Better validate event contents

This commit is contained in:
Sorunome 2020-06-29 12:02:18 +00:00 committed by Christian Pauly
parent 00be163153
commit fd406987c1
7 changed files with 16 additions and 16 deletions

View file

@ -448,7 +448,7 @@ class KeyManager {
/// Handle an incoming to_device event that is related to key sharing /// Handle an incoming to_device event that is related to key sharing
Future<void> handleToDeviceEvent(ToDeviceEvent event) async { Future<void> handleToDeviceEvent(ToDeviceEvent event) async {
if (event.type == 'm.room_key_request') { if (event.type == 'm.room_key_request') {
if (!event.content.containsKey('request_id')) { if (!(event.content['request_id'] is String)) {
return; // invalid event return; // invalid event
} }
if (event.content['action'] == 'request') { if (event.content['action'] == 'request') {

View file

@ -1345,7 +1345,7 @@ class MatrixApi {
.codeUnits .codeUnits
: await streamedResponse.stream.first), : await streamedResponse.stream.first),
); );
if (!jsonResponse.containsKey('content_uri')) { if (!(jsonResponse['content_uri'] is String)) {
throw MatrixException.fromJson(jsonResponse); throw MatrixException.fromJson(jsonResponse);
} }
return jsonResponse['content_uri']; return jsonResponse['content_uri'];

View file

@ -28,7 +28,7 @@ class LoginResponse {
userId = json['user_id']; userId = json['user_id'];
accessToken = json['access_token']; accessToken = json['access_token'];
deviceId = json['device_id']; deviceId = json['device_id'];
if (json.containsKey('well_known')) { if (json['well_known'] is Map) {
wellKnownInformations = wellKnownInformations =
WellKnownInformations.fromJson(json['well_known']); WellKnownInformations.fromJson(json['well_known']);
} }

View file

@ -324,7 +324,7 @@ class Database extends _$Database {
// is there a transaction id? Then delete the event with this id. // is there a transaction id? Then delete the event with this id.
if (status != -1 && if (status != -1 &&
eventUpdate.content.containsKey('unsigned') && eventUpdate.content['unsigned'] is Map &&
eventUpdate.content['unsigned']['transaction_id'] is String) { eventUpdate.content['unsigned']['transaction_id'] is String) {
await removeEvent(clientId, await removeEvent(clientId,
eventUpdate.content['unsigned']['transaction_id'], chatId); eventUpdate.content['unsigned']['transaction_id'], chatId);

View file

@ -60,7 +60,7 @@ class Event extends MatrixEvent {
/// Optional. The event that redacted this event, if any. Otherwise null. /// Optional. The event that redacted this event, if any. Otherwise null.
Event get redactedBecause => Event get redactedBecause =>
unsigned != null && unsigned.containsKey('redacted_because') unsigned != null && unsigned['redacted_because'] is Map
? Event.fromJson(unsigned['redacted_because'], room) ? Event.fromJson(unsigned['redacted_because'], room)
: null; : null;
@ -206,7 +206,7 @@ class Event extends MatrixEvent {
unsigned: unsigned, unsigned: unsigned,
room: room); room: room);
String get messageType => (content.containsKey('m.relates_to') && String get messageType => (content['m.relates_to'] is Map &&
content['m.relates_to']['m.in_reply_to'] != null) content['m.relates_to']['m.in_reply_to'] != null)
? MessageTypes.Reply ? MessageTypes.Reply
: content['msgtype'] ?? MessageTypes.Text; : content['msgtype'] ?? MessageTypes.Text;
@ -353,8 +353,8 @@ class Event extends MatrixEvent {
bool get hasThumbnail => bool get hasThumbnail =>
content['info'] is Map<String, dynamic> && content['info'] is Map<String, dynamic> &&
(content['info'].containsKey('thumbnail_url') || (content['info']['thumbnail_url'] is String ||
content['info'].containsKey('thumbnail_file')); content['info']['thumbnail_file'] is Map);
/// Downloads (and decryptes if necessary) the attachment of this /// Downloads (and decryptes if necessary) the attachment of this
/// event and returns it as a [MatrixFile]. If this event doesn't /// event and returns it as a [MatrixFile]. If this event doesn't
@ -366,16 +366,16 @@ class Event extends MatrixEvent {
throw ("This event has the type '$type' and so it can't contain an attachment."); throw ("This event has the type '$type' and so it can't contain an attachment.");
} }
if (!getThumbnail && if (!getThumbnail &&
!content.containsKey('url') && !(content['url'] is String) &&
!content.containsKey('file')) { !(content['file'] is Map)) {
throw ("This event hasn't any attachment."); throw ("This event hasn't any attachment.");
} }
if (getThumbnail && !hasThumbnail) { if (getThumbnail && !hasThumbnail) {
throw ("This event hasn't any thumbnail."); throw ("This event hasn't any thumbnail.");
} }
final isEncrypted = getThumbnail final isEncrypted = getThumbnail
? !content['info'].containsKey('thumbnail_url') ? !(content['info']['thumbnail_url'] is String)
: !content.containsKey('url'); : !(content['url'] is String);
if (isEncrypted && !room.client.encryptionEnabled) { if (isEncrypted && !room.client.encryptionEnabled) {
throw ('Encryption is not enabled in your Client.'); throw ('Encryption is not enabled in your Client.');

View file

@ -931,7 +931,7 @@ class Room {
/// Sets this room as a direct chat for this user if not already. /// Sets this room as a direct chat for this user if not already.
Future<void> addToDirectChat(String userID) async { Future<void> addToDirectChat(String userID) async {
var directChats = client.directChats; var directChats = client.directChats;
if (directChats.containsKey(userID)) { if (directChats[userID] is List) {
if (!directChats[userID].contains(id)) { if (!directChats[userID].contains(id)) {
directChats[userID].add(id); directChats[userID].add(id);
} else { } else {
@ -952,7 +952,7 @@ class Room {
/// Removes this room from all direct chat tags. /// Removes this room from all direct chat tags.
Future<void> removeFromDirectChat() async { Future<void> removeFromDirectChat() async {
var directChats = client.directChats; var directChats = client.directChats;
if (directChats.containsKey(directChatMatrixID) && if (directChats[directChatMatrixID] is List &&
directChats[directChatMatrixID].contains(id)) { directChats[directChatMatrixID].contains(id)) {
directChats[directChatMatrixID].remove(id); directChats[directChatMatrixID].remove(id);
} else { } else {

View file

@ -147,11 +147,11 @@ class Timeline {
if (i < events.length) events.removeAt(i); if (i < events.length) events.removeAt(i);
} }
// Is this event already in the timeline? // Is this event already in the timeline?
else if (eventUpdate.content.containsKey('unsigned') && else if (eventUpdate.content['unsigned'] is Map &&
eventUpdate.content['unsigned']['transaction_id'] is String) { eventUpdate.content['unsigned']['transaction_id'] is String) {
var i = _findEvent( var i = _findEvent(
event_id: eventUpdate.content['event_id'], event_id: eventUpdate.content['event_id'],
unsigned_txid: eventUpdate.content.containsKey('unsigned') unsigned_txid: eventUpdate.content['unsigned'] is Map
? eventUpdate.content['unsigned']['transaction_id'] ? eventUpdate.content['unsigned']['transaction_id']
: null); : null);