From 924ae2b0d4a28b568d2fd40e482d860605074650 Mon Sep 17 00:00:00 2001
From: Eric Eastwood <erice@element.io>
Date: Wed, 14 Sep 2022 17:15:03 -0500
Subject: [PATCH] Track when the pulled event signature fails

Part of https://github.com/matrix-org/synapse/issues/13700
---
 synapse/federation/federation_base.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/synapse/federation/federation_base.py b/synapse/federation/federation_base.py
index abe2c1971a19..23175847e19d 100644
--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@@ -80,7 +80,13 @@ async def _check_sigs_and_hash(
           InvalidEventSignatureError if the signature check failed. Nothing
              will be logged in this case.
         """
-        await _check_sigs_on_pdu(self.keyring, room_version, pdu)
+        try:
+            await _check_sigs_on_pdu(self.keyring, room_version, pdu)
+        except Exception as exc:
+            await self._store.record_event_failed_pull_attempt(
+                pdu.room_id, pdu.event_id, str(exc)
+            )
+            raise exc
 
         if not check_event_content_hash(pdu):
             # let's try to distinguish between failures because the event was
@@ -116,6 +122,9 @@ async def _check_sigs_and_hash(
                         "event_id": pdu.event_id,
                     }
                 )
+                await self._store.record_event_failed_pull_attempt(
+                    pdu.room_id, pdu.event_id, "Event content has been tampered with"
+                )
             return redacted_event
 
         spam_check = await self.spam_checker.check_event_for_spam(pdu)