Page MenuHomePhabricator
Create Task
Maniphest T200766

Public monitoring of JS/CSS edits
Open, MediumPublic
Actions

Description

Create edit tag like ResourceModification and mark all events with

  • editsitejs
  • editsitecss
  • edituserjs
  • editusercss
  • Similar, if other ideas arriving later.

Avoid JSON and plain text system messages, focus on vulnerable stuff.

Naturally, include page creation and undelete or moves into, as well as content model change, but deletion is probably not of interest, nor moving outside.

Content model reliability

Tracking should not be bypassed by faked content model. Regular execution as gadget or skin/common configuration must be blocked if content model does not match expectation by page name extension. Then all activities on a page of js or css model can be checked easily whether the page is in MediaWiki:, Gadget: or User: namespace, and if last then for the same account or not. Every page with any name or content model may contain some code, but execution by wiki mechanism must match both expected page name for this case as well as supposed content model.

Use cases

Local

Every local user may patrol weekly or daily on the marked edits for his own wiki and check the activities. They might contain an unnoticed innocent security gap or plain abuse, or turn out to be safe. Filtering these edits by tagged actions is very easy, but detecting whether someone did change JS of another user is rather difficult.

Global

Something like a bot might patrol every hour over the entire farm, or listen to a kind of feeder.

  • All tagged edits from all WMF wikis shall be collected at least for the recent 30 days, as sortable table, perhaps filtered by namespace and JS/CSS or wiki name substring.
  • The output is made available e.g. on Labs or at another r/o site.
  • A record contains: Timestamp, wiki, user, page, action, difflink, summary.
  • Every person with skills can monitor all wikis and look for suspicious activities. Nobody knows who is observing, if any, or how many, and when.

Advertising

Tell everybody that JS/CSS is crowd monitored at such places, and invite people to observe. Let the watch dogs bark. Put an agile access counter and a clock since last inspection on page, fed by random generator if idle.

@Tgr You might coordinate further steps and assign an appropriate project.

Related Objects

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 31 2018, 9:02 AM
Tgr renamed this task from Monitoring of JS/CSS edits to Public monitoring of JS/CSS edits.Jul 31 2018, 1:09 PM
Tgr added projects: Security-General, MediaWiki-Change-tagging.
Tgr added a comment.Jul 31 2018, 1:12 PM

I guess we would need some hook for checking when some piece of content is raw CSS/JS/HTML. We'll probably need that for extending editsitejs and similar permissions to some edge cases, so this might not be much work.

Nirmos added a subscriber: Nirmos.Jul 31 2018, 4:38 PM
RP88 added a subscriber: RP88.Aug 6 2018, 1:38 PM
chasemp triaged this task as Medium priority.Dec 20 2018, 8:24 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL