Page MenuHomePhabricator
Create Task
Maniphest T337305

Audit members of acl*security for more than 12 months of no activity (May 2024)
Closed, ResolvedPublic
Actions

Description

Previous tasks: T301181, T299400, T241781.
(Filing this task as individual non-public calendars are not a task tracking system.)

  1. Go to https://phabricator.wikimedia.org/conduit/method/project.query/ and query for phids = ["PHID-PROJ-koo4qqdng27q7r65x3cw"]
  2. Use the results in the members array to feed the phids into the SQL query: SELECT DISTINCT(CONCAT("https://phabricator.wikimedia.org/p/", userName)), isDisabled FROM phabricator_user.user WHERE phid NOT IN (SELECT trs.authorPHID FROM phabricator_maniphest.maniphest_transaction trs INNER JOIN phabricator_user.user u WHERE FROM_UNIXTIME(trs.dateModified) >= (NOW() - INTERVAL 1 YEAR) AND trs.authorPHID = u.phid) AND (phid = "PHID-USER-..." OR phid = "PHID-USER-...");
  3. Review the user names
  4. Once done, create a new task for the next review, and resolve this task.

Alternatively, for those with production DB access, another option is to run:
SELECT DISTINCT(CONCAT("https://phabricator.wikimedia.org/p/", usr.userName)), usr.isSystemAgent FROM phabricator_user.user usr WHERE usr.isDisabled = 0 AND usr.phid IN (SELECT e.src FROM phabricator_user.edge e WHERE e.dst = "PHID-PROJ-koo4qqdng27q7r65x3cw" AND e.type = 14 AND FROM_UNIXTIME(e.dateCreated) <= (NOW() - INTERVAL 12 MONTH)) AND usr.phid NOT IN (SELECT trs.authorPHID FROM phabricator_maniphest.maniphest_transaction trs INNER JOIN phabricator_user.user u WHERE FROM_UNIXTIME(trs.dateModified) >= (NOW() - INTERVAL 12 MONTH) AND trs.authorPHID = u.phid);

Details

Due Date
May 30 2024, 10:00 PM

Related Objects

Event Timeline

Aklapper changed the task status from Open to Stalled.May 23 2023, 12:56 PM
Aklapper created this task.
Aklapper mentioned this in T301181: Audit members of acl*security for more than 12 months of no activity (May 2023).
Aklapper moved this task from To Triage to Policies on the Phabricator board.May 23 2023, 1:40 PM
RhinosF1 subscribed.May 23 2023, 3:13 PM
sbassett moved this task from Incoming to Back Orders on the Security-Team board.May 24 2023, 1:57 PM
sbassett added a project: SecTeam-Processed.
Aklapper triaged this task as Low priority.Jul 13 2023, 5:51 PM
Aklapper changed the task status from Stalled to Open.Apr 18 2024, 11:05 AM
Aklapper updated the task description. (Show Details)Apr 18 2024, 11:09 AM
sbassett moved this task from Back Orders to Watching on the Security-Team board.Apr 18 2024, 3:55 PM
Aklapper raised the priority of this task from Low to Needs Triage.Apr 29 2024, 10:42 PM
Aklapper moved this task from Watching to Incoming on the Security-Team board.
Aklapper removed a project: SecTeam-Processed.
Aklapper moved this task from Policies to External on the Phabricator board.Apr 30 2024, 1:57 PM
sbassett subscribed.May 6 2024, 4:12 PM

Hey @Aklapper - I'm happy to help out with this, but do I need Phab DB access to perform the first audit method? It looks like I would, since there's an SQL query to run, unless that can be done in the UI somehow. I don't believe anybody on the Security-Team has Phab DB access, so we'd probably need to have Release-Engineering-Team (or someone else with those rights) to run any steps requiring Phab DB privileges.

sbassett moved this task from Incoming to Watching on the Security-Team board.May 6 2024, 4:13 PM
sbassett added a project: SecTeam-Processed.
Aklapper updated the task description. (Show Details)May 7 2024, 4:50 PM
Aklapper added a comment.May 7 2024, 4:55 PM

@sbassett: Eh, sure! (Yeah both need DB access, not sure what I thought a year ago here, sigh...)
I pasted/shared the query output with the Security-Team in non-public P61984

sbassett closed this task as Resolved.May 8 2024, 8:55 PM
sbassett claimed this task.
sbassett triaged this task as Medium priority.
sbassett moved this task from Watching to Our Part Is Done on the Security-Team board.

Ok, I've completed my audit with notes in the private paste (P61984). I'm going to call this resolved for now, but let me know if there are any additional questions or concerns at this time.

Aklapper added a comment.May 8 2024, 9:51 PM

Thanks! Should a new task be created for May 2025?

sbassett added a comment.May 9 2024, 2:23 PM
In T337305#9782191, @Aklapper wrote:

Thanks! Should a new task be created for May 2025?

Sure. Not urgent IMO, but that's still probably a good thing to do.

Aklapper mentioned this in T368224: Audit members of acl*security for more than 12 months of no activity (May 2025).Jun 23 2024, 2:08 PM
Grunny subscribed.Jun 23 2024, 8:52 PM

Was I caught up in this cleanup by chance @sbassett? I noticed my access seems to be gone. If so, could I be readded? I use the access for Fandom for pre-release access and checking for any crossover with our bug bounty program we run.

sbassett added a comment.Jun 24 2024, 2:26 PM
In T337305#9916137, @Grunny wrote:

Was I caught up in this cleanup by chance @sbassett? I noticed my access seems to be gone. If so, could I be readded? I use the access for Fandom for pre-release access and checking for any crossover with our bug bounty program we run.

Yeah, looks like it. Sorry about that. I've added you back to acl*security_volunteer. I think we're generally a lot more stingy with this kind of access these days, but since you already had it and are using it for security release work, that should be ok.

Grunny added a comment.Jun 24 2024, 8:50 PM

Great, thanks @sbassett!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits