PoC for filtering spammy events (#2456)

Demonstration of how you might add some hooks to filter out spammy events.
2017-09-19 12:20:11 +01:00 · 2017-09-19 12:20:11 +01:00 · 5ed109d59f
parent 3f405b34e9
commit 5ed109d59f
3 changed files with 70 additions and 18 deletions
--- a/synapse/events/spamcheck.py
+++ b/synapse/events/spamcheck.py
@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+# Copyright 2017 New Vector Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+def check_event_for_spam(event):
+    """Checks if a given event is considered "spammy" by this server.
+
+    If the server considers an event spammy, then it will be rejected if
+    sent by a local user. If it is sent by a user on another server, then
+    users
+
+    Args:
+        event (synapse.events.EventBase): the event to be checked
+
+    Returns:
+        bool: True if the event is spammy.
+    """
+    if not hasattr(event, "content") or "body" not in event.content:
+        return False
+
+    # for example:
+    #
+    # if "the third flower is green" in event.content["body"]:
+    #    return True
+
+    return False
--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@ -12,21 +12,15 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
-
-from twisted.internet import defer
-
-from synapse.events.utils import prune_event
-
-from synapse.crypto.event_signing import check_event_content_hash
-
-from synapse.api.errors import SynapseError
-
-from synapse.util import unwrapFirstError
-from synapse.util.logcontext import preserve_fn, preserve_context_over_deferred
-
 import logging

+from synapse.api.errors import SynapseError
+from synapse.crypto.event_signing import check_event_content_hash
+from synapse.events import spamcheck
+from synapse.events.utils import prune_event
+from synapse.util import unwrapFirstError
+from synapse.util.logcontext import preserve_context_over_deferred, preserve_fn
+from twisted.internet import defer

 logger = logging.getLogger(__name__)

@ -117,12 +111,18 @@ class FederationBase(object):
        return self._check_sigs_and_hashes([pdu])[0]

    def _check_sigs_and_hashes(self, pdus):
-        """Throws a SynapseError if a PDU does not have the correct
-        signatures.
+        """Checks that each of the received events is correctly signed by the
+        sending server.
+
+        Args:
+            pdus (list[FrozenEvent]): the events to be checked

        Returns:
-            FrozenEvent: Either the given event or it redacted if it failed the
-            content hash check.
+            list[Deferred]: for each input event, a deferred which:
+              * returns the original event if the checks pass
+              * returns a redacted version of the event (if the signature
+                matched but the hash did not)
+              * throws a SynapseError if the signature check failed.
        """

        redacted_pdus = [
@ -142,6 +142,14 @@ class FederationBase(object):
                    pdu.event_id, pdu.get_pdu_json()
                )
                return redacted
+
+            if spamcheck.check_event_for_spam(pdu):
+                logger.warn(
+                    "Event contains spam, redacting %s: %s",
+                    pdu.event_id, pdu.get_pdu_json()
+                )
+                return redacted
+
            return pdu

        def errback(failure, pdu):
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@ -12,7 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+from synapse.events import spamcheck
 from twisted.internet import defer

 from synapse.api.constants import EventTypes, Membership
@ -321,6 +321,12 @@ class MessageHandler(BaseHandler):
            token_id=requester.access_token_id,
            txn_id=txn_id
        )
+
+        if spamcheck.check_event_for_spam(event):
+            raise SynapseError(
+                403, "Spam is not permitted here", Codes.FORBIDDEN
+            )
+
        yield self.send_nonmember_event(
            requester,
            event,