py
  • synapse/federation/transport/server/init.py

http

  • synapse/http/server.py

metrics

  • synapse/metrics/_exposition.py

rest/admin

  • synapse/rest/admin/background_updates.py
  • synapse/rest/admin/devices.py
  • synapse/rest/admin/event_reports.py
  • synapse/rest/admin/federation.py
  • synapse/rest/admin/init.py
  • synapse/rest/admin/media.py
  • synapse/rest/admin/registration_tokens.py
  • synapse/rest/admin/rooms.py
  • synapse/rest/admin/server_notice_servlet.py
  • synapse/rest/admin/statistics.py
  • synapse/rest/admin/username_available.py
  • synapse/rest/admin/users.py

rest/client

  • synapse/rest/client/account_data.py, Dummy issue #13148
  • Dummy issue #13183
  • Dummy issue #13184
  • synapse/rest/client/auth.py
  • synapse/rest/client/_base.py
  • synapse/rest/client/capabilities.py (nothing to validate)
  • Dummy issue #14052
  • Dummy issue #14176
  • synapse/rest/client/events.py
  • Audit or add validation to rest endpoints in synapse/rest/client/filter.py #14265
  • synapse/rest/client/initial_sync.py
  • Audit or add validation to endpoints in synapse/rest/client/keys.py #14266
  • synapse/rest/client/knock.py
  • synapse/rest/client/login.py
  • synapse/rest/client/logout.py
  • synapse/rest/client/mutual_rooms.py
  • synapse/rest/client/notifications.py
  • synapse/rest/client/openid.py
  • synapse/rest/client/password_policy.py
  • synapse/rest/client/presence.py
  • synapse/rest/client/profile.py
  • synapse/rest/client/pusher.py
  • synapse/rest/client/push_rule.py
  • synapse/rest/client/read_marker.py
  • synapse/rest/client/receipts.py
  • synapse/rest/client/register.py
  • synapse/rest/client/relations.py (nothing to validate)
  • synapse/rest/client/report_event.py
  • synapse/rest/client/room_keys.py
  • synapse/rest/client/room.py
  • synapse/rest/client/room_upgrade_rest_servlet.py
  • synapse/rest/client/sendtodevice.py
  • synapse/rest/client/sync.py
  • synapse/rest/client/tags.py
  • synapse/rest/client/thirdparty.py
  • synapse/rest/client/tokenrefresh.py
  • synapse/rest/client/user_directory.py
  • synapse/rest/client/versions.py (nothing to validate)
  • synapse/rest/client/voip.py (nothing to validate)

rest/key

  • synapse/rest/key/v2/local_key_resource.py (nothing to validate)
  • synapse/rest/key/v2/remote_key_resource.py Dummy issue #16183

rest/media

  • synapse/rest/media/v1/config_resource.py (nothing to validate)
  • synapse/rest/media/v1/download_resource.py
  • synapse/rest/media/v1/preview_url_resource.py
  • synapse/rest/media/v1/thumbnail_resource.py
  • synapse/rest/media/v1/upload_resource.py

rest/synapse/client

  • synapse/rest/synapse/client/new_user_consent.py
  • synapse/rest/synapse/client/oidc/callback_resource.py
  • synapse/rest/synapse/client/password_reset.py
  • synapse/rest/synapse/client/pick_idp.py
  • synapse/rest/synapse/client/pick_username.py
  • synapse/rest/synapse/client/saml2/metadata_resource.py
  • synapse/rest/synapse/client/saml2/response_resource.py
  • synapse/rest/synapse/client/sso_register.py
  • synapse/rest/synapse/client/unsubscribe.py

rest miscellaneous

  • synapse/rest/consent/consent_resource.py
  • synapse/rest/well_known.py (nothing to validate)
  • synapse/rest/health.py (nothing to validate)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Validation T-Task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matrixbot