Page MenuHomePhabricator

Security Review for whichbrowser/parser
Closed, ResolvedPublic

Description

To help checkusers better understand User Agent strings and be able to decipher patterns faster, Anti-Harassment would like to parse User Agent strings in CheckUser (See T175587).

From our research, it seems the best way to do this is with the whichbrowser/parser library (unless another alternative exists that we are unaware of).

We would like to add this to the extension and to production after an approved security review.

Event Timeline

dbarratt created this task.Nov 26 2019, 6:14 PM
sbassett assigned this task to Reedy.Dec 2 2019, 4:38 PM
sbassett triaged this task as Medium priority.
sbassett moved this task from Incoming to In Progress on the deprecated-security-team-reviews board.
Reedy updated the task description. (Show Details)Dec 2 2019, 5:05 PM
Reedy added a comment.Dec 2 2019, 6:31 PM

I note, but not necessarily a blocker, that the Developer(s) don't seem very active based on https://github.com/WhichBrowser/Parser-PHP and the issues/pull requests. Handful of bugs and reports etc that have gone without response to for months

Reedy added a comment.Dec 4 2019, 12:28 AM

I note, but not necessarily a blocker, that the Developer(s) don't seem very active based on https://github.com/WhichBrowser/Parser-PHP and the issues/pull requests. Handful of bugs and reports etc that have gone without response to for months

Maybe not so much of an issue.. They've started doing some maintenance again... :)

Reedy closed this task as Resolved.Dec 10 2019, 8:07 PM

No problems with this going forward

No problems with this going forward

Awesome. Thanks a bunch, @Reedy!