Page MenuHomePhabricator

Security Readiness Review For Wikifunctions
Open, HighPublic

Description

This request is being filed in anticipation of Q4 FY 2020-2021 security readiness review. We're discussing in the team probable timing for stable enough components amenable to security readiness initial pass.

The task submitter has scheduled a meeting with Security managerial peer to discuss security and the Abstract Wikipedia roadmap. Additionally, Security is looped in on architectural discussions.

Project Information

Description of the tool/project:

Wikifunctions (but not this) is a project where users can collaborate on user defined functions in different programming languages.

Description of how the tool will be used at WMF:

We anticipate functions to be invoked from internal contexts (e.g., inline in renderable contexts) as well as external contexts (i.e., via some web API).

Dependencies

List dependencies, or upstream projects that this project relies on.

  • MediaWiki
  • Vue.js
  • Additional npm, php, etc. dependencies for relevant codebases
  • Programming language runtimes (shortlist for initial launch: Python, NodeJS, Lua)
  • Service infrastructure at Wikimedia

Has this project been reviewed before?
No

Working test environment
The full system isn't ready yet. However, you can get a feel for the MediaWiki part by using the Docker container in the MW repo for the project and checking out https://notwikilambda.toolforge.org/ (volunteer maintained, please do not probe)

Post-deployment
Abstract Wikipedia - project lead Denny V, tech lead James F, engineering management Adam B

Related Objects

Event Timeline

sbassett triaged this task as High priority.
sbassett moved this task from Incoming to In Progress on the secscrum board.
sbassett added a project: user-sbassett.
sbassett added a subscriber: sbassett.

Hey all - thanks for submitting this review request. As discussed a bit with @Jdforrester-WMF, the security readiness review of the WikiLambda extension will be my primary focus/deliverable for Q3 for the Abstract Wikipedia project. The code currently seems to be in a reasonable state of completion for such a review, though as a lot of code for this project is likely to be quite volatile, I imagine this and the related services might undergo a few different reviews depending upon various deltas. Of course I'd like to keep those to a minimum as much as possible. For the forthcoming node services (orchestrator, evaluator), I'd imagine those to be ready for review sometime in Q4. Since they are based upon the existing (and what we believe to be reasonably-mature) service-template-node code, I'll likely be most concerned with the various measures to best protect against potential vulnerabilities specifically related to the execution of user-submitted code - though it is important to note that any system which allows for such a feature will always be inherently vulnerable, at least from a conceptual standpoint.

sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)

This and performance review timing.