Page MenuHomePhabricator
Create Task
Maniphest T74567

Need security review for WikiGrok extension
Closed, ResolvedPublic
Actions

Description

Need to get a security review of the new WikiGrok extension so that it can be deployed to the cluster. This should be trivial as it's just a small API at this point.

Version: wmf-deployment
Severity: normal

Details

Reference
bz72567

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:53 AM
bzimport added a project: Wikimedia-Extension-setup.
bzimport set Reference to bz72567.
kaldari created this task.Oct 27 2014, 5:38 PM
kaldari added a comment.Oct 27 2014, 10:48 PM

Current code: https://git.wikimedia.org/tree/mediawiki%2Fextensions%2FWikiGrok.git

More info: https://www.mediawiki.org/wiki/Extension:MobileFrontend/WikiGrok

csteipp added a comment.Oct 29 2014, 6:34 PM

I talked through the dataflow and interfaces for this with Kaldari and Max. The mobile team should continue to review each other's code for basic security flaws, but nothing in the architecture really concerns me.

One todo coming out of this is to invalidate the cache for fast campaigns when wikidata notifies of updates, so that deleted/suppressed wikidata items aren't displayed. But that doesn't need to block deployment.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL