MediaModerationFileProcessor::canScanFile incorrectly registers audio and video files as scannable when TimedMediaHandler extension is installed
Closed, ResolvedPublic1 Estimated Story PointsBUG REPORT
Actions

Assigned To

Authored By

	Dreamy_Jazz
	Nov 28 2023, 11:33 PM

Description

When the TimedMediaHandler extension is installed, calls to File::canRender for audio and video results in a value of true. Without the extension installed this results in false. The documentation for File::canRender indicates that:

Currently, this checks if the file is an image format
that can be converted to a format
supported by all browsers (namely GIF, PNG and JPEG),
or if it is an SVG image and SVG conversion is enabled.

Because audio and video are not strictly images, this documentation is wrong when the TimedMediaHandler extension is installed. Because of this, the MediaModeration extension should ignore content that could be rendered (as determined by File::canRender) but such a render doesn't produce a supported image that fully conveys the meaning of the file. For example, video should not be included because such a picture would only be a frame from it. Also, audio files should be ignored as no image could be made that indicates the content in a way understood by PhotoDNA.

Steps to replicate the issue

Install TimedMediaHandler
Upload a midi file to the wiki (example at https://commons.wikimedia.org/wiki/File:2_Star_Spangled_Banner.mid)
Run the following SQL replacing YYYY with the image of the uploaded file name without the File: prefix, with the file extension and with spaces replaced with underscores:

Select query for step 3

SELECT img_sha1 FROM image WHERE img_name = 'YYYYY';

Replacing YYYY with the value returned by the query above, run the following:

Select query for step 4

SELECT * FROM mediamoderation_scan WHERE mms_sha1 = 'YYYY';

What happens
A row is returned by the query in step 4

What should have happened instead?
No rows are returned by the query

Software version

MediaWiki 1.42.0-alpha (4752fa6) 16:02, 28 November 2023. MediaModeration 0.1.0 (c16d8b0) 15:55, 28 November 2023

Details

Subject	Repo	Branch	Lines +/-
Remove incorrect information from doc of File::canRender	mediawiki/core	master	+5 -7
Only allow drawing and bitmap media types to be scanned	mediawiki/extensions/MediaModeration	wmf/1.42.0-wmf.7	+100 -37
Only allow drawing and bitmap media types to be scanned	mediawiki/extensions/MediaModeration	master	+100 -37

Customize query in gerrit

Related Objects
Search...

Status	Subtype	Assigned	Task
Open		None	T351200 [EPIC] Start automated scanning
Open		None	T351400 Run the maintenance script scanning images in mediamoderation_scan on WMF wikis
Resolved		kostajh	T351544 [Sub EPIC] Start test wiki scan
Resolved		None	T351546 [Sub EPIC] Set up rows
Resolved		Tchanders	T350865 Import all existing images to the mediamoderation_scan table on WMF wikis
Resolved		Dreamy_Jazz	T350863 Create maintenance script to import all existing images to mediamoderation_scan table
Resolved		Dreamy_Jazz	T350323 Write an empty row to scan table on file upload
Resolved	BUG REPORT	Dreamy_Jazz	T352234 MediaModerationFileProcessor::canScanFile incorrectly registers audio and video files as scannable when TimedMediaHandler extension is installed
Open		None	T353442 Update MediaModerationPhotoDNAServiceProvider::getThumbnailForFile to choose a thumbnail that meets minimum height requirements for PhotoDNA API
Resolved	BUG REPORT	Dreamy_Jazz	T353758 MediaModerationPhotoDNAServiceProvider provides false to FileBackend::getFileContents causing a PHP Notice
Resolved		Dreamy_Jazz	T351399 Create a maintenance script to automatically scan files listed in mediamoderation_scan
Resolved		kostajh	T351401 Create service(s) to send an image to PhotoDNA for a scan
Resolved		Dreamy_Jazz	T351407 Create a service that sends an email when a file matches
Resolved		Dreamy_Jazz	T351417 Create a service that creates LocalFile and ArchivedFile objects for files that have a given SHA-1
Resolved		Dreamy_Jazz	T351416 [S] Explore how many rows in the file tables have duplicated SHA-1 values on WMF wikis
Resolved		Dreamy_Jazz	T351409 Expand the database lookup service to get rows from the mediamoderation_scan table
Resolved		Dreamy_Jazz	T351112 [S] Create an initial service to lookup scan rows from the database
Resolved		Dreamy_Jazz	T350321 [M] Create database table to store status of scans

Event Timeline

Dreamy_Jazz created this task.Nov 28 2023, 11:33 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 28 2023, 11:33 PM

Dreamy_Jazz added projects: Trust and Safety Product Team, Trust and Safety Product Sprint (Sprint Shamisen (20th Nov - 1st Dec. 2023)).Nov 28 2023, 11:33 PM

I propose the following to fix this:

Make MediaModeration only accept files that have File::getMediaType return MEDIATYPE_BITMAP or MEDIATYPE_DRAWING
Ensure that MediaModerationFileProcessor::canScanFile is always called before attempting to scan file (even if the DB has an entry for it)
(potentially) Write a maintenance script to remove files from the scan table that do not have File::getMediaType return MEDIATYPE_BITMAP or MEDIATYPE_DRAWING.

I am unsure if the last is needed because there may be things that change whether a file can be scanned. For example, if SVG rendering is turned off the scanning of an image that is in svg form will not work. As such, the code should check on an attempt to scan the result of MediaModerationFileProcessor::canScanFile. As such, entries that were previously scannable may become unscannable. What to do in this case probably needs some further thought (for example SVG rendering could be turned back on at a later date).

Dreamy_Jazz claimed this task.Nov 28 2023, 11:49 PM

Dreamy_Jazz moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Shamisen (20th Nov - 1st Dec. 2023)) board.

Dreamy_Jazz set the point value for this task to 2.

Change 978155 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/MediaModeration@master] Only allow MEDIATYPE_DRAWING and MEDIATYPE_BITMAP files to be scanned

https://gerrit.wikimedia.org/r/978155

gerritbot added a project: Patch-For-Review.Nov 29 2023, 12:11 AM

Dreamy_Jazz changed the point value for this task from 2 to 1.Nov 29 2023, 12:11 AM

Dreamy_Jazz renamed this task from MediaModerationFileProcessor::canScanFile incorrectly registers audio and video files as renderable when TimedMediaHandler extension is installed to MediaModerationFileProcessor::canScanFile incorrectly registers audio and video files as scannable when TimedMediaHandler extension is installed.Nov 29 2023, 12:14 AM

Dreamy_Jazz added a parent task: T350323: Write an empty row to scan table on file upload.

Dreamy_Jazz moved this task from In Progress to Needs review on the Trust and Safety Product Sprint (Sprint Shamisen (20th Nov - 1st Dec. 2023)) board.

The documentation for File::canRender indicates that:

Currently, this checks if the file is an image format
that can be converted to a format
supported by all browsers (namely GIF, PNG and JPEG),
or if it is an SVG image and SVG conversion is enabled.

Yeah this is incorrect, we really should update this. It actually means "Can provide a thumbnail", where thumbnail means 'a result for [[File:..|thumb]]
The alternative of it being the 'blank' file icon.

Screenshot 2023-11-29 at 12.08.09.png (520×614 px, 35 KB)

There is also 'mustRender' which means: have to transform this in order to be able to show it in the browser (For instance: Native SVG could disable that and any transforms would be completely skipped before the toHtml is triggered)

Dreamy_Jazz moved this task from Needs review to Needs QA on the Trust and Safety Product Sprint (Sprint Shamisen (20th Nov - 1st Dec. 2023)) board.Nov 30 2023, 5:53 PM

Change 978155 merged by jenkins-bot:

[mediawiki/extensions/MediaModeration@master] Only allow drawing and bitmap media types to be scanned

https://gerrit.wikimedia.org/r/978155

Change 979141 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/core@master] Remove incorrect information from doc of File::canRender

https://gerrit.wikimedia.org/r/979141

ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.9; 2023-12-12).Nov 30 2023, 6:00 PM

QA should not be needed for the change being made to core (as this only affects method documentation).

When running QA you can use the steps listed in the task description.

Dreamy_Jazz mentioned this in T350863: Create maintenance script to import all existing images to mediamoderation_scan table.Nov 30 2023, 6:09 PM

One addendum to the QA steps is that you should use a midi file that hasn't been uploaded to the wiki before. This means choosing a new one from https://commons.wikimedia.org/wiki/Category:MIDI_files that you have not used for testing before.

Djackson-ctr updated the task description. (Show Details)Dec 1 2023, 1:29 AM

Djackson-ctr updated the task description. (Show Details)

I have verified the fix for this issue has been implemented and is working as expected per the Ticket Description...
Thank you @Dreamy_Jazz!!!

Dreamy_Jazz closed this task as Resolved.Dec 1 2023, 10:36 AM

Change 979701 had a related patch set uploaded (by Kosta Harlan; author: Dreamy Jazz):

[mediawiki/extensions/MediaModeration@wmf/1.42.0-wmf.7] Only allow drawing and bitmap media types to be scanned

https://gerrit.wikimedia.org/r/979701

Change 979701 merged by jenkins-bot:

[mediawiki/extensions/MediaModeration@wmf/1.42.0-wmf.7] Only allow drawing and bitmap media types to be scanned

https://gerrit.wikimedia.org/r/979701

Mentioned in SAL (#wikimedia-operations) [2023-12-05T14:23:51Z] <urbanecm@deploy2002> Started scap: Backport for [[gerrit:979698|User impact: update quantizeViews to process small series of view data (T352349)]], [[gerrit:979700|Add maintenance script to import existing files to scan table (T350863)]], [[gerrit:979701|Only allow drawing and bitmap media types to be scanned (T352234)]]

Mentioned in SAL (#wikimedia-operations) [2023-12-05T14:25:08Z] <urbanecm@deploy2002> kharlan and urbanecm: Backport for [[gerrit:979698|User impact: update quantizeViews to process small series of view data (T352349)]], [[gerrit:979700|Add maintenance script to import existing files to scan table (T350863)]], [[gerrit:979701|Only allow drawing and bitmap media types to be scanned (T352234)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Mentioned in SAL (#wikimedia-operations) [2023-12-05T14:32:47Z] <urbanecm@deploy2002> Finished scap: Backport for [[gerrit:979698|User impact: update quantizeViews to process small series of view data (T352349)]], [[gerrit:979700|Add maintenance script to import existing files to scan table (T350863)]], [[gerrit:979701|Only allow drawing and bitmap media types to be scanned (T352234)]] (duration: 08m 55s)

ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.7; 2023-11-28); removed MW-1.42-notes (1.42.0-wmf.9; 2023-12-12).Dec 5 2023, 3:00 PM

Change 979141 merged by jenkins-bot:

[mediawiki/core@master] Remove incorrect information from doc of File::canRender

https://gerrit.wikimedia.org/r/979141

Maintenance_bot removed a project: Patch-For-Review.Dec 9 2023, 3:30 AM

ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.9; 2023-12-12); removed MW-1.42-notes (1.42.0-wmf.7; 2023-11-28).Dec 9 2023, 5:00 AM

Thank you @Dreamy_Jazz

	F41545760: Screenshot 2023-11-29 at 12.08.09.png
	Nov 29 2023, 11:13 AM

	F41550022: image.png
	Dec 1 2023, 5:49 AM

MediaModerationFileProcessor::canScanFile incorrectly registers audio and video files as scannable when TimedMediaHandler extension is installedClosed, ResolvedPublic1 Estimated Story PointsBUG REPORTActions