Clarify what key content-specific rules match against. (#1441)

pull/1462/head
Patrick Cloke 2 years ago committed by GitHub
parent b441b19cc3
commit afae1083aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1 @@
Clarify what event property the content-specific push rules match against.

@ -934,6 +934,14 @@ The `address` is the telephone number represented as a MSISDN (Mobile
Station International Subscriber Directory Number) as defined by the Station International Subscriber Directory Number) as defined by the
E.164 numbering plan. Note that MSISDNs do not include a leading '+'. E.164 numbering plan. Note that MSISDNs do not include a leading '+'.
## Glob-style matching
It is useful to match strings via globbing in some situations. Globbing in Matrix
uses the following rules:
* The character `*` matches zero or more characters.
* `?` matches exactly one character.
## Security Threat Model ## Security Threat Model
### Denial of Service ### Denial of Service

@ -75,8 +75,8 @@ technique for receiving updates to the policy's rules.
#### Events #### Events
The `entity` described by the state events can contain `*` and `?` to The `entity` described by the state events is interpreted as a
match zero or more characters and exactly one character respectively. Note that [glob-style pattern](/appendices#glob-style-matching). Note that
rules against rooms can describe a room ID or room alias - the rules against rooms can describe a room ID or room alias - the
subscriber is responsible for resolving the alias to a room ID if subscriber is responsible for resolving the alias to a room ID if
desired. desired.

@ -155,8 +155,12 @@ The different `kind`s of rule, in the order that they are checked, are:
1. **Content-specific rules (`content`).** 1. **Content-specific rules (`content`).**
These configure behaviour for (unencrypted) messages that match certain These configure behaviour for (unencrypted) messages that match certain
patterns. Content rules take one parameter: `pattern`, that gives the patterns. Content rules take one parameter: `pattern`, that gives the
glob pattern to match against. This is treated in the same way as [glob-style pattern](/appendices#glob-style-matching) to match against.
`pattern` for `event_match`. The match is performed case-insensitively, and must match any substring of
the `content.body` property which starts and ends at a word boundary. A word
boundary is defined as the start or end of the value, or any character not
in the sets `[A-Z]`, `[a-z]`, `[0-9]` or `_`.The exact meaning of
"case insensitive" is defined by the implementation of the homeserver.
1. **Room-specific rules (`room`).** 1. **Room-specific rules (`room`).**
These rules change the behaviour of all messages for a given room. The These rules change the behaviour of all messages for a given room. The
@ -264,18 +268,13 @@ This is a glob pattern match on a field of the event. Parameters:
- `key`: The dot-separated path of the property of the event to match, e.g. - `key`: The dot-separated path of the property of the event to match, e.g.
`content.body`. `content.body`.
- `pattern`: The glob-style pattern to match against. - `pattern`: The [glob-style pattern](/appendices#glob-style-matching) to match against.
The match is performed case-insensitively, and must match the entire value of The match is performed case-insensitively, and must match the entire value of
the event field given by `key` (though see below regarding `content.body`). The the event field given by `key` (though see below regarding `content.body`). The
exact meaning of "case insensitive" is defined by the implementation of the exact meaning of "case insensitive" is defined by the implementation of the
homeserver. homeserver.
Within `pattern`:
* The character `*` matches zero or more characters.
* `?` matches exactly one character.
If the property specified by `key` is completely absent from the event, or does If the property specified by `key` is completely absent from the event, or does
not have a string value, then the condition will not match, even if `pattern` not have a string value, then the condition will not match, even if `pattern`
is `*`. is `*`.

@ -34,8 +34,8 @@ properties:
pattern: pattern:
type: string type: string
description: |- description: |-
Required for `event_match` conditions. The glob-style pattern to Required for `event_match` conditions. The [glob-style pattern](/appendices#glob-style-matching)
match against. to match against.
is: is:
type: string type: string
description: |- description: |-

@ -46,8 +46,8 @@ properties:
pattern: pattern:
type: string type: string
description: |- description: |-
The glob-style pattern to match against. Only applicable to `content` The [glob-style pattern](/appendices#glob-style-matching) to match against.
rules. Only applicable to `content` rules.
required: required:
- actions - actions
- default - default

@ -7,8 +7,8 @@ description: |-
server ACL. Servers that do not uphold the ACLs MUST be added to the denied hosts server ACL. Servers that do not uphold the ACLs MUST be added to the denied hosts
list in order for the ACLs to remain effective. list in order for the ACLs to remain effective.
The `allow` and `deny` lists are lists of globs supporting `?` and `*` The `allow` and `deny` lists are lists of [glob-style patterns](/appendices#glob-style-matching).
as wildcards. When comparing against the server ACLs, the suspect server's port When comparing against the server ACLs, the suspect server's port
number must not be considered. Therefore `evil.com`, `evil.com:8448`, and number must not be considered. Therefore `evil.com`, `evil.com:8448`, and
`evil.com:1234` would all match rules that apply to `evil.com`, for example. `evil.com:1234` would all match rules that apply to `evil.com`, for example.
@ -61,8 +61,7 @@ properties:
type: array type: array
description: |- description: |-
The server names to allow in the room, excluding any port information. The server names to allow in the room, excluding any port information.
Wildcards may be used to cover a wider range of hosts, where `*` Each entry is interpreted as a [glob-style pattern](/appendices#glob-style-matching).
matches zero or more characters and `?` matches exactly one character.
**This defaults to an empty list when not provided, effectively disallowing **This defaults to an empty list when not provided, effectively disallowing
every server.** every server.**
@ -72,8 +71,7 @@ properties:
type: array type: array
description: |- description: |-
The server names to disallow in the room, excluding any port information. The server names to disallow in the room, excluding any port information.
Wildcards may be used to cover a wider range of hosts, where `*` Each entry is interpreted as a [glob-style pattern](/appendices#glob-style-matching).
matches zero or more characters and `?` matches exactly one character.
This defaults to an empty list when not provided. This defaults to an empty list when not provided.
items: items:

Loading…
Cancel
Save