mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2024-12-19 17:56:19 +03:00
Code Issues Projects Releases Packages Wiki Activity

Sanitise accepted fields in _update_stats_delta_txn

Browse source 
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
This commit is contained in:
Olivier Wilkinson (reivilibre) 2019-08-20 15:41:10 +01:00
parent 6a19f7e101
commit 981c6cf544
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
synapse/storage/stats.py
View file

@ -15,6 +15,7 @@
# limitations under the License.
import logging
from itertools import chain
from twisted.internet import defer
@ -160,6 +161,17 @@ class StatsStore(StateDeltasStore):
quantised_ts = self.quantise_stats_time(int(ts))
end_ts = quantised_ts + self.stats_bucket_size
for field in chain(fields.keys(), absolute_fields.keys()):
if (
field not in ABSOLUTE_STATS_FIELDS[stats_type]
and field not in PER_SLICE_FIELDS[stats_type]
):
# guard against potential SQL injection dodginess
raise ValueError(
"%s is not a recognised field"
" for stats type %s" % (field, stats_type)
)
field_sqls = ["%s = %s + ?" % (field, field) for field in fields.keys()]
field_values = list(fields.values())