gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18612 Commits
842 Branches
288 MiB
 
 
 
 
 
 
Tree: 4b965c862d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4b965c862d'
${ noResults }
synapse/synapse/events/spamcheck.py

286 lines
10 KiB
Raw Blame History 

  1. # Copyright 2017 New Vector Ltd

  2. # Copyright 2019 The Matrix.org Foundation C.I.C.

  3. #

  4. # Licensed under the Apache License, Version 2.0 (the "License");

  5. # you may not use this file except in compliance with the License.

  6. # You may obtain a copy of the License at

  7. #

  8. #     http://www.apache.org/licenses/LICENSE-2.0

  9. #

  10. # Unless required by applicable law or agreed to in writing, software

  11. # distributed under the License is distributed on an "AS IS" BASIS,

  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. # See the License for the specific language governing permissions and

  14. # limitations under the License.

  15. 

  16. import inspect

  17. import logging

  18. from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple, Union

  19. 

  20. from synapse.rest.media.v1._base import FileInfo

  21. from synapse.rest.media.v1.media_storage import ReadableFileWrapper

  22. from synapse.spam_checker_api import RegistrationBehaviour

  23. from synapse.types import Collection

  24. from synapse.util.async_helpers import maybe_awaitable

  25. 

  26. if TYPE_CHECKING:

  27.     import synapse.events

  28.     import synapse.server

  29. 

  30. logger = logging.getLogger(__name__)

  31. 

  32. 

  33. class SpamChecker:

  34.     def __init__(self, hs: "synapse.server.HomeServer"):

  35.         self.spam_checkers = []  # type: List[Any]

  36.         api = hs.get_module_api()

  37. 

  38.         for module, config in hs.config.spam_checkers:

  39.             # Older spam checkers don't accept the `api` argument, so we

  40.             # try and detect support.

  41.             spam_args = inspect.getfullargspec(module)

  42.             if "api" in spam_args.args:

  43.                 self.spam_checkers.append(module(config=config, api=api))

  44.             else:

  45.                 self.spam_checkers.append(module(config=config))

  46. 

  47.     async def check_event_for_spam(

  48.         self, event: "synapse.events.EventBase"

  49.     ) -> Union[bool, str]:

  50.         """Checks if a given event is considered "spammy" by this server.

  51. 

  52.         If the server considers an event spammy, then it will be rejected if

  53.         sent by a local user. If it is sent by a user on another server, then

  54.         users receive a blank event.

  55. 

  56.         Args:

  57.             event: the event to be checked

  58. 

  59.         Returns:

  60.             True or a string if the event is spammy. If a string is returned it

  61.             will be used as the error message returned to the user.

  62.         """

  63.         for spam_checker in self.spam_checkers:

  64.             if await maybe_awaitable(spam_checker.check_event_for_spam(event)):

  65.                 return True

  66. 

  67.         return False

  68. 

  69.     async def user_may_invite(

  70.         self, inviter_userid: str, invitee_userid: str, room_id: str

  71.     ) -> bool:

  72.         """Checks if a given user may send an invite

  73. 

  74.         If this method returns false, the invite will be rejected.

  75. 

  76.         Args:

  77.             inviter_userid: The user ID of the sender of the invitation

  78.             invitee_userid: The user ID targeted in the invitation

  79.             room_id: The room ID

  80. 

  81.         Returns:

  82.             True if the user may send an invite, otherwise False

  83.         """

  84.         for spam_checker in self.spam_checkers:

  85.             if (

  86.                 await maybe_awaitable(

  87.                     spam_checker.user_may_invite(

  88.                         inviter_userid, invitee_userid, room_id

  89.                     )

  90.                 )

  91.                 is False

  92.             ):

  93.                 return False

  94. 

  95.         return True

  96. 

  97.     async def user_may_create_room(self, userid: str) -> bool:

  98.         """Checks if a given user may create a room

  99. 

  100.         If this method returns false, the creation request will be rejected.

  101. 

  102.         Args:

  103.             userid: The ID of the user attempting to create a room

  104. 

  105.         Returns:

  106.             True if the user may create a room, otherwise False

  107.         """

  108.         for spam_checker in self.spam_checkers:

  109.             if (

  110.                 await maybe_awaitable(spam_checker.user_may_create_room(userid))

  111.                 is False

  112.             ):

  113.                 return False

  114. 

  115.         return True

  116. 

  117.     async def user_may_create_room_alias(self, userid: str, room_alias: str) -> bool:

  118.         """Checks if a given user may create a room alias

  119. 

  120.         If this method returns false, the association request will be rejected.

  121. 

  122.         Args:

  123.             userid: The ID of the user attempting to create a room alias

  124.             room_alias: The alias to be created

  125. 

  126.         Returns:

  127.             True if the user may create a room alias, otherwise False

  128.         """

  129.         for spam_checker in self.spam_checkers:

  130.             if (

  131.                 await maybe_awaitable(

  132.                     spam_checker.user_may_create_room_alias(userid, room_alias)

  133.                 )

  134.                 is False

  135.             ):

  136.                 return False

  137. 

  138.         return True

  139. 

  140.     async def user_may_publish_room(self, userid: str, room_id: str) -> bool:

  141.         """Checks if a given user may publish a room to the directory

  142. 

  143.         If this method returns false, the publish request will be rejected.

  144. 

  145.         Args:

  146.             userid: The user ID attempting to publish the room

  147.             room_id: The ID of the room that would be published

  148. 

  149.         Returns:

  150.             True if the user may publish the room, otherwise False

  151.         """

  152.         for spam_checker in self.spam_checkers:

  153.             if (

  154.                 await maybe_awaitable(

  155.                     spam_checker.user_may_publish_room(userid, room_id)

  156.                 )

  157.                 is False

  158.             ):

  159.                 return False

  160. 

  161.         return True

  162. 

  163.     async def check_username_for_spam(self, user_profile: Dict[str, str]) -> bool:

  164.         """Checks if a user ID or display name are considered "spammy" by this server.

  165. 

  166.         If the server considers a username spammy, then it will not be included in

  167.         user directory results.

  168. 

  169.         Args:

  170.             user_profile: The user information to check, it contains the keys:

  171.                 * user_id

  172.                 * display_name

  173.                 * avatar_url

  174. 

  175.         Returns:

  176.             True if the user is spammy.

  177.         """

  178.         for spam_checker in self.spam_checkers:

  179.             # For backwards compatibility, only run if the method exists on the

  180.             # spam checker

  181.             checker = getattr(spam_checker, "check_username_for_spam", None)

  182.             if checker:

  183.                 # Make a copy of the user profile object to ensure the spam checker

  184.                 # cannot modify it.

  185.                 if await maybe_awaitable(checker(user_profile.copy())):

  186.                     return True

  187. 

  188.         return False

  189. 

  190.     async def check_registration_for_spam(

  191.         self,

  192.         email_threepid: Optional[dict],

  193.         username: Optional[str],

  194.         request_info: Collection[Tuple[str, str]],

  195.         auth_provider_id: Optional[str] = None,

  196.     ) -> RegistrationBehaviour:

  197.         """Checks if we should allow the given registration request.

  198. 

  199.         Args:

  200.             email_threepid: The email threepid used for registering, if any

  201.             username: The request user name, if any

  202.             request_info: List of tuples of user agent and IP that

  203.                 were used during the registration process.

  204.             auth_provider_id: The SSO IdP the user used, e.g "oidc", "saml",

  205.                 "cas". If any. Note this does not include users registered

  206.                 via a password provider.

  207. 

  208.         Returns:

  209.             Enum for how the request should be handled

  210.         """

  211. 

  212.         for spam_checker in self.spam_checkers:

  213.             # For backwards compatibility, only run if the method exists on the

  214.             # spam checker

  215.             checker = getattr(spam_checker, "check_registration_for_spam", None)

  216.             if checker:

  217.                 # Provide auth_provider_id if the function supports it

  218.                 checker_args = inspect.signature(checker)

  219.                 if len(checker_args.parameters) == 4:

  220.                     d = checker(

  221.                         email_threepid,

  222.                         username,

  223.                         request_info,

  224.                         auth_provider_id,

  225.                     )

  226.                 elif len(checker_args.parameters) == 3:

  227.                     d = checker(email_threepid, username, request_info)

  228.                 else:

  229.                     logger.error(

  230.                         "Invalid signature for %s.check_registration_for_spam. Denying registration",

  231.                         spam_checker.__module__,

  232.                     )

  233.                     return RegistrationBehaviour.DENY

  234. 

  235.                 behaviour = await maybe_awaitable(d)

  236.                 assert isinstance(behaviour, RegistrationBehaviour)

  237.                 if behaviour != RegistrationBehaviour.ALLOW:

  238.                     return behaviour

  239. 

  240.         return RegistrationBehaviour.ALLOW

  241. 

  242.     async def check_media_file_for_spam(

  243.         self, file_wrapper: ReadableFileWrapper, file_info: FileInfo

  244.     ) -> bool:

  245.         """Checks if a piece of newly uploaded media should be blocked.

  246. 

  247.         This will be called for local uploads, downloads of remote media, each

  248.         thumbnail generated for those, and web pages/images used for URL

  249.         previews.

  250. 

  251.         Note that care should be taken to not do blocking IO operations in the

  252.         main thread. For example, to get the contents of a file a module

  253.         should do::

  254. 

  255.             async def check_media_file_for_spam(

  256.                 self, file: ReadableFileWrapper, file_info: FileInfo

  257.             ) -> bool:

  258.                 buffer = BytesIO()

  259.                 await file.write_chunks_to(buffer.write)

  260. 

  261.                 if buffer.getvalue() == b"Hello World":

  262.                     return True

  263. 

  264.                 return False

  265. 

  266. 

  267.         Args:

  268.             file: An object that allows reading the contents of the media.

  269.             file_info: Metadata about the file.

  270. 

  271.         Returns:

  272.             True if the media should be blocked or False if it should be

  273.             allowed.

  274.         """

  275. 

  276.         for spam_checker in self.spam_checkers:

  277.             # For backwards compatibility, only run if the method exists on the

  278.             # spam checker

  279.             checker = getattr(spam_checker, "check_media_file_for_spam", None)

  280.             if checker:

  281.                 spam = await maybe_awaitable(checker(file_wrapper, file_info))

  282.                 if spam:

  283.                     return True

  284. 

  285.         return False