Page MenuHomePhabricator
Create Task
Maniphest T239259

Security Review for whichbrowser/parser
Closed, ResolvedPublic
Actions

Description

To help checkusers better understand User Agent strings and be able to decipher patterns faster, Anti-Harassment would like to parse User Agent strings in CheckUser (See T175587).

From our research, it seems the best way to do this is with the whichbrowser/parser library (unless another alternative exists that we are unaware of).

We would like to add this to the extension and to production after an approved security review.

Related Objects
Search...

Event Timeline

dbarratt created this task.Nov 26 2019, 6:14 PM
sbassett edited projects, added deprecated-security-team-reviews; removed Security-Team.Nov 26 2019, 7:22 PM
sbassett added subscribers: Jcross, Reedy, sbassett.
Niharika moved this task from Untriaged to Tracking work by others on the Anti-Harassment board.Nov 26 2019, 10:10 PM
sbassett assigned this task to Reedy.Dec 2 2019, 4:38 PM
sbassett triaged this task as Medium priority.
sbassett moved this task from Incoming to In Progress on the deprecated-security-team-reviews board.
Reedy updated the task description. (Show Details)Dec 2 2019, 5:05 PM
Reedy added a comment.Dec 2 2019, 6:31 PM

I note, but not necessarily a blocker, that the Developer(s) don't seem very active based on https://github.com/WhichBrowser/Parser-PHP and the issues/pull requests. Handful of bugs and reports etc that have gone without response to for months

sbassett added a comment.Dec 3 2019, 9:43 PM

See also: new third party/vendor code checklist.

Reedy added a comment.Dec 4 2019, 12:28 AM
In T239259#5706170, @Reedy wrote:

I note, but not necessarily a blocker, that the Developer(s) don't seem very active based on https://github.com/WhichBrowser/Parser-PHP and the issues/pull requests. Handful of bugs and reports etc that have gone without response to for months

Maybe not so much of an issue.. They've started doing some maintenance again... :)

Reedy closed this task as Resolved.Dec 10 2019, 8:07 PM

No problems with this going forward

Reedy moved this task from In Progress to Done on the deprecated-security-team-reviews board.Dec 10 2019, 8:17 PM
Niharika added a comment.Dec 10 2019, 9:39 PM
In T239259#5729363, @Reedy wrote:

No problems with this going forward

Awesome. Thanks a bunch, @Reedy!

chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:15 PM
chasemp added a project: Application Security Reviews.Jan 8 2020, 4:39 PM
chasemp moved this task from Incoming to Our Part Is Done on the Application Security Reviews board.Jan 8 2020, 4:43 PM
chasemp added a project: secscrum.Mar 10 2020, 8:11 PM
chasemp moved this task from Incoming to Our Part Is Done on the secscrum board.Mar 10 2020, 8:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL