Page MenuHomePhabricator
Create Task
Maniphest T337593

Create a cli tool for reporting on various health and security metrics of a given Wikimedia repository
Closed, ResolvedPublic
Actions

Description

Similar to scorecard and similar efforts, this will be a simple cli tool that looks at a handful of metrics and attempts to produce a health score and/or risk rating for a given Wikimedia code repository. This is part of a WMF effort to better measure and understand potentially problematic, production-deployed code. Some initial design details:

  1. The cli tool will support MediaWiki extensions and skins as initial use-cases.
  2. The cli tool will be able to analyze either a local git repo (.git present) or remote hosted under gerrit.wikimedia.org, gitlab.wikimedia.org or github.com/wikimedia.
  3. The cli tool will support as much automation as possible from the discussed methodology/metrics section within the working doc.
  4. The cli tool will be designed with the idea of being able to be run within CI.
  5. The cli tool will be used to generate some initial reports (as test cases) for the Graph, StructuredDiscussions and Kartographer extensions.

Related Objects

Event Timeline

sbassett created this task.May 26 2023, 9:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 26 2023, 9:11 PM
sbassett changed the task status from Open to In Progress.May 26 2023, 9:11 PM
sbassett added projects: Security, user-sbassett.
sbassett moved this task from Incoming to In Progress on the Security-Team board.
sbassett moved this task from Backlog to In Progress on the user-sbassett board.

Repo creation: https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/

sbassett added a project: SecTeam-Processed.May 30 2023, 2:17 PM
sbassett updated the task description. (Show Details)May 30 2023, 2:58 PM
CodeReviewBot added a comment.Jun 2 2023, 2:37 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/1

Basic python repo setup (will likely change, and that's fine)

CodeReviewBot added a project: Patch-For-Review.Jun 2 2023, 2:37 PM
CodeReviewBot added a comment.Jun 2 2023, 4:31 PM

mstyles merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/1

Basic python repo setup (will likely change, and that's fine)

Maintenance_bot removed a project: Patch-For-Review.Jun 2 2023, 5:10 PM
CodeReviewBot added a comment.Jun 26 2023, 10:44 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/2

More scaffolding work + basic repo search

CodeReviewBot added a project: Patch-For-Review.Jun 26 2023, 10:44 PM
CodeReviewBot added a comment.Jun 27 2023, 7:34 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/3

Draft: Implemented git cloning functionality and tests

CodeReviewBot added a comment.Jun 27 2023, 8:01 PM

mstyles merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/2

More scaffolding work + basic repo search

CodeReviewBot added a comment.Jun 28 2023, 1:24 AM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/3

Implemented git cloning functionality and tests

Maintenance_bot removed a project: Patch-For-Review.Jun 28 2023, 1:30 AM
CodeReviewBot added a comment.Jun 28 2023, 8:27 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/4

Added vulnerable package check

CodeReviewBot added a project: Patch-For-Review.Jun 28 2023, 8:27 PM
CodeReviewBot added a comment.Jun 29 2023, 5:00 PM

mstyles merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/4

Added vulnerable package check

Maintenance_bot removed a project: Patch-For-Review.Jun 29 2023, 5:11 PM
CodeReviewBot added a comment.Jun 29 2023, 9:13 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/5

Implemented static analysis health check

CodeReviewBot added a project: Patch-For-Review.Jun 29 2023, 9:14 PM
CodeReviewBot added a comment.Jun 30 2023, 1:06 AM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/5

Implemented static analysis health check

Maintenance_bot removed a project: Patch-For-Review.Jun 30 2023, 1:10 AM
CodeReviewBot added a comment.Jun 30 2023, 4:05 AM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/6

Implemented test coverage checks

CodeReviewBot added a project: Patch-For-Review.Jun 30 2023, 4:06 AM
Stashbot added a comment.Jun 30 2023, 2:42 PM
This comment was removed by sbassett.
CodeReviewBot added a comment.Jun 30 2023, 2:59 PM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/6

Implemented test coverage checks

Maintenance_bot removed a project: Patch-For-Review.Jun 30 2023, 3:10 PM
CodeReviewBot added a comment.Jun 30 2023, 7:51 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/7

Implemented package management checks

CodeReviewBot added a project: Patch-For-Review.Jun 30 2023, 7:51 PM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/7

Implemented package management checks

Maintenance_bot removed a project: Patch-For-Review.Jun 30 2023, 8:10 PM
CodeReviewBot added a comment.Jul 1 2023, 8:15 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/8

Implement non-auto cmts, contrib conc and uniq contribs checks

CodeReviewBot added a project: Patch-For-Review.Jul 1 2023, 8:15 PM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/8

Implement non-auto cmts, contrib conc and uniq contribs checks

Maintenance_bot removed a project: Patch-For-Review.Jul 1 2023, 8:30 PM
CodeReviewBot added a comment.Jul 3 2023, 4:52 AM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/9

Implemented staff support health check

CodeReviewBot added a project: Patch-For-Review.Jul 3 2023, 4:52 AM
CodeReviewBot added a comment.Jul 5 2023, 1:30 AM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/9

Implemented staff support health check

Maintenance_bot removed a project: Patch-For-Review.Jul 5 2023, 2:10 AM
CodeReviewBot added a comment.Jul 5 2023, 3:52 AM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/10

Implemented phab/bug-tracker-based health checks

CodeReviewBot added a project: Patch-For-Review.Jul 5 2023, 3:53 AM
CodeReviewBot added a comment.Jul 5 2023, 4:02 AM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/10

Implemented phab/bug-tracker-based health checks

Maintenance_bot removed a project: Patch-For-Review.Jul 5 2023, 4:10 AM
CodeReviewBot added a comment.Jul 5 2023, 4:48 AM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/11

Implemented language guidelines health check

CodeReviewBot added a project: Patch-For-Review.Jul 5 2023, 4:48 AM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/11

Implemented language guidelines health check

Maintenance_bot removed a project: Patch-For-Review.Jul 5 2023, 5:10 AM
CodeReviewBot added a comment.Jul 5 2023, 2:02 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/12

Basic README updates

CodeReviewBot added a project: Patch-For-Review.Jul 5 2023, 2:02 PM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/12

Basic README updates

Maintenance_bot removed a project: Patch-For-Review.Jul 5 2023, 2:11 PM
CodeReviewBot added a project: Patch-For-Review.Jul 7 2023, 9:26 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/14

  • The dictionary of users created from various package files
CodeReviewBot added a comment.Jul 10 2023, 4:41 PM

sbassett merged https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/14

  • The dictionary of users created from various package files
Maintenance_bot removed a project: Patch-For-Review.Jul 10 2023, 5:10 PM
sbassett closed this task as Resolved.Jul 10 2023, 5:44 PM
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.

Going to call this initial effort done for now.

sbassett moved this task from In Progress to Done on the user-sbassett board.Jul 10 2023, 5:44 PM
Jdlrobson added a comment.Jul 13 2023, 6:02 PM

@sbassett is there a public URL where we can review the current output ? I'd love to scan the list and see if it fits my world view on code health.

sbassett added a comment.Jul 13 2023, 6:08 PM
In T337593#9013787, @Jdlrobson wrote:

@sbassett is there a public URL where we can review the current output ? I'd love to scan the list and see if it fits my world view on code health.

There's no public output as it's just a cli with no web frontend or anything like that. There are the initial requested results within the protected matrix sheet, but that's all there is for now. One could theoretically download and run the cli against any Wikimedia codebases they'd like and gather the tabular output that way. IME, the cli was taking around 2 to 3 minutes to run per repo.

sbassett added a project: production-risk-assessment.Jul 24 2023, 6:26 PM
sbassett moved this task from Backlog to Completed on the production-risk-assessment board.Aug 2 2023, 5:04 PM
sbassett mentioned this in T343366: [EPIC] Production Risk Assessment Work - Phase 2.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits