async def _check_sigs_and_hash( self, room_version: RoomVersion, pdu: EventBase ) -> EventBase: """Checks that event is correctly signed by the sending server. Also checks the content hash, and redacts the event if there is a mismatch. Also runs the event through the spam checker; if it fails, redacts the event and flags it as soft-failed. Args: room_version: The room version of the PDU pdu: the event to be checked Returns: * the original event if the checks pass * a redacted version of the event (if the signature matched but the hash did not). In this case a warning will be logged. Raises: InvalidEventSignatureError if the signature check failed. Nothing will be logged in this case. """ await _check_sigs_on_pdu(self.keyring, room_version, pdu) if not check_event_content_hash(pdu): # let's try to distinguish between failures because the event was # redacted (which are somewhat expected) vs actual ball-tampering # incidents. # # This is just a heuristic, so we just assume that if the keys are # about the same between the redacted and received events, then the # received event was probably a redacted copy (but we then use our # *actual* redacted copy to be on the safe side.) redacted_event = prune_event(pdu) if set(redacted_event.keys()) == set(pdu.keys()) and set( redacted_event.content.keys() ) == set(pdu.content.keys()): logger.debug( "Event %s seems to have been redacted; using our redacted copy", pdu.event_id, ) else: logger.warning( "Event %s content has been tampered, redacting", pdu.event_id, ) return redacted_event spam_check = await self.spam_checker.check_event_for_spam(pdu) if spam_check != self.spam_checker.NOT_SPAM: logger.warning("Event contains spam, soft-failing %s", pdu.event_id) # we redact (to save disk space) as well as soft-failing (to stop # using the event in prev_events). redacted_event = prune_event(pdu) redacted_event.internal_metadata.soft_failed = True return redacted_event return pdu
async def _check_sigs_and_hash(self, room_version: RoomVersion, pdu: EventBase) -> EventBase: """Checks that event is correctly signed by the sending server. Args: room_version: The room version of the PDU pdu: the event to be checked Returns: * the original event if the checks pass * a redacted version of the event (if the signature matched but the hash did not) * throws a SynapseError if the signature check failed.""" try: await _check_sigs_on_pdu(self.keyring, room_version, pdu) except SynapseError as e: logger.warning( "Signature check failed for %s: %s", pdu.event_id, e, ) raise if not check_event_content_hash(pdu): # let's try to distinguish between failures because the event was # redacted (which are somewhat expected) vs actual ball-tampering # incidents. # # This is just a heuristic, so we just assume that if the keys are # about the same between the redacted and received events, then the # received event was probably a redacted copy (but we then use our # *actual* redacted copy to be on the safe side.) redacted_event = prune_event(pdu) if set(redacted_event.keys()) == set(pdu.keys()) and set( redacted_event.content.keys()) == set(pdu.content.keys()): logger.info( "Event %s seems to have been redacted; using our redacted copy", pdu.event_id, ) else: logger.warning( "Event %s content has been tampered, redacting", pdu.event_id, ) return redacted_event result = await self.spam_checker.check_event_for_spam(pdu) if result: logger.warning("Event contains spam, soft-failing %s", pdu.event_id) # we redact (to save disk space) as well as soft-failing (to stop # using the event in prev_events). redacted_event = prune_event(pdu) redacted_event.internal_metadata.soft_failed = True return redacted_event return pdu
def callback(_, pdu: EventBase): with PreserveLoggingContext(ctx): if not check_event_content_hash(pdu): # let's try to distinguish between failures because the event was # redacted (which are somewhat expected) vs actual ball-tampering # incidents. # # This is just a heuristic, so we just assume that if the keys are # about the same between the redacted and received events, then the # received event was probably a redacted copy (but we then use our # *actual* redacted copy to be on the safe side.) redacted_event = prune_event(pdu) if set(redacted_event.keys()) == set(pdu.keys()) and set( redacted_event.content.keys()) == set( pdu.content.keys()): logger.info( "Event %s seems to have been redacted; using our redacted " "copy", pdu.event_id, ) else: logger.warning( "Event %s content has been tampered, redacting", pdu.event_id, ) return redacted_event result = yield defer.ensureDeferred( self.spam_checker.check_event_for_spam(pdu)) if result: logger.warning( "Event contains spam, redacting %s: %s", pdu.event_id, pdu.get_pdu_json(), ) return prune_event(pdu) return pdu