Squah/unrevert fts changes on hotfix #7
Conversation
This reverts commit cd2f831.
Cross-user `m.key_share_requests` are a relatively new `to_device` message that allows user to re-request session keys for a message from another user if they were otherwise unable to retrieve them. Unfortunately, these have had performance concerns on matrix.org. This is a temporary patch to disable them while we investigate a better solution.
* develop: Don't unnecessarily start bg process in replication sending loop. (#8670) Don't unnecessarily start bg process while handling typing. (#8668)
Fixes: ``` builtins.TypeError: _reload_logging_config() takes 1 positional argument but 2 were given ```
…matrix-org-hotfixes
…matrix-org-hotfixes
Adds the redacts endpoint to workers that have the client listener.
This reverts a285fe0. Hopefully the cache is no longer required, thanks to
…matrix-org-hotfixes
This reverts fae708c. We believe this to be unnecessary---other Synapse deployments do not have this patch, and we are not aware of bridging problems as a result. Related: - matrix-org/matrix-appservice-irc#506 - matrix-org/synapse#4826
This reverts commit 81815e0.
This reverts commit 6758328.
…lities of the underlying DB. (#11635)" This reverts commit d902181.
This reverts commit 24409c7.
…h capabilities of the underlying DB. (#11635)"" This reverts commit 7e0dd52.
…. (#14310)"" This reverts commit 7f77f13.
This reverts commit 220af1d.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -410,6 +410,7 @@ | |||
| request, MsisdnRequestTokenBody | |||
| ) | |||
| msisdn = phone_number_to_msisdn(body.country, body.phone_number) | |||
| logger.info("Request #%s to verify ownership of %s", body.send_attempt, msisdn) | |||
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 months ago
To fix the problem, we should avoid logging the sensitive msisdn data directly. Instead, we can log a masked version of the phone number or omit it entirely from the logs. Masking involves replacing part of the phone number with asterisks or another character to obscure the sensitive information while still providing some context for debugging.
Steps to fix:
- Modify the logging statements to mask the
msisdnvariable. - Ensure that the masking function is implemented and used consistently.
| @@ -412,3 +412,4 @@ | ||
| msisdn = phone_number_to_msisdn(body.country, body.phone_number) | ||
| logger.info("Request #%s to verify ownership of %s", body.send_attempt, msisdn) | ||
| masked_msisdn = msisdn[:2] + "****" + msisdn[-2:] | ||
| logger.info("Request #%s to verify ownership of %s", body.send_attempt, masked_msisdn) | ||
|
|
||
| @@ -442,3 +443,4 @@ | ||
|
|
||
| logger.info("MSISDN %s is already in use by %s", msisdn, existing_user_id) | ||
| masked_msisdn = msisdn[:2] + "****" + msisdn[-2:] | ||
| logger.info("MSISDN %s is already in use by %s", masked_msisdn, existing_user_id) | ||
| raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE) | ||
| @@ -467,3 +469,4 @@ | ||
| ) | ||
| logger.info("MSISDN %s: got response from identity server: %s", msisdn, ret) | ||
| masked_msisdn = msisdn[:2] + "****" + msisdn[-2:] | ||
| logger.info("MSISDN %s: got response from identity server: %s", masked_msisdn, ret) | ||
|
|
| @@ -439,6 +440,7 @@ | |||
| await self.hs.get_clock().sleep(random.randint(1, 10) / 10) | |||
| return 200, {"sid": random_string(16)} | |||
|
|
|||
| logger.info("MSISDN %s is already in use by %s", msisdn, existing_user_id) | |||
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 months ago
To fix the problem, we should avoid logging the sensitive msisdn data directly. Instead, we can log a generic message or mask the sensitive parts of the phone number to ensure that it is not exposed in the logs.
- Replace the logging statement on line 443 to avoid logging the full
msisdn. - Introduce a utility function to mask the phone number if needed.
- Ensure that the new logging statement provides enough information for debugging without exposing sensitive data.
| @@ -442,3 +442,3 @@ | ||
|
|
||
| logger.info("MSISDN %s is already in use by %s", msisdn, existing_user_id) | ||
| logger.info("MSISDN is already in use by an existing user") | ||
| raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE) | ||
| @@ -467,3 +467,3 @@ | ||
| ) | ||
| logger.info("MSISDN %s: got response from identity server: %s", msisdn, ret) | ||
| logger.info("Received response from identity server for MSISDN verification request") | ||
|
|
| @@ -463,6 +465,7 @@ | |||
| threepid_send_requests.labels(type="msisdn", reason="add_threepid").observe( | |||
| body.send_attempt | |||
| ) | |||
| logger.info("MSISDN %s: got response from identity server: %s", msisdn, ret) | |||
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 months ago
To fix the problem, we should avoid logging the sensitive msisdn data directly. Instead, we can log a masked version of the phone number or omit it entirely from the log message. Masking involves replacing part of the phone number with asterisks or another character to obscure the sensitive information while still providing some context for debugging.
Steps to fix:
- Modify the log statement on line 468 to mask the
msisdnvalue. - Introduce a helper function to mask the phone number.
| @@ -467,3 +467,4 @@ | ||
| ) | ||
| logger.info("MSISDN %s: got response from identity server: %s", msisdn, ret) | ||
| masked_msisdn = msisdn[:2] + "****" + msisdn[-2:] | ||
| logger.info("MSISDN %s: got response from identity server: %s", masked_msisdn, ret) | ||
|
|
Pull Request Checklist
EventStoretoEventWorkerStore.".code blocks.(run the linters)