Page MenuHomePhabricator
Create Task
Maniphest T187455

Totally exclude 'abusefilterprivatedetails' from 'logging' in public replicas
Closed, InvalidPublic
Actions

Description

The log (Special:Log/abusefilterprivatedetails) will contain data analogous to the Special:CheckUserLog or Special:Log/suppress. Looking at maintain-views.yaml it's not clear to me if it is totally excluded or not. If it has been not, please do so. Thanks.

Details

SubjectRepoBranchLines +/-
maintain-views: Explicitly exclude 'abusefilterprivatedetails'operations/puppetproduction+4 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

MarcoAurelio created this task.Feb 15 2018, 3:29 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 15 2018, 3:29 PM
MarcoAurelio mentioned this in T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.Feb 15 2018, 3:29 PM
bd808 closed this task as Invalid.Feb 15 2018, 4:03 PM
bd808 subscribed.

Based on AbuseFilter's extension.json, abusefilterprivatedetails is a distinct log type. The views related to the logging table in the Wiki Replicas are built using an explicit list of allowed log types. This list does not contain abusefilterprivatedetails therefore any rows marked as abusefilterprivatedetails will not be queryable from the Wiki Replicas.

gerritbot subscribed.Feb 15 2018, 4:04 PM

Change 410992 had a related patch set uploaded (by MarcoAurelio; owner: MarcoAurelio):
[operations/puppet@production] maintain-views: Explicitly exclude 'abusefilterprivatedetails'

https://gerrit.wikimedia.org/r/410992

gerritbot added a project: Patch-For-Review.Feb 15 2018, 4:04 PM
MarcoAurelio added a comment.Feb 15 2018, 4:05 PM

Sorry to edit-conflict. Added a patch to mark the table explicitly excluded in the script as it's done with other sensitive logs.

MarcoAurelio added a comment.Feb 15 2018, 4:06 PM

Also, this won't be avalaible via data dumps, etc? Sorry to be paranoid, but better to be safe.

gerritbot added a comment.Feb 15 2018, 4:08 PM

Change 410992 merged by Andrew Bogott:
[operations/puppet@production] maintain-views: Explicitly exclude 'abusefilterprivatedetails'

https://gerrit.wikimedia.org/r/410992

bd808 added a subscriber: ArielGlenn.Feb 15 2018, 4:10 PM
In T187455#3975903, @MarcoAurelio wrote:

Also, this won't be avalaible via data dumps, etc? Sorry to be paranoid, but better to be safe.

See prior task:

In T160357#3959716, @ArielGlenn wrote:

We grab entries from the logging table by requesting them as an anonymous user and asking MediaWiki to export them. Anything we aren't permitted to see, won't show up.

Huji added a parent task: T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.Feb 15 2018, 10:58 PM
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 6:31 PM
sbassett moved this task from Intake to Done on the Privacy board.Oct 16 2019, 5:26 PM
sbassett triaged this task as Medium priority.Oct 16 2019, 5:33 PM
sbassett removed a project: Patch-For-Review.Oct 16 2019, 5:45 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits