wikibugs IRC bot can see private commits in Gerrit?
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	matmarex
	Jan 30 2018, 12:17 AM

Description

wikibugs just reported this in #wikimedia-dev:

[16:10]	<wikibugs> (PS1) Siddparmar: Update numbers [wikimedia/TransparencyReport-private] - https://gerrit.wikimedia.org/r/406780
[16:14]	<wikibugs> (CR) Siddparmar: [V: 2 C: 2] Update numbers [wikimedia/TransparencyReport-private] - https://gerrit.wikimedia.org/r/406780 (owner: Siddparmar)

I can't access https://gerrit.wikimedia.org/r/406780 and https://gerrit.wikimedia.org/r/#/q/project:wikimedia/TransparencyReport-private has no results, so this is probably supposed to really be private.

wikibugs should not be able to see these commit's messages, and must not report them on IRC.

Event Timeline

matmarex created this task.Jan 30 2018, 12:17 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 30 2018, 12:17 AM

matmarex added a project: Wikibugs.Jan 30 2018, 12:22 AM

matmarex added subscribers: Legoktm, valhallasw.

I didn't realize Gerrit had actual private repositories. For whatever reason https://gerrit.wikimedia.org/r/#/admin/projects/wikimedia/TransparencyReport-private,access includes https://gerrit.wikimedia.org/r/#/admin/groups/758,members which includes "non-interactive users" (of which suchabot - the account wikibugs uses - is a member).

I would much prefer if this could be handled at the Gerrit ACL level instead of depending upon wikibugs to filter out private info (at which point the private info has already made it into Toolforge)

In T185970#3929973, @Legoktm wrote:

I didn't realize Gerrit had actual private repositories. For whatever reason https://gerrit.wikimedia.org/r/#/admin/projects/wikimedia/TransparencyReport-private,access includes https://gerrit.wikimedia.org/r/#/admin/groups/758,members which includes "non-interactive users" (of which suchabot - the account wikibugs uses - is a member).

I would much prefer if this could be handled at the Gerrit ACL level instead of depending upon wikibugs to filter out private info (at which point the private info has already made it into Toolforge)

And people wonder why I don't like hosting private repos in Gerrit. But yes, the ACL fix should be pretty straightforward.

In T185970#3929973, @Legoktm wrote:

I would much prefer if this could be handled at the Gerrit ACL level instead of depending upon wikibugs to filter out private info (at which point the private info has already made it into Toolforge)

Also, this. Wikibugs cannot possibly know what "private" means unless it checks against the ACL which is far beyond its scope. Configuration really is the right fix here.

Bawolff moved this task from Backlog / Other to Other WMF team on the acl*security board.Feb 23 2018, 5:12 PM

Fixed by removing "Non-Interactive Users" from the Transparency group. It has no business being there.

Legoktm changed the visibility from "Custom Policy" to "Public (No Login Required)".Feb 28 2018, 4:50 AM

Please note that the user used for pulling the repo to production falls under that category too, and this change just broken the update procedure in production.

Joe reopened this task as Open.Feb 28 2018, 9:03 AM

Restricted Application added a project: Release-Engineering-Team (Kanban). · View Herald TranscriptFeb 28 2018, 9:03 AM

Joe triaged this task as Medium priority.Feb 28 2018, 9:03 AM

Paladox subscribed.Feb 28 2018, 9:03 AM

Well then the should be in the existing transparency group or we create a new group and add it to the ACL. Using "Non Interactive Users" is a mistake as this bug shows.

Added "private-static-site" to the ACL.

• demon closed this task as Resolved.Feb 28 2018, 3:34 PM

• chasemp added a project: Security.Feb 10 2020, 10:58 PM

• chasemp removed a project: acl*security.Feb 20 2020, 8:17 PM

wikibugs IRC bot can see private commits in Gerrit?Closed, ResolvedPublicActions

Description

Event Timeline

wikibugs IRC bot can see private commits in Gerrit?
Closed, ResolvedPublic
Actions