Page MenuHomePhabricator
Create Task
Maniphest T253872

Respect AbuseFilter warnings triggered by imports
Closed, ResolvedPublic1 Estimated Story Points
Actions

Assigned To
Lena_WMDE
Authored By
WMDE-Fisch
May 28 2020, 2:22 PM
Tags
Referenced Files
F31945654: warning.png
Jul 23 2020, 10:12 AM
F31846954: Screenshot_2020-05-29 Fájl importálása – Wikimedia Commons.png
May 29 2020, 1:41 PM
Subscribers
Andrew-WMDE
awight
ECohen_WMDE
Lena_WMDE
Tacsipacsi
thiemowmde
WMDE-Fisch

Description

The FileImporter currently does block the whole import if one of the revisions triggers a AbuseFilter warning. Instead we want to catch these ( potentially multiple ) warnings and show them to the user. Afterwards the user should be able to continue the import.

After the user submitted the form to start the import

  • Detect and collect AbuseFilter warnings when validating the revisions
  • Get back to the preview form and show ( probably at the top )
    • One general warning explaining that some revision(s) the import triggered AbuseFilter
    • The specific warning text(s) of the rules we triggered
  • If the user hits submit again the import will continue and should not be blocked by the AbuseFilter

If the AbuseFilter triggers a block due to a rule ( even if it affects an old revision ) block the whole import and show the warning box for that rule. ( This should be the status quo in that regard )

Details

SubjectRepoBranchLines +/-
Turn all AbuseFilter warning boxes yellowmediawiki/extensions/FileImportermaster+5 -3
Respect AbuseFilter warnings triggered by importsmediawiki/extensions/FileImportermaster+293 -24
Adjust FileRevisionFromRemoteUrl validation to only use Statusmediawiki/extensions/FileImportermaster+3 -11
Validation returns Status objectsmediawiki/extensions/FileImportermaster+141 -97
Customize query in gerrit

Related Objects
Search...

Event Timeline

WMDE-Fisch created this task.May 28 2020, 2:22 PM
WMDE-Fisch mentioned this in T253727: Investigation into Abuse Filter errors thrown up during file import.May 28 2020, 2:53 PM
WMDE-Fisch mentioned this in T224802: Provide a way to move a file to Commons when it has an OTRS tag.May 29 2020, 11:28 AM
Tacsipacsi subscribed.May 29 2020, 1:41 PM

I like the current UI where the whole page shows only the error message, and doesn’t distract with things like the image itself or the description. However, there should be a button to go back (if AbuseFilter emits either a warning or entirely blocks the action) and a button to confirm and import in that state anyway (only if AbuseFilter emits just a warning), of course.

The current UI, for anyone who doesn’t know how it looks like:

Screenshot_2020-05-29 Fájl importálása – Wikimedia Commons.png (381×1 px, 26 KB)

Lena_WMDE set the point value for this task to 8.Jun 4 2020, 9:26 AM
Lena_WMDE moved this task from Backlog to Tickets ready for pickup on the Move-Files-To-Commons board.
Lena_WMDE added a project: WMDE-QWERTY-Sprint-2020-06-10.Jun 10 2020, 12:11 PM
Andrew-WMDE claimed this task.Jun 18 2020, 11:59 AM
Andrew-WMDE moved this task from Sprint Backlog to Doing on the WMDE-QWERTY-Sprint-2020-06-10 board.
gerritbot added a comment.Jun 19 2020, 2:33 PM

Change 606706 had a related patch set uploaded (by Andrew-WMDE; owner: Andrew-WMDE):
[mediawiki/extensions/FileImporter@master] [WIP][POC] Respect AbuseFilter warnings triggered by imports

https://gerrit.wikimedia.org/r/606706

gerritbot added a project: Patch-For-Review.Jun 19 2020, 2:33 PM
Lena_WMDE moved this task from Tickets ready for pickup to Tickets in sprint on the Move-Files-To-Commons board.Jun 22 2020, 1:35 PM
thiemowmde removed Andrew-WMDE as the assignee of this task.Jun 24 2020, 8:07 AM
thiemowmde added a project: WMDE-QWERTY-Sprint-2020-06-24.
thiemowmde added a subscriber: Andrew-WMDE.
Lena_WMDE moved this task from Sprint Backlog to Doing on the WMDE-QWERTY-Sprint-2020-06-24 board.Jun 24 2020, 8:07 AM
thiemowmde mentioned this in T235892: [BUG?] FileImporter does not mark source files with NowCommons even though I selected it.Jun 24 2020, 6:55 PM
awight claimed this task.Jun 29 2020, 9:01 AM
gerritbot added a comment.Jun 29 2020, 12:10 PM

Change 608302 had a related patch set uploaded (by Awight; owner: Awight):
[mediawiki/extensions/FileImporter@master] [WIP] Validation returns Status objects

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FileImporter/ /608302

awight removed awight as the assignee of this task.Jun 29 2020, 12:11 PM
awight subscribed.
awight added a comment.Jul 1 2020, 3:35 PM

Unassigning myself in case anyone wants to take over. I've gone ahead with the ImportOperation Status changes, but haven't done anything with the AbuseFilter integration issue.

thiemowmde subscribed.Jul 3 2020, 12:24 PM

From today's discussion:

  • I suggest to not touch the AbuseFilter code. It feels like this would open a rabbit hole. Notably: It appears like AbuseFilter is not made to work with imports, at all. There is nothing that allows AbuseFilter to work with multiple edits at once, and nothing that allows it to work with old revisions. AbuseFilter always assumes edits are solitary events, done by a person, with content that was never checked before. Neither of this is true in case of FileImporter.
  • I suggest to implement what's currently suggested in https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FileImporter/+/606706. That is:
    • Change all code to work with status objects.
    • Merge all warning messages from all validation steps.
    • Make sure the warnings are presented to the user, and the user can decide to ignore them the next time.
    • Ignore the warnings when that happened.
  • I really like the idea of passing a tiny list of filter IDs to decide if a warning was seen before. We discussed if this is a possible attack vector, and no, it's not.
  • A relevant benefit of this approach is, in my opinion, that it does not care at all if the warnings are from the most recent revision, or from older ones. All warnings are collected in a single status object. Even if we later change the process to run AbuseFilter only on the most recent revision, the code dealing with ignorable warnings will be the exact same.
  • Make sure to de-duplicate the warnings! This is critical when AbuseFilter complains about the same issue in multiple revisions.
  • Make sure the UI talks about something like "the file you are going to import contains problematic content somewhere, either in the file description, or in an old revision of the file description". Something like this.
gerritbot added a comment.Jul 3 2020, 12:26 PM

Change 609417 had a related patch set uploaded (by Andrew-WMDE; owner: Andrew-WMDE):
[mediawiki/extensions/FileImporter@master] Adjust FileRevisionFromRemoteUrl validation to only use Status

https://gerrit.wikimedia.org/r/609417

ECohen_WMDE subscribed.Jul 3 2020, 3:24 PM

Copy for the generic warning, with specific warnings to be shown below:

An automated filter has identified a potentially unconstructive edit as part of this file's revision history. One or more revisions could have triggered this; each is shown below with its associated warning. Click submit again to ignore any warnings and continue the import.

Link: https://en.wikipedia.org/wiki/Wikipedia:Edit_filter

Note: as discussed with @Andrew-WMDE , this message is only for warnings, not for errors when AbuseFilter blocks an import.

awight moved this task from Doing to Review on the WMDE-QWERTY-Sprint-2020-06-24 board.Jul 7 2020, 8:26 AM
Lena_WMDE changed the point value for this task from 8 to 5.Jul 8 2020, 10:08 AM
Lena_WMDE added a project: WMDE-QWERTY-Sprint-2020-07-08.
Lena_WMDE changed the point value for this task from 5 to 3.
Lena_WMDE moved this task from Sprint Backlog to Review on the WMDE-QWERTY-Sprint-2020-07-08 board.Jul 8 2020, 10:11 AM
gerritbot added a comment.Jul 9 2020, 9:56 AM

Change 608302 merged by jenkins-bot:
[mediawiki/extensions/FileImporter@master] Validation returns Status objects

https://gerrit.wikimedia.org/r/608302

awight mentioned this in rEFLIc8a1f2782990: Validation returns Status objects.Jul 9 2020, 9:57 AM
ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.41; 2020-07-14).Jul 9 2020, 10:01 AM
gerritbot added a comment.Jul 9 2020, 11:56 AM

Change 609417 merged by jenkins-bot:
[mediawiki/extensions/FileImporter@master] Adjust FileRevisionFromRemoteUrl validation to only use Status

https://gerrit.wikimedia.org/r/609417

Andrew-WMDE mentioned this in rEFLIb753d03e2d8c: Adjust FileRevisionFromRemoteUrl validation to only use Status.Jul 9 2020, 11:58 AM
gerritbot added a comment.Jul 9 2020, 11:59 AM

Change 606706 merged by jenkins-bot:
[mediawiki/extensions/FileImporter@master] Respect AbuseFilter warnings triggered by imports

https://gerrit.wikimedia.org/r/606706

Andrew-WMDE mentioned this in rEFLIf028a40f4f47: Respect AbuseFilter warnings triggered by imports.Jul 9 2020, 11:59 AM
Maintenance_bot removed a project: Patch-For-Review.Jul 9 2020, 12:11 PM
Andrew-WMDE moved this task from Review to Demo on the WMDE-QWERTY-Sprint-2020-07-08 board.Jul 10 2020, 11:55 AM
thiemowmde added a project: WMDE-QWERTY-Sprint-2020-07-22.Jul 22 2020, 8:07 AM
thiemowmde moved this task from Sprint Backlog to Demo on the WMDE-QWERTY-Sprint-2020-07-22 board.
Lena_WMDE subscribed.Jul 23 2020, 10:11 AM

To do: change the styling to "warning message" (yellow) rather than error message: https://design.wikimedia.org/style-guide/components/messages.html

Lena_WMDE changed the point value for this task from 3 to 1.Jul 23 2020, 10:11 AM
Andrew-WMDE moved this task from Demo to Doing on the WMDE-QWERTY-Sprint-2020-07-22 board.Jul 23 2020, 10:12 AM
ECohen_WMDE added a comment.Jul 23 2020, 10:12 AM

OOUI MessageWidget (type: 'warning') should apply to all abuse filter warnings which do not block the user from continuing through the import.

warning.png (74×512 px, 8 KB)

ECohen_WMDE added a comment.Jul 23 2020, 10:17 AM

Is it actually possible to use the box message MessageWidget (type: 'warning') for the main/general message, then have all of the specific warnings without the box as MessageWidget (type: 'warning', inline: true)?

gerritbot added a comment.Jul 23 2020, 10:17 AM

Change 615687 had a related patch set uploaded (by Thiemo Kreuz (WMDE); owner: Thiemo Kreuz (WMDE)):
[mediawiki/extensions/FileImporter@master] Turn all AbuseFilter warning boxes yellow

https://gerrit.wikimedia.org/r/615687

gerritbot added a project: Patch-For-Review.Jul 23 2020, 10:17 AM
thiemowmde moved this task from Doing to Review on the WMDE-QWERTY-Sprint-2020-07-22 board.Jul 23 2020, 10:18 AM
gerritbot added a comment.Jul 23 2020, 11:24 AM

Change 615687 merged by jenkins-bot:
[mediawiki/extensions/FileImporter@master] Turn all AbuseFilter warning boxes yellow

https://gerrit.wikimedia.org/r/615687

thiemowmde mentioned this in rEFLI2b85677c10cd: Turn all AbuseFilter warning boxes yellow.Jul 23 2020, 11:26 AM
Andrew-WMDE moved this task from Review to Demo on the WMDE-QWERTY-Sprint-2020-07-22 board.Jul 23 2020, 11:51 AM
ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.2; 2020-07-28).Jul 23 2020, 12:00 PM
thiemowmde mentioned this in T213409: Improve/Dispose AbuseFilter checks on old text revisions.Jul 24 2020, 8:31 AM
Lena_WMDE closed this task as Resolved.Aug 11 2020, 9:22 AM
Lena_WMDE claimed this task.
Lena_WMDE moved this task from Demo to Done on the WMDE-QWERTY-Sprint-2020-07-22 board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL