guard against accidental modification

matrix-org · Oct 13, 2020 · 898196f · 898196f
1 parent 617e8a4
commit 898196f
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 3 deletions.
diff --git a/synapse/events/__init__.py b/synapse/events/__init__.py
@@ -312,6 +312,12 @@ def auth_event_ids(self):
         """
         return [e for e, _ in self.auth_events]
 
+    def freeze(self):
+        """'Freeze' the event dict, so it cannot be modified by accident"""
+
+        # this will be a no-op if the event dict is already frozen.
+        self._dict = freeze(self._dict)
+
 
 class FrozenEvent(EventBase):
     format_version = EventFormatVersions.V1  # All events of this type are V1

diff --git a/synapse/events/third_party_rules.py b/synapse/events/third_party_rules.py
@@ -69,9 +69,10 @@ async def check_event_allowed(
         events = await self.store.get_events(prev_state_ids.values())
         state_events = {(ev.type, ev.state_key): ev for ev in events.values()}
 
-        # The module can modify the event slightly if it wants, but caution should be
-        # exercised, and it's likely to go very wrong if applied to events received over
-        # federation.
+        # Ensure that the event is frozen, to make sure that the module is not tempted
+        # to try to modify it. Any attempt to modify it at this point will invalidate
+        # the hashes and signatures.
+        event.freeze()
 
         return await self.third_party_rules.check_event_allowed(event, state_events)
 

diff --git a/tests/rest/client/test_third_party_rules.py b/tests/rest/client/test_third_party_rules.py
@@ -114,6 +114,26 @@ async def check(ev, state):
         self.render(request)
         self.assertEquals(channel.result["code"], b"403", channel.result)
 
+    def test_cannot_modify_event(self):
+        """cannot accidentally modify an event before it is persisted"""
+
+        # first patch the event checker so that it will try to modify the event
+        async def check(ev: EventBase, state):
+            ev.content = {"x": "y"}
+            return True
+
+        current_rules_module().check_event_allowed = check
+
+        # now send the event
+        request, channel = self.make_request(
+            "PUT",
+            "/_matrix/client/r0/rooms/%s/send/modifyme/1" % self.room_id,
+            {"x": "x"},
+            access_token=self.tok,
+        )
+        self.render(request)
+        self.assertEqual(channel.result["code"], b"500", channel.result)
+
     def test_modify_event(self):
         """The module can return a modified version of the event"""
         # first patch the event checker so that it will modify the event