Add preference to enable viewing `user_unnamed_ip` IPs
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	STran
	Aug 5 2024, 11:46 AM

Description

Ahead of T365743: Log when AbuseFilter user sees IP address associated with temp account via user_unnamed_ip variable trigger, we'll need a preference similar to what CheckUser implements. I believe this is a legal requirement in order to maintain consistency in our IP reveal policy.

Acceptance Criteria:

A preference similar to CheckUser's checkuser-temporary-account-enable should be created for AbuseFilter
Users should have to check this preference before being able to see IPs revealed by user_unnamed_ip (possibly generalizable to protected variables for future proofing?)

Details

Related Changes in Gerrit:

Subject	Repo	Branch	Lines +/-
Add support for AbuseFilter's protected var view log	mediawiki/extensions/CheckUser	master	+39 -4
Bugfix: Fix minor issues with protected vars logging	mediawiki/extensions/AbuseFilter	master	+12 -7
Log changes to protected variables access	mediawiki/extensions/AbuseFilter	master	+207 -13
Add preference for viewing protected variables in AbuseFilter	mediawiki/extensions/AbuseFilter	master	+354 -8

Customize query in gerrit

Related Objects

Mentioned In: T365743: Log when AbuseFilter user sees IP address associated with temp account via user_unnamed_ip variable trigger
Mentioned Here: T151116: After passing the CAPTCHA page after warning, user is sent back to the Abuse Filter warning page
T365743: Log when AbuseFilter user sees IP address associated with temp account via user_unnamed_ip variable trigger

Event Timeline

STran created this task.Aug 5 2024, 11:46 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 5 2024, 11:46 AM

STran claimed this task.Aug 6 2024, 9:57 AM

STran moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Erhu (August 5th - August 16th)) board.Aug 14 2024, 2:13 PM

Change #1062717 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] [WIP] Add preference for viewing protected variables in AbuseFilter

https://gerrit.wikimedia.org/r/1062717

Change #1062718 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] [WIP] Log changes to protected variables access

https://gerrit.wikimedia.org/r/1062718

Dreamy_Jazz moved this task from Sprint Erhu (August 5th - August 16th) to Sprint Theremin (Aug 26 - Sept. 6) on the Trust and Safety Product Sprint board.Aug 27 2024, 12:30 PM

Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)); removed Trust and Safety Product Sprint (Sprint Erhu (August 5th - August 16th)).

Dreamy_Jazz moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)) board.

STran moved this task from In Progress to Needs review on the Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)) board.Aug 29 2024, 1:59 PM

Change #1072555 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] [WIP] Log specific views of protected variables

https://gerrit.wikimedia.org/r/1072555

Change #1062717 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Add preference for viewing protected variables in AbuseFilter

https://gerrit.wikimedia.org/r/1062717

Change #1062718 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Log changes to protected variables access

https://gerrit.wikimedia.org/r/1062718

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.23; 2024-09-17).Sep 13 2024, 1:00 PM

Dreamy_Jazz moved this task from Sprint Theremin (Aug 26 - Sept. 6) to Sprint Beatboxing (Sept 16-27) on the Trust and Safety Product Sprint board.Sep 16 2024, 10:10 AM

Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)); removed Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)).

Dreamy_Jazz moved this task from Priority Backlog to Needs review on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.

STran moved this task from Needs review to Needs QA on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.Sep 16 2024, 10:19 AM

Change #1074725 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Add support for AbuseFilter's protected var view log

https://gerrit.wikimedia.org/r/1074725

Change #1074969 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] Bugfix: Fix minor issues with protected vars logging

https://gerrit.wikimedia.org/r/1074969

Dreamy_Jazz moved this task from Needs QA to Needs review on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.Sep 23 2024, 11:19 AM

Dreamy_Jazz moved this task from Needs review to Needs QA on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.

Change #1074969 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Bugfix: Fix minor issues with protected vars logging

https://gerrit.wikimedia.org/r/1074969

ReleaseTaggerBot edited projects, added MW-1.43-notes (1.43.0-wmf.24; 2024-09-24); removed MW-1.43-notes (1.43.0-wmf.23; 2024-09-17).Sep 23 2024, 12:00 PM

Dreamy_Jazz removed a project: Patch-For-Review.Sep 23 2024, 12:07 PM

Change #1074725 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Add support for AbuseFilter's protected var view log

https://gerrit.wikimedia.org/r/1074725

gerritbot added a project: Patch-For-Review.Sep 30 2024, 1:56 PM

Change #1074725 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Add support for AbuseFilter's protected var view log

https://gerrit.wikimedia.org/r/1074725

ReleaseTaggerBot edited projects, added MW-1.43-notes (1.43.0-wmf.26; 2024-10-08); removed MW-1.43-notes (1.43.0-wmf.24; 2024-09-24).Oct 3 2024, 3:00 PM

Dreamy_Jazz moved this task from Sprint Beatboxing (Sept 16-27) to Sprint Cello (Oct 7 - 18) on the Trust and Safety Product Sprint board.Oct 8 2024, 10:13 AM

Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)); removed Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)).

Dreamy_Jazz moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)) board.

Dreamy_Jazz removed a project: Patch-For-Review.

Titore subscribed.Oct 9 2024, 12:03 AM

AbuseFilter is far too complicated and untestable for me to have much confidence that I know its current status.

There are too many combinations to test, too many endpoints and AbuseFilter doesn't have an API to make testing them easier.

See also comments made in T151116#10196141.

I have only tested with temporary accounts enabled. I have not tested global filters.

I have focused on permissions testing: are filters/logs which use the user_unnamed_ip variable hidden from users without the right to see them?

The below testing should be treated with caution.

Special:AbuseFilter:

Cannot see protected filters
Cannot search for "user_unnamed_ip"
Tested a few protected filters with Special:AbuseFilter/<filter id> and got "You may not view details of this filter, because it uses protected variables and is hidden from public view."

Special:AbuseLog/<log id>:

This was reasonably systematically tested via phpunit for different combinations of filters and log events

Special:AbuseFilter/examine/<rc id>:

The "user_unnamed_ip" variables always appears as "null"

Special:AbuseFilter/examine/log/<log id>:

Tested a large number of abuse filter logs to check that no IPs appeared

Special:AbuseFilter/test:

Load filter ID did not load any protected variables (actually uses list=abusefilter)
Settings "rules to test" as "user_unnamed_ip" and clicking "Test" returned "The filter is not shown, as it uses protected variables and is hidden from public view."
Testing a few protected filters in Special:AbuseFilter/test/<filter id> returned same error as above

Special:AbuseFilter/history:

Don't see protected filters in the table
Cannot search the history for a protected filter ("The filter you requested uses protected variables, and you cannot view its history.")
Going to Special:AbuseFilter/history/<filter id>/item/<history id> returns "You may not view details of this filter, because it uses protected variables and is hidden from public view."
Special:AbuseFilter/history/<filter id>/diff/<history id>/<history id> does show if both <history id>'s are not protected, regardless of whether <filter id> is currently protected
- Otherwise you see "The filter you requested uses protected variables, and you cannot view its history."

Special:AbuseFilter/revert:

You can revert actions taken by filters which you don't have permission to see

Api action=abusefiltercheckmatch:

Cannot see a log I don't have permission to see ("info": "Permission denied.")
When looking up a recent change ID, it always seems to return "result": true regardless of whether the filter is protected, unprotected or does not exist

Api action=abusefilterchecksyntax:

Always seemed to return "status": "ok" regardless of whether the filter's pattern was valid or not

Not tested (no risk related to recent work identified):

Special:AbuseLog/private/<log id>
Special:AbuseFilter/tools
action=abusefilterevalexpression
action=abusefilterunblockautopromote
action=abuselogprivatedetails

dom_walden mentioned this in T365743: Log when AbuseFilter user sees IP address associated with temp account via user_unnamed_ip variable trigger.Oct 21 2024, 3:03 PM

kostajh closed this task as Resolved.Oct 28 2024, 11:17 AM

Add preference to enable viewing `user_unnamed_ip` IPsClosed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

Add preference to enable viewing `user_unnamed_ip` IPs
Closed, ResolvedPublic
Actions