Hookshot can crash if it fails to send a message event to a room. This is true for at least RSS feed update notices.
For example, sending a feed update notice in a room where Hookshot doesn't have a sufficient power level to send messages triggers this uncaught error:
ERROR 14:43:18:761 [MatrixHttpClient] (REQ-89) {
errcode: 'M_FORBIDDEN',
error: "You don't have permission to post that to the room. user_level (0) < send_level (50)"
}
/bin/matrix-hookshot/node_modules/matrix-bot-sdk/lib/http.js:95
throw new MatrixError_1.MatrixError(errBody, response.statusCode);
^
MatrixError: M_FORBIDDEN: You don't have permission to post that to the room. user_level (0) < send_level (50)
at doHttpRequest (/bin/matrix-hookshot/node_modules/matrix-bot-sdk/lib/http.js:95:15)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async descriptor.value (/bin/matrix-hookshot/node_modules/matrix-bot-sdk/lib/metrics/decorators.js:19:32)
at async descriptor.value (/bin/matrix-hookshot/node_modules/matrix-bot-sdk/lib/metrics/decorators.js:19:32)
at async descriptor.value (/bin/matrix-hookshot/node_modules/matrix-bot-sdk/lib/metrics/decorators.js:19:32)
at async descriptor.value (/bin/matrix-hookshot/node_modules/matrix-bot-sdk/lib/metrics/decorators.js:19:32)
at async descriptor.value (/bin/matrix-hookshot/node_modules/matrix-bot-sdk/lib/metrics/decorators.js:78:32)
at async FeedConnection.handleFeedEntry (/bin/matrix-hookshot/Connections/FeedConnection.js:173:9) {
body: {
errcode: 'M_FORBIDDEN',
error: "You don't have permission to post that to the room. user_level (0) < send_level (50)"
},
statusCode: 403,
errcode: 'M_FORBIDDEN',
error: "You don't have permission to post that to the room. user_level (0) < send_level (50)",
retryAfterMs: undefined
}
Hookshot should catch errors like this so that power level violations aren't fatal.
This issue means that someone can intentionally sabotage a shared Hookshot by inviting it to a room, stripping it of messaging privileges, and connecting it to a noisy RSS feed.
Hookshot can crash if it fails to send a message event to a room. This is true for at least RSS feed update notices.
For example, sending a feed update notice in a room where Hookshot doesn't have a sufficient power level to send messages triggers this uncaught error:
Hookshot should catch errors like this so that power level violations aren't fatal.
This issue means that someone can intentionally sabotage a shared Hookshot by inviting it to a room, stripping it of messaging privileges, and connecting it to a noisy RSS feed.