Create edit tag like ResourceModification and mark all events with
- editsitejs
- editsitecss
- edituserjs
- editusercss
- Similar, if other ideas arriving later.
Avoid JSON and plain text system messages, focus on vulnerable stuff.
Naturally, include page creation and undelete or moves into, as well as content model change, but deletion is probably not of interest, nor moving outside.
Content model reliability
Tracking should not be bypassed by faked content model. Regular execution as gadget or skin/common configuration must be blocked if content model does not match expectation by page name extension. Then all activities on a page of js or css model can be checked easily whether the page is in MediaWiki:, Gadget: or User: namespace, and if last then for the same account or not. Every page with any name or content model may contain some code, but execution by wiki mechanism must match both expected page name for this case as well as supposed content model.
Use cases
Local
Every local user may patrol weekly or daily on the marked edits for his own wiki and check the activities. They might contain an unnoticed innocent security gap or plain abuse, or turn out to be safe. Filtering these edits by tagged actions is very easy, but detecting whether someone did change JS of another user is rather difficult.
Global
Something like a bot might patrol every hour over the entire farm, or listen to a kind of feeder.
- All tagged edits from all WMF wikis shall be collected at least for the recent 30 days, as sortable table, perhaps filtered by namespace and JS/CSS or wiki name substring.
- The output is made available e.g. on Labs or at another r/o site.
- A record contains: Timestamp, wiki, user, page, action, difflink, summary.
- Every person with skills can monitor all wikis and look for suspicious activities. Nobody knows who is observing, if any, or how many, and when.
Advertising
Tell everybody that JS/CSS is crowd monitored at such places, and invite people to observe. Let the watch dogs bark. Put an agile access counter and a clock since last inspection on page, fed by random generator if idle.
@Tgr You might coordinate further steps and assign an appropriate project.