Page MenuHomePhabricator

Application Security Review Request : AutoModerator
Closed, ResolvedPublic

Description

Project Information

Note:

  • the portion of our code used to parse on wiki json for configuration (under ./src/Config) was lifted almost wholesale from the GrowthExperiments extension. We'll be using the CommunityConfiguration extension for this functionality in time, but did this to decouple our pilot from CommunityConfiguration since it was also undergoing rapid development while we have been developing this extension.
  • we're still adding things in; we'll update the scc output as needed

1───────────────────────────────────────────────────────────────────────────────
2Language Files Lines Blanks Comments Code Complexity
3───────────────────────────────────────────────────────────────────────────────
4PHP 30 3924 355 879 2690 117
5JSON 8 9331 0 0 9331 0
6JavaScript 2 35 2 15 18 0
7Markdown 2 3 1 0 2 0
8License 1 339 58 0 281 0
9XML 1 7 0 0 7 0
10YAML 1 3 0 0 3 0
11gitignore 1 5 0 0 5 0
12───────────────────────────────────────────────────────────────────────────────
13Total 46 13647 416 894 12337 117
14───────────────────────────────────────────────────────────────────────────────
15Estimated Cost to Develop (organic) $377,889
16Estimated Schedule Effort (organic) 9.50 months
17Estimated People Required (organic) 3.53
18───────────────────────────────────────────────────────────────────────────────
19Processed 456125 bytes, 0.456 megabytes (SI)
20───────────────────────────────────────────────────────────────────────────────

Description of the tool/project: AutoModerator is an extension which uses a machine learning model to automatically perform edit reverts on edits which cross a threshold model score. It is configurable by each community which uses it, including turning it on or off and adjusting the threshold. We are looking to pilot our MVP on the Test and Indonesian Wikipedias, and anticipate being ready in May.

Description of how the tool will be used at WMF: We will be deploying and scaling to many wikis based on the feedback & interest we receive from communities.

Dependencies
None.

Has this project been reviewed before?
No.

Working test environment
Described at https://www.mediawiki.org/wiki/Extension:AutoModerator.

Post-deployment

Name of team responsible for tool/project after deployment and primary contact.

Moderator Tools team, @Samwalton9-WMF

Details

Risk Rating
Low
Author Affiliation
WMF Product

Event Timeline

@Samwalton9-WMF this review will be scoped to the extension only, the models will be out of scope for this review. Is it possible that this tool will replace existing auto moderator tools? For the timeline, does that mean the review can start in May? We're planning to do this review this quarter.

@Samwalton9-WMF this review will be scoped to the extension only, the models will be out of scope for this review.

That's fine!

Is it possible that this tool will replace existing auto moderator tools?

It's possible that this tool would replace existing volunteer-maintained anti-vandalism bots, but this would be up to each Wikipedia community to decide. There are currently 9 Wikipedias with volunteer-maintained tools performing this task.

For the timeline, does that mean the review can start in May? We're planning to do this review this quarter.

Yes, we should have everything ready for you to review in May!

@jsn.sherman thank for letting me know, is there a deadline that I should know about for the review? If not, I will post mid June.

@jsn.sherman thank for letting me know, is there a deadline that I should know about for the review? If not, I will post mid June.

We hope to get a pilot rolling on idwiki by the end of May. Can we proceed with that ahead of security review?

More info: Since the underlying model can only check revisions on specific wiki dbs (production language edition wiki projects) that pilot is where we'll see the whole thing working as intended. Per our research on the model's behavior and the configuration we are using, we believe that should result in ~7 reverts daily on idwiki (see:
https://www.mediawiki.org/wiki/Moderator_Tools/Automoderator/Testing#Caution_levels)

@jsn.sherman I'll aim for the end of May for this review, but in case I'm not able to post it, you can go ahead and get the pilot rolling

@jsn.sherman I'll aim for the end of May for this review, but in case I'm not able to post it, you can go ahead and get the pilot rolling

Thanks!

Mstyles moved this task from In Progress to Our Part Is Done on the secscrum board.

Security Review Summary - T361690 - 2024-15-05
Last commit reviewed: 54d3a6d

Summary

Overall, the current...
with an overall risk rating of: low.
No vulnerable packages were found, which is great.
I think it would be a good idea to take a look at the semgrep findings and address them if possible along with the two results from the bearer credentials scan. Both are lower priority, but still highly recommended to take a look Also if the outdated packages could be upgraded, that would be a good idea as well. The wikimedia code health check returned good results as well. No follow up is needed for this review. Please let me know if you have any questions.

Outdated Packages
As reported via composer outdated:
(no explicit vulnerabilities reported, simply noting for completeness' sake.)

PackageCurrentWantedDescription
phpcsstandards/phpcsextra1.1.21.2.1A collection of sniffs and standards ...
phpcsstandards/phpcsutils1.0.91.0.11A suite of utility functions for use ...
sabre/event5.1.46.0.0sabre/event is a library for lightwei...
squizlabs/php_codesniffer3.8.13.9.2PHP_CodeSniffer tokenizes PHP, JavaSc...

Wikimedia Code Health Check results

Vuln PkgsPkg MgmtTest CovSASTNon-auto CmtsUniq ContribsContrib ConcLang GuidesStaff SuppTask BacklogCode StewDeployed WikisWeighted Risk
04701010271010032.20

Static Analysis Findings
Scorecard found no relevant issues
Semgrep run with custom php rules returned 6 code findings
Semgrep supply chain returned 0 results
Composer security check returned no results
horusec returned no results
bearer returned two critical results:

CRITICAL: Unsanitized external input in SQL query [CWE-89]
https://docs.bearer.com/reference/rules/php_symfony_sql_injection
To ignore this finding, run: bearer ignore add ea267d486417cfe58f7e1bb2fced96c1_0

File: src/Config/WikiPageConfigLoader.php:92

 92 		$this->cache->delete( $cacheKey );
 CRITICAL: Unsanitized external input in SQL query [CWE-89]
https://docs.bearer.com/reference/rules/php_symfony_sql_injection
To ignore this finding, run: bearer ignore add ea267d486417cfe58f7e1bb2fced96c1_1

File: src/Config/WikiPageConfigLoader.php:93

 93 		$this->inProcessCache->delete( $cacheKey );
=====================================