Page MenuHomePhabricator

[ES][SW] Special:NewEntitySchema doesn’t catch AbuseFilter errors
Open, Needs TriagePublicPRODUCTION ERROR

Description

As mentioned in this security change and T339016#8984703, Special:NewEntitySchema currently produces an uncaught internal error if the EntitySchema creation is blocked by an AbuseFilter:

image.png (562×1 px, 70 KB)

According to the commit message, other edit scenarios also don’t show any details about the failed AbuseFilter, though at least they don’t crash completely. It would be nice to fix that too, though that might not be part of this task.

Error
normalized_message
[{reqId}] {exception_url}   RuntimeException: This action has been automatically identified as harmful, and therefore disallowed.
If you believe your action was constructive, please inform an administrator of what you were trying to do.
A brief descriptio
exception.trace
from /srv/mediawiki/php-1.43.0-wmf.6/extensions/EntitySchema/src/DataAccess/MediaWikiRevisionEntitySchemaInserter.php(124)
#0 /srv/mediawiki/php-1.43.0-wmf.6/extensions/EntitySchema/src/DataAccess/MediaWikiRevisionEntitySchemaInserter.php(100): EntitySchema\DataAccess\MediaWikiRevisionEntitySchemaInserter->saveRevision(MediaWiki\Storage\PageUpdater, EntitySchema\MediaWiki\Content\EntitySchemaContent, MediaWiki\CommentStore\CommentStoreComment)
#1 /srv/mediawiki/php-1.43.0-wmf.6/extensions/EntitySchema/src/MediaWiki/Specials/NewEntitySchema.php(119): EntitySchema\DataAccess\MediaWikiRevisionEntitySchemaInserter->insertSchema(string, string, string, array, string)
#2 [internal function]: EntitySchema\MediaWiki\Specials\NewEntitySchema->submitCallback(array, MediaWiki\HTMLForm\OOUIHTMLForm)
#3 /srv/mediawiki/php-1.43.0-wmf.6/includes/htmlform/HTMLForm.php(792): call_user_func(array, array, MediaWiki\HTMLForm\OOUIHTMLForm)
#4 /srv/mediawiki/php-1.43.0-wmf.6/includes/htmlform/HTMLForm.php(673): MediaWiki\HTMLForm\HTMLForm->trySubmit()
#5 /srv/mediawiki/php-1.43.0-wmf.6/extensions/EntitySchema/src/MediaWiki/Specials/NewEntitySchema.php(84): MediaWiki\HTMLForm\HTMLForm->tryAuthorizedSubmit()
#6 /srv/mediawiki/php-1.43.0-wmf.6/includes/specialpage/SpecialPage.php(719): EntitySchema\MediaWiki\Specials\NewEntitySchema->execute(NULL)
#7 /srv/mediawiki/php-1.43.0-wmf.6/includes/specialpage/SpecialPageFactory.php(1680): MediaWiki\SpecialPage\SpecialPage->run(NULL)
#8 /srv/mediawiki/php-1.43.0-wmf.6/includes/actions/ActionEntryPoint.php(502): MediaWiki\SpecialPage\SpecialPageFactory->executePath(string, MediaWiki\Context\RequestContext)
#9 /srv/mediawiki/php-1.43.0-wmf.6/includes/actions/ActionEntryPoint.php(145): MediaWiki\Actions\ActionEntryPoint->performRequest()
#10 /srv/mediawiki/php-1.43.0-wmf.6/includes/MediaWikiEntryPoint.php(200): MediaWiki\Actions\ActionEntryPoint->execute()
#11 /srv/mediawiki/php-1.43.0-wmf.6/index.php(58): MediaWiki\MediaWikiEntryPoint->run()
#12 /srv/mediawiki/w/index.php(3): require(string)
#13 {main}
Impact

While the edit is correctly blocked, users don’t see any useful information with the error. (Also, if the AbuseFilter is set to “warn”, that probably doesn’t work properly, since the user doesn’t get a chance to retry their edit.) Also, minor logspam (volume depends on how often users try to do the blocked activity).

Notes

Details

Request URL
https://test.wikidata.org/wiki/Special:NewEntitySchema

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Note: the abuse filter blocking Entityschema creation is currently enabled on Wikidata but disabled on Test Wikidata, so if you want to reproduce the issue on Test Wikidata, enable that AbuseFilter first.

Lucas_Werkmeister_WMDE renamed this task from Special:NewEntitySchema doesn’t catch AbuseFilter errors to [ES][SW] Special:NewEntitySchema doesn’t catch AbuseFilter errors.Thu, May 23, 12:17 PM

Prio Notes:

Impact AreaAffected
production / end usersyes
monitoringno
development effortsno
onboarding effortsno
additional stakeholdersyes (Wikidata admins who manage the AbuseFilters and/or users who get blocked by the filters)