mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2024-12-18 17:10:43 +03:00
Code Issues Projects Releases Packages Wiki Activity

Same behavior for no result and result blacklisted

Browse source
This commit is contained in:
Andrew Morgan 2019-05-03 14:23:31 -07:00
parent 131b9c00c6
commit 13f430cee4
3 changed files with 26 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
synapse/http/client.py
View file

@ -82,7 +82,6 @@ class IPBlacklistingResolver(object):
reactor (twisted.internet.reactor) reactor (twisted.internet.reactor)
ip_whitelist (netaddr.IPSet) ip_whitelist (netaddr.IPSet)
ip_blacklist (netaddr.IPSet) ip_blacklist (netaddr.IPSet)
federation (bool): this resolver is for federation traffic
""" """
self._reactor = reactor self._reactor = reactor
self._ip_whitelist = ip_whitelist self._ip_whitelist = ip_whitelist
@ -104,7 +103,7 @@ class IPBlacklistingResolver(object):
ip_address, self._ip_whitelist, self._ip_blacklist ip_address, self._ip_whitelist, self._ip_blacklist
): ):
logger.info( logger.info(
"Dropped %s from DNS resolution to %s" % (ip_address, hostname) "Dropped %s from DNS resolution to %s due to blacklist" % (ip_address, hostname)
) )
has_bad_ip = True has_bad_ip = True
@ -165,9 +164,9 @@ class BlacklistingAgentWrapper(Agent):
ip_address, self._ip_whitelist, self._ip_blacklist ip_address, self._ip_whitelist, self._ip_blacklist
): ):
logger.info( logger.info(
"Blocking access to %s because of blacklist" % (ip_address,) "Blocking access to %s because of blacklist. Returning 0 results" % (ip_address,)
) )
e = SynapseError(403, "IP address blocked by IP blacklist entry") e = SynapseError(404, "No results found")
return defer.fail(Failure(e)) return defer.fail(Failure(e))
except Exception: except Exception:
# Not an IP # Not an IP

9
synapse/rest/media/v1/preview_url_resource.py
View file

@ -31,6 +31,7 @@ from six.moves import urllib_parse as urlparse
from canonicaljson import json from canonicaljson import json
from twisted.internet import defer from twisted.internet import defer
from twisted.internet.error import DNSLookupError
from twisted.web.resource import Resource from twisted.web.resource import Resource
from twisted.web.server import NOT_DONE_YET from twisted.web.server import NOT_DONE_YET
@ -331,6 +332,14 @@ class PreviewUrlResource(Resource):
except Exception as e: except Exception as e:
# FIXME: pass through 404s and other error messages nicely # FIXME: pass through 404s and other error messages nicely
logger.warn("Error downloading %s: %r", url, e) logger.warn("Error downloading %s: %r", url, e)
if isinstance(e, DNSLookupError):
# DNS lookup returned no results
# Note: This will also be the case if the found IP address is blacklisted
raise SynapseError(
404, "No results found", Codes.UNKNOWN
)
raise SynapseError( raise SynapseError(
500, "Failed to download content: %s" % ( 500, "Failed to download content: %s" % (
traceback.format_exception_only(sys.exc_info()[0], e), traceback.format_exception_only(sys.exc_info()[0], e),

28
tests/rest/media/v1/test_url_preview.py
View file

@ -297,12 +297,12 @@ class URLPreviewTests(unittest.HomeserverTestCase):
# No requests made. # No requests made.
self.assertEqual(len(self.reactor.tcpClients), 0) self.assertEqual(len(self.reactor.tcpClients), 0)
self.assertEqual(channel.code, 403) self.assertEqual(channel.code, 404)
self.assertEqual( self.assertEqual(
channel.json_body, channel.json_body,
{ {
'errcode': 'M_UNKNOWN', 'errcode': 'M_UNKNOWN',
'error': 'IP address blocked by IP blacklist entry', 'error': 'No results found',
}, },
) )
@ -318,12 +318,12 @@ class URLPreviewTests(unittest.HomeserverTestCase):
request.render(self.preview_url) request.render(self.preview_url)
self.pump() self.pump()
self.assertEqual(channel.code, 403) self.assertEqual(channel.code, 404)
self.assertEqual( self.assertEqual(
channel.json_body, channel.json_body,
{ {
'errcode': 'M_UNKNOWN', 'errcode': 'M_UNKNOWN',
'error': 'IP address blocked by IP blacklist entry', 'error': 'No results found',
}, },
) )
@ -339,14 +339,14 @@ class URLPreviewTests(unittest.HomeserverTestCase):
# No requests made. # No requests made.
self.assertEqual(len(self.reactor.tcpClients), 0) self.assertEqual(len(self.reactor.tcpClients), 0)
self.assertEqual(channel.code, 403)
self.assertEqual( self.assertEqual(
channel.json_body, channel.json_body,
{ {
'errcode': 'M_UNKNOWN', 'errcode': 'M_UNKNOWN',
'error': 'IP address blocked by IP blacklist entry', 'error': 'No results found',
}, },
) )
self.assertEqual(channel.code, 404)
def test_blacklisted_ip_range_direct(self): def test_blacklisted_ip_range_direct(self):
""" """
@ -358,12 +358,12 @@ class URLPreviewTests(unittest.HomeserverTestCase):
request.render(self.preview_url) request.render(self.preview_url)
self.pump() self.pump()
self.assertEqual(channel.code, 403) self.assertEqual(channel.code, 404)
self.assertEqual( self.assertEqual(
channel.json_body, channel.json_body,
{ {
'errcode': 'M_UNKNOWN', 'errcode': 'M_UNKNOWN',
'error': 'IP address blocked by IP blacklist entry', 'error': 'No results found',
}, },
) )
@ -414,12 +414,12 @@ class URLPreviewTests(unittest.HomeserverTestCase):
) )
request.render(self.preview_url) request.render(self.preview_url)
self.pump() self.pump()
self.assertEqual(channel.code, 403) self.assertEqual(channel.code, 404)
self.assertEqual( self.assertEqual(
channel.json_body, channel.json_body,
{ {
'errcode': 'M_UNKNOWN', 'errcode': 'M_UNKNOWN',
'error': 'IP address blocked by IP blacklist entry', 'error': 'No results found',
}, },
) )
@ -439,12 +439,12 @@ class URLPreviewTests(unittest.HomeserverTestCase):
# No requests made. # No requests made.
self.assertEqual(len(self.reactor.tcpClients), 0) self.assertEqual(len(self.reactor.tcpClients), 0)
self.assertEqual(channel.code, 403) self.assertEqual(channel.code, 404)
self.assertEqual( self.assertEqual(
channel.json_body, channel.json_body,
{ {
'errcode': 'M_UNKNOWN', 'errcode': 'M_UNKNOWN',
'error': 'IP address blocked by IP blacklist entry', 'error': 'No results found',
}, },
) )
@ -460,11 +460,11 @@ class URLPreviewTests(unittest.HomeserverTestCase):
request.render(self.preview_url) request.render(self.preview_url)
self.pump() self.pump()
self.assertEqual(channel.code, 403) self.assertEqual(channel.code, 404)
self.assertEqual( self.assertEqual(
channel.json_body, channel.json_body,
{ {
'errcode': 'M_UNKNOWN', 'errcode': 'M_UNKNOWN',
'error': 'IP address blocked by IP blacklist entry', 'error': 'No results found',
}, },
) )