Page MenuHomePhabricator
Create Task
Maniphest T364465

Display changes to protected status and flags on AbuseFilter history and diff pages
Closed, ResolvedPublic
Actions

Description

See the parent task for more context.

  • Store the changes to af_hidden in ahf_changed_fields
  • Store the different privacy levels in afh_flags
  • Display these changes on Special:AbuseFilter/history and Special:AbuseFilter/history/n/diff

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Fix permission error shown on history page for protected filtermediawiki/extensions/AbuseFiltermaster+1 -1
Add error message for unprivileged access of filter historymediawiki/extensions/AbuseFiltermaster+2 -0
Allow variables to be restricted by user rightmediawiki/extensions/AbuseFiltermaster+576 -45
Display changes to filter privacy levels on history and diff pagesmediawiki/extensions/AbuseFiltermaster+458 -28
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tchanders created this task.May 8 2024, 11:08 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 8 2024, 11:08 AM
Tchanders added a parent task: T363906: [Epic] Ensure filters that use PII-sensitive variables are protected.May 8 2024, 11:08 AM
Tchanders moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.
gerritbot added a comment.May 8 2024, 3:10 PM

Change #1029162 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/AbuseFilter@master] Ensure that changes to af_hidden are correctly set in afh_changed_fields

https://gerrit.wikimedia.org/r/1029162

gerritbot added a project: Patch-For-Review.May 8 2024, 3:10 PM
Tchanders moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.May 8 2024, 5:59 PM
Tchanders renamed this task from Display changes to protected status and flags on AbuseFilter history pages to Display changes to protected status and flags on AbuseFilter history and diff pages.May 8 2024, 6:54 PM
Tchanders updated the task description. (Show Details)
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)); removed Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)).May 13 2024, 9:17 AM
Tchanders moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)) board.May 13 2024, 9:28 AM
Tchanders moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)) board.
gerritbot added a comment.May 15 2024, 1:42 PM

Change #1026560 had a related patch set uploaded (by STran; author: Tchanders):

[mediawiki/extensions/AbuseFilter@master] Allow variables to be restricted by user right

https://gerrit.wikimedia.org/r/1026560

Tchanders reassigned this task from Tchanders to STran.May 15 2024, 3:41 PM

Re-assigning to @STran, who has taken this over.

gerritbot added a comment.May 16 2024, 12:52 PM

Change #1029162 abandoned by STran:

[mediawiki/extensions/AbuseFilter@master] Display changes to filter privacy levels on history and diff pages

Reason:

This work was merged into 1032420 (utility functions) and 1026560 (UI/X updates)

https://gerrit.wikimedia.org/r/1029162

Dreamy_Jazz moved this task from Needs Review to In Progress on the Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)) board.May 17 2024, 9:25 AM
kostajh moved this task from Sprint Shekere (13th May - 24th May) to Sprint Melodica (Jun 3 - Jun 14) on the Trust and Safety Product Sprint board.Jun 3 2024, 10:10 AM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Melodica (Jun 3 - Jun 14)); removed Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)).
gerritbot added a comment.Jun 4 2024, 5:20 PM

Change #1026560 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Allow variables to be restricted by user right

https://gerrit.wikimedia.org/r/1026560

Maintenance_bot removed a project: Patch-For-Review.Jun 4 2024, 5:31 PM
gerritbot added a comment.Jun 5 2024, 1:25 PM

Change #1039214 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] Add error message for unprivileged access of filter history

https://gerrit.wikimedia.org/r/1039214

gerritbot added a project: Patch-For-Review.Jun 5 2024, 1:25 PM
STran moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Melodica (Jun 3 - Jun 14)) board.Jun 5 2024, 1:56 PM
gerritbot added a comment.Jun 5 2024, 2:57 PM

Change #1039232 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/AbuseFilter@master] Fix permission error shown on history page for protected filter

https://gerrit.wikimedia.org/r/1039232

gerritbot added a comment.Jun 5 2024, 3:19 PM

Change #1039214 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Add error message for unprivileged access of filter history

https://gerrit.wikimedia.org/r/1039214

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.9; 2024-06-11).Jun 5 2024, 4:00 PM
gerritbot added a comment.Jun 6 2024, 3:05 PM

Change #1039232 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Fix permission error shown on history page for protected filter

https://gerrit.wikimedia.org/r/1039232

Maintenance_bot removed a project: Patch-For-Review.Jun 6 2024, 3:30 PM
dom_walden moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Melodica (Jun 3 - Jun 14)) board.Jun 14 2024, 9:07 AM
dom_walden subscribed.

For a user without abusefilter-access-protected-vars (but all other AbuseFilter rights), I was not able to see any information about protected filters on:

  • Special:AbuseFilter/history
    • Including when searching for a specific filter ID (Special:AbuseFilter/history/<filter id>)
  • Special:AbuseFilter/history/<filter id>/item/<change id>
    • If you edit an unprotected filter and add the user_unnamed_ip variable, changing it to a protected filter, all previous changes of the filter are not visible to the user, even if they were able to see them when the filter was unprotected.
  • Special:AbuseFilter/history/<filter id>/diff/<prev change id>/<change id>
    • Unlike with .../item/..., if a previously unprotected filter becomes protected the user can still see diffs of filter changes from before it was protected. i.e. if both <prev change id> and <change id> were made when the filter was still unprotected. I don't think you can use this to find any sensitive information. You see the same information you would have seen before the filter was protected.

I did try to change a protected filter to an unprotected filter, to see what happens to its history. But I could not find a way of doing this.

Test environment: local docker Abuse Filter – (92e1335) 13:45, 13 June 2024.

Dreamy_Jazz closed this task as Resolved.Jun 25 2024, 10:46 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits