Page MenuHomePhabricator
Create Task
Maniphest T329700

Clean up GrowthExperiments UserImpact timezone handling
Closed, ResolvedPublic
Actions

Description

Initially we used the user's time zone to cluster edits into daily stats, which caused T328643: CVE-2023-29137: GrowthExperiments: UserImpactHandler returns timezone preference data for arbitrary users. User data was removed in a quick-and-dirty way, but we should probably clean up the code.

We should probably use the wiki's time zone ($wgLocalTZoffset).

Details

SubjectRepoBranchLines +/-
UserImpact: Bump VERSION to 10mediawiki/extensions/GrowthExperimentsmaster+2 -2
UserImpact: Bump VERSION to 10mediawiki/extensions/GrowthExperimentswmf/1.42.0-wmf.5+2 -2
User impact: timezone cleanupmediawiki/extensions/GrowthExperimentswmf/1.42.0-wmf.5+18 -81
User impact: timezone cleanupmediawiki/extensions/GrowthExperimentsmaster+18 -81
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tgr created this task.Feb 15 2023, 6:31 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 15 2023, 6:31 AM
Tgr moved this task from Incoming to Ready for Development on the Growth-Team (Sprint 0 (Growth Team)) board.Feb 15 2023, 6:32 AM
kostajh triaged this task as Medium priority.Feb 16 2023, 9:48 AM
kostajh added a project: Essential-Work.
DMburugu lowered the priority of this task from Medium to Low.Apr 28 2023, 7:14 AM
DMburugu added parent tasks: T311850: [Epic] FY 2022-23 Growth Maintenance Work, T333335: [Epic] Q4 FY 2022-23 Growth Maintenance Work.
DMburugu moved this task from Ready for Development to Current Month Maintenance Priorities on the Growth-Team (Sprint 0 (Growth Team)) board.
DMburugu raised the priority of this task from Low to Medium.Apr 28 2023, 5:16 PM
DMburugu edited parent tasks, added: T340455: [Epic] Q1 FY 2023-24 Growth Maintenance Work, T340453: [Epic] FY 2023-24 Growth Maintenance Work; removed: T333335: [Epic] Q4 FY 2022-23 Growth Maintenance Work, T311850: [Epic] FY 2022-23 Growth Maintenance Work.Jun 26 2023, 5:20 PM
Sgs claimed this task.Jul 7 2023, 11:40 AM
Sgs moved this task from Current Month Maintenance Priorities to In Progress on the Growth-Team (Sprint 0 (Growth Team)) board.
gerritbot added a comment.Jul 10 2023, 3:17 PM

Change 936750 had a related patch set uploaded (by Sergio Gimeno; author: Sergio Gimeno):

[mediawiki/extensions/GrowthExperiments@master] [WIP] User impact: timezone cleanup

https://gerrit.wikimedia.org/r/936750

gerritbot added a project: Patch-For-Review.Jul 10 2023, 3:17 PM
Sgs changed the task status from Open to In Progress.Jul 13 2023, 2:41 PM
Sgs moved this task from In Progress to Code Review on the Growth-Team (Sprint 0 (Growth Team)) board.
DMburugu edited parent tasks, added: T347840: [Epic] Q2 FY 2023-24 Growth Maintenance Work; removed: T340455: [Epic] Q1 FY 2023-24 Growth Maintenance Work.Oct 2 2023, 10:20 AM
Urbanecm_WMF edited projects, added Growth-Team (Sprint 1 (Growth Team)); removed Growth-Team (Sprint 0 (Growth Team)).Oct 25 2023, 9:56 PM
Urbanecm_WMF moved this task from Incoming to Code Review on the Growth-Team (Sprint 1 (Growth Team)) board.Oct 25 2023, 9:57 PM
KStoller-WMF edited projects, added Growth-Team (Sprint 2 (Growth Team)); removed Growth-Team (Sprint 1 (Growth Team)).Oct 30 2023, 6:58 PM
Sgs moved this task from Incoming to Code Review on the Growth-Team (Sprint 2 (Growth Team)) board.Oct 31 2023, 5:00 PM
Urbanecm_WMF moved this task from Code Review to Doing on the Growth-Team (Sprint 2 (Growth Team)) board.Nov 1 2023, 3:30 PM
Urbanecm_WMF subscribed.

CI fails on the patch consistently, moving out of Code Review

Sgs lowered the priority of this task from Medium to Low.Nov 9 2023, 11:44 AM
Sgs moved this task from Doing to Code Review on the Growth-Team (Sprint 2 (Growth Team)) board.
Urbanecm_WMF changed the task status from In Progress to Open.Nov 14 2023, 1:46 PM
Urbanecm_WMF moved this task from Code Review to QA on the Growth-Team (Sprint 2 (Growth Team)) board.
gerritbot added a comment.Nov 14 2023, 2:10 PM

Change 936750 merged by jenkins-bot:

[mediawiki/extensions/GrowthExperiments@master] User impact: timezone cleanup

https://gerrit.wikimedia.org/r/936750

Maintenance_bot removed a project: Patch-For-Review.Nov 14 2023, 2:10 PM
Urbanecm_WMF closed this task as Resolved.Nov 14 2023, 2:27 PM

Actually... There's no behaviour to check. Closing.

ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.7; 2023-11-28).Nov 14 2023, 3:00 PM
gerritbot added a comment.Nov 27 2023, 12:13 PM

Change 977645 had a related patch set uploaded (by Urbanecm; author: Sergio Gimeno):

[mediawiki/extensions/GrowthExperiments@wmf/1.42.0-wmf.5] User impact: timezone cleanup

https://gerrit.wikimedia.org/r/977645

gerritbot added a project: Patch-For-Review.Nov 27 2023, 12:13 PM
Urbanecm_WMF added a comment.Nov 27 2023, 12:19 PM

FTR: I ended up backporting this to make the T351898 fixes easier to backport.

gerritbot added a comment.Nov 27 2023, 12:56 PM

Change 977645 merged by jenkins-bot:

[mediawiki/extensions/GrowthExperiments@wmf/1.42.0-wmf.5] User impact: timezone cleanup

https://gerrit.wikimedia.org/r/977645

Stashbot added a comment.Nov 27 2023, 12:56 PM

Mentioned in SAL (#wikimedia-operations) [2023-11-27T12:56:41Z] <urbanecm@deploy2002> Started scap: Backport for [[gerrit:977613|Compress geui_data json blobs (T351898)]], [[gerrit:977645|User impact: timezone cleanup (T329700)]], [[gerrit:977629|UserImpact: Make smaller SQL queries (T351898)]]

Stashbot mentioned this in T351898: Reduce size of growthexperiments_user_impact.geui_data json blobs.Nov 27 2023, 12:56 PM
ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.5; 2023-11-14); removed MW-1.42-notes (1.42.0-wmf.7; 2023-11-28).Nov 27 2023, 1:00 PM
Stashbot added a comment.Nov 27 2023, 1:04 PM

Mentioned in SAL (#wikimedia-operations) [2023-11-27T13:04:18Z] <urbanecm@deploy2002> Finished scap: Backport for [[gerrit:977613|Compress geui_data json blobs (T351898)]], [[gerrit:977645|User impact: timezone cleanup (T329700)]], [[gerrit:977629|UserImpact: Make smaller SQL queries (T351898)]] (duration: 07m 37s)

Maintenance_bot removed a project: Patch-For-Review.Nov 27 2023, 1:11 PM
gerritbot added a comment.Nov 27 2023, 1:16 PM

Change 977671 had a related patch set uploaded (by Urbanecm; author: Urbanecm):

[mediawiki/extensions/GrowthExperiments@master] UserImpact: Bump VERSION to 10

https://gerrit.wikimedia.org/r/977671

gerritbot added a project: Patch-For-Review.Nov 27 2023, 1:16 PM
gerritbot added a comment.Nov 27 2023, 1:23 PM

Change 977614 had a related patch set uploaded (by Urbanecm; author: Urbanecm):

[mediawiki/extensions/GrowthExperiments@wmf/1.42.0-wmf.5] UserImpact: Bump VERSION to 10

https://gerrit.wikimedia.org/r/977614

gerritbot added a comment.Nov 27 2023, 2:01 PM

Change 977614 merged by jenkins-bot:

[mediawiki/extensions/GrowthExperiments@wmf/1.42.0-wmf.5] UserImpact: Bump VERSION to 10

https://gerrit.wikimedia.org/r/977614

Stashbot added a comment.Nov 27 2023, 2:02 PM

Mentioned in SAL (#wikimedia-operations) [2023-11-27T14:02:06Z] <urbanecm@deploy2002> Started scap: Backport for [[gerrit:977614|UserImpact: Bump VERSION to 10 (T329700)]]

Stashbot added a comment.Nov 27 2023, 2:03 PM

Mentioned in SAL (#wikimedia-operations) [2023-11-27T14:03:23Z] <urbanecm@deploy2002> urbanecm: Backport for [[gerrit:977614|UserImpact: Bump VERSION to 10 (T329700)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Nov 27 2023, 2:10 PM

Mentioned in SAL (#wikimedia-operations) [2023-11-27T14:10:03Z] <urbanecm@deploy2002> Finished scap: Backport for [[gerrit:977614|UserImpact: Bump VERSION to 10 (T329700)]] (duration: 07m 56s)

gerritbot added a comment.Nov 27 2023, 2:30 PM

Change 977671 merged by jenkins-bot:

[mediawiki/extensions/GrowthExperiments@master] UserImpact: Bump VERSION to 10

https://gerrit.wikimedia.org/r/977671

Maintenance_bot removed a project: Patch-For-Review.Nov 27 2023, 2:31 PM
Urbanecm_WMF mentioned this in T352031: Improve UserImpact coverage: Test UserImpact::VERSION is bumped when required.Nov 27 2023, 2:47 PM
In T329700#9358907, @Urbanecm_WMF wrote:

FTR: I ended up backporting this to make the T351898 fixes easier to backport.

...and i saved us from fixing a train blocker by backporting a faulty patch. Fixed by bumping the version. Filled T352031: Improve UserImpact coverage: Test UserImpact::VERSION is bumped when required to prevent similar issues from reoccuring.

ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.7; 2023-11-28); removed MW-1.42-notes (1.42.0-wmf.5; 2023-11-14).Nov 27 2023, 3:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits