Page MenuHomePhabricator
Create Task
Maniphest T234980

Implement an option to highlight non-standard user-agent strings in CheckUser
Open, MediumPublic
Actions

Description

{{draft}}

User story:

As a CheckUser, it would be helpful if non-standard user-agent strings are flagged/highlighted so it is easier to spot spoofed user agents.

Implementation plan:

TBD

Related Objects
Search...

Event Timeline

Niharika triaged this task as Medium priority.Oct 8 2019, 5:52 PM
Niharika created this task.
Restricted Application added subscribers: Liuxinyu970226, Aklapper. · View Herald TranscriptOct 8 2019, 5:52 PM
Demian subscribed.Oct 8 2019, 7:44 PM
Huji subscribed.Oct 8 2019, 10:21 PM

T184075 was an attempt in this regard. I have the result of that analysis somewhere.

Niharika added a comment.Oct 9 2019, 2:19 AM
In T234980#5557869, @Huji wrote:

T184075 was an attempt in this regard. I have the result of that analysis somewhere.

That would indeed be helpful to see. My first thought was that we can flag UAs which don't contain expected keywords (for example "Chrome" or "Webkit") but I guess if someone is spoofing a UA to evade a check, they would probably try and mimic a real-UA as much as possible, right?

Niharika added a subscriber: Ladsgroup.Oct 9 2019, 2:20 AM

@Ladsgroup Your thoughts on this ticket are also welcome!

Ladsgroup added a comment.Oct 9 2019, 7:15 PM

For this, it seems doing it on flay and frontend make sense.

I'm pretty sure there are libraries that parse UA and tell you if it belongs to a human user or not. They are widely needed in routing and analytics. Varnish uses something (don't know what exactly) to fill webrequest fields like access_method, agent_type, and user_agent_map. Let me search for something like this for javascript (we can't use npm packages in production though 😢)

Ladsgroup added a comment.Oct 9 2019, 7:18 PM

Here's two https://github.com/faisalman/ua-parser-js and https://www.npmjs.com/package/useragent the latter is node-based only though.

Demian added a parent task: T132892: CheckUser UI revamp.Nov 6 2019, 6:27 AM
Demian mentioned this in T237486: Organize tasks related to the overhaul of CheckUser.
Demian edited parent tasks, added: T237595: CU 2.0: Timeline tab; removed: T132892: CheckUser UI revamp.Nov 7 2019, 6:46 AM
Demian edited parent tasks, added: T237593: [Epic] CheckUser 2.0: Compare; removed: T237595: CU 2.0: Timeline tab.Nov 7 2019, 9:09 AM
Huji mentioned this in T305930: Normalize cu_changes table.Apr 12 2022, 6:25 PM
Blablubbs subscribed.Jan 7 2023, 12:01 AM
Dreamy_Jazz subscribed.Sep 13 2023, 11:44 AM

The tool https://en.wikipedia.org/wiki/User:GeneralNotability/InvestorGoat.js is able to parse and compare user agent strings.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL