Page MenuHomePhabricator
Create Task
Maniphest T170251

Create AbuseFilter variable for file metadata size
Open, MediumPublic
Actions

Description

Some kinds of abuse (cf T129845) use file formats with flexible metadata fields to camouflage illegal uploads; the payload is hidden in e.g. the EXIF description field of a JPEG file. There is little reason for legitimate metadata to be larger than a few kilobytes; if the total metadata size was made available to anti-abuse tools, that would make the filtering of such uploads much easier.

Related Objects
Search...

Event Timeline

Tgr created this task.Jul 11 2017, 10:38 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 11 2017, 10:38 AM
Tgr renamed this task from Create AbuseFilter variable for metadata size to Create AbuseFilter variable for file metadata size.Jul 11 2017, 10:39 AM
zhuyifei1999 subscribed.Jul 12 2017, 8:00 PM

See also T154987

Calculating the size of 'file metadata' may require very deep analysis of the file binary data. Considering all the file formats that can be uploaded to Wikimedia, that could be quite a challenge.

dr0ptp4kt triaged this task as Medium priority.Jul 24 2017, 3:24 PM
dr0ptp4kt moved this task from Untriaged to Triaged on the Multimedia board.
MBinder_WMF added subscribers: Cparle, MBinder_WMF.Sep 11 2017, 4:32 PM

Per grooming, @Cparle to write a spike subtask for this :)

Cparle created subtask T175599: File metadata size extraction scoping.Sep 11 2017, 4:34 PM
Cparle added a comment.Sep 11 2017, 4:43 PM

Looks to be related to https://phabricator.wikimedia.org/T48921

Tgr mentioned this in T48921: Refuse uploading JPEG files with extra junk at the end..Sep 11 2017, 11:15 PM
matej_suchanek moved this task from Backlog to Uploading on the AbuseFilter board.Jan 19 2018, 7:51 PM
Cparle closed subtask T175599: File metadata size extraction scoping as Declined.Mar 18 2020, 4:09 PM
DannyS712 subscribed.Apr 27 2020, 3:26 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL