Page MenuHomePhabricator
Create Task
Maniphest T347488

Decide how to represent missing data vs unexpected data
Closed, DeclinedPublic
Actions

Description

In output-sql generateInsertActorQueries, we build a representation of the data for each IP address to be stored in the actor_data table:

const actorObj = {
	actor_data: {
		ip: actor.ip,
		org: actor.organization,
		client_count: actor.client.count || 0,
		types: actor.client.types ?
			getActorTypes(actor.client.types) : actorTypes.UNKNOWN,
		conc_city:
			actor.client.concentration && actor.client.concentration.city ? actor.client.concentration.city : '',
		conc_state:
			actor.client.concentration && actor.client.concentration.state ? actor.client.concentration.state : '',
		conc_country:
			actor.client.concentration && actor.client.concentration.country ? actor.client.concentration.country : '',
		countries: actor.client.countries || 0,
		location_country: actor.location.country || '',
		risks: actor.risks ? getActorRisks(actor.risks) : riskTypes.UNKNOWN
	},
	behaviors: actor.client.behaviors || [],
	proxies: actor.client.proxies || [],
	tunnels: actor.tunnels && actor.tunnels.length ?
		getTunnels(actor.tunnels) : false
};

How we handle empty fields is inconsistent - e.g. for behaviors, we store nothing, but for types we store actorTypes.UNKNOWN.

  • What should we store for missing fields? (Which might be legitimately empty)
  • What should we store for unexpected data? (E.g. an unrecognized behavior)

Related Objects

Event Timeline

Tchanders created this task.Sep 27 2023, 12:55 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 27 2023, 12:55 PM
Tchanders added a comment.Sep 27 2023, 4:30 PM

Tunnels that are missing operators are ignored completely. Should we revisit this, based on the below?

Q: Quite a few IPs are associated with tunnel activity (VPN, proxy) don’t have an operator. What does this mean for the IP?
A: This means we were unable to attribute the service operator for an IP. Often times these are privately hosted VPNs stood up by individual users. It still stands, however, that the IP is being used as a VPN/Proxy.

Tchanders moved this task from Backlog to Deployment blockers on the iPoid-Service board.Oct 23 2023, 6:44 PM
Tchanders added a project: Trust and Safety Product Sprint.Oct 27 2023, 10:38 AM
STran moved this task from Deployment blockers to Backlog on the iPoid-Service board.Jan 24 2024, 9:02 AM
OKryva-WMF edited projects, added Product Safety and Integrity; removed Trust and Safety Product Sprint.Sep 26 2025, 1:02 PM
Restricted Application added a project: Trust and Safety Product Team. · View Herald TranscriptSep 26 2025, 1:02 PM
OKryva-WMF moved this task from Inbox to Triaged (backlog) on the Product Safety and Integrity board.Sep 26 2025, 1:54 PM
OKryva-WMF removed a project: Trust and Safety Product Team.Oct 10 2025, 10:02 AM
Dreamy_Jazz closed this task as Declined.Feb 24 2026, 3:10 PM
Dreamy_Jazz subscribed.

Declining per T416623: Decommission NodeJS IPoid service

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits