Page MenuHomePhabricator
Create Task
Maniphest T376885

TypeError: Argument 2 passed to MediaWiki\Extension\AbuseFilter\ProtectedVarsAccessLogger::logViewProtectedVariableValue() must be of the type string, null given
Closed, ResolvedPublicBUG REPORT
Actions

Description

What is the problem?

Trying to access the details/examine an abuse filter log I am getting the below exceptions:

For Special:AbuseLog/<log id>:

[fdd36556b437c8cf96519d0b] /wiki/Special:AbuseLog/236 TypeError: Argument 2 passed to MediaWiki\Extension\AbuseFilter\ProtectedVarsAccessLogger::logViewProtectedVariableValue() must be of the type string, null given, called in /var/www/html/w/extensions/AbuseFilter/includes/Special/SpecialAbuseLog.php on line 842

Backtrace:

from /var/www/html/w/extensions/AbuseFilter/includes/ProtectedVarsAccessLogger.php(99)
#0 /var/www/html/w/extensions/AbuseFilter/includes/Special/SpecialAbuseLog.php(842): MediaWiki\Extension\AbuseFilter\ProtectedVarsAccessLogger->logViewProtectedVariableValue()
#1 /var/www/html/w/extensions/AbuseFilter/includes/Special/SpecialAbuseLog.php(243): MediaWiki\Extension\AbuseFilter\Special\SpecialAbuseLog->showDetails()
#2 /var/www/html/w/includes/specialpage/SpecialPage.php(723): MediaWiki\Extension\AbuseFilter\Special\SpecialAbuseLog->execute()
#3 /var/www/html/w/includes/specialpage/SpecialPageFactory.php(1724): MediaWiki\SpecialPage\SpecialPage->run()
#4 /var/www/html/w/includes/actions/ActionEntryPoint.php(504): MediaWiki\SpecialPage\SpecialPageFactory->executePath()
#5 /var/www/html/w/includes/actions/ActionEntryPoint.php(146): MediaWiki\Actions\ActionEntryPoint->performRequest()
#6 /var/www/html/w/includes/MediaWikiEntryPoint.php(200): MediaWiki\Actions\ActionEntryPoint->execute()
#7 /var/www/html/w/index.php(58): MediaWiki\MediaWikiEntryPoint->run()
#8 {main}

Special:AbuseFilter/examine/log/<log id>:

[93fde6f86959cbaa00443a28] /wiki/Special:AbuseFilter/examine/log/236 TypeError: Argument 2 passed to MediaWiki\Extension\AbuseFilter\ProtectedVarsAccessLogger::logViewProtectedVariableValue() must be of the type string, null given, called in /var/www/html/w/extensions/AbuseFilter/includes/View/AbuseFilterViewExamine.php on line 344

Backtrace:

from /var/www/html/w/extensions/AbuseFilter/includes/ProtectedVarsAccessLogger.php(99)
#0 /var/www/html/w/extensions/AbuseFilter/includes/View/AbuseFilterViewExamine.php(344): MediaWiki\Extension\AbuseFilter\ProtectedVarsAccessLogger->logViewProtectedVariableValue()
#1 /var/www/html/w/extensions/AbuseFilter/includes/View/AbuseFilterViewExamine.php(132): MediaWiki\Extension\AbuseFilter\View\AbuseFilterViewExamine->showExaminerForLogEntry()
#2 /var/www/html/w/extensions/AbuseFilter/includes/Special/SpecialAbuseFilter.php(175): MediaWiki\Extension\AbuseFilter\View\AbuseFilterViewExamine->show()
#3 /var/www/html/w/includes/specialpage/SpecialPage.php(723): MediaWiki\Extension\AbuseFilter\Special\SpecialAbuseFilter->execute()
#4 /var/www/html/w/includes/specialpage/SpecialPageFactory.php(1724): MediaWiki\SpecialPage\SpecialPage->run()
#5 /var/www/html/w/includes/actions/ActionEntryPoint.php(504): MediaWiki\SpecialPage\SpecialPageFactory->executePath()
#6 /var/www/html/w/includes/actions/ActionEntryPoint.php(146): MediaWiki\Actions\ActionEntryPoint->performRequest()
#7 /var/www/html/w/includes/MediaWikiEntryPoint.php(200): MediaWiki\Actions\ActionEntryPoint->execute()
#8 /var/www/html/w/index.php(58): MediaWiki\MediaWikiEntryPoint->run()
#9 {main}

My suspicion:

  • The filter which triggered those log entries is marked as protected but does not use the user_unnamed_ip variable.
  • So far all the log entries where I have seen these exceptions are for the autocreateaccount action.
  • Filters which use the pattern user_unnamed_ip do not trigger such a log entry, so the assumption is that protected filters do not need to support such a log entry.

However, it is possible to have a protected filter which does not use the user_unnamed_ip variable, and this will trigger an autocreateaccount log entry. For example:

  • When creating a filter, you can check the I understand that details of this filter will be hidden from users who cannot see protected variables checkbox regardless of which variables you have used.
  • You can edit an existing filter and remove any user_unnamed_ip variables from its pattern. This will not remove its protected status.
Steps to reproduce problem
  1. Enable temporary accounts on your wiki (e.g. $wgAutoCreateTempUser['enabled'] = true;)
  2. As an admin with the abusefilter-access-protected-vars right, create a new abuse filter (Special:AbuseFilter/new)
    1. Choose any value for description and for pattern put action
    2. Check the box that says I understand that details of this filter will be hidden from users who cannot see protected variables
  3. As an anonymous user (not logged in as either a named user or temporary user) perform an edit
  4. As the admin from step 2, go to Special:AbuseLog
  5. You will see two entries for the edit you made in step 3. One will say triggered filter <id>, performing the action "autocreateaccount". For this entry, click details and/or examine

Expected behaviour: The details or examine pages will load successfully.
Observed behaviour: Above exception(s).

Environment

Wiki(s): local docker Abuse Filter – (11901be) 07:41, 8 October 2024.

Details

SubjectRepoBranchLines +/-
Protected variable logs: fallback to accountname if user_name is not setmediawiki/extensions/AbuseFiltermaster+37 -14
Customize query in gerrit

Related Objects

Event Timeline

dom_walden created this task.Oct 10 2024, 10:47 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 10 2024, 10:47 AM
kostajh edited projects, added Temporary accounts (Blockers to minor pilot wiki deployment); removed Temporary accounts.Oct 10 2024, 10:48 AM
dom_walden added a comment.Oct 10 2024, 12:28 PM

I have also seen this happen for an abuse filter log entry for creating an account while logged out (but not creating an account as a temporary user).

dom_walden renamed this task from TypeError: Argument 2 passed to {method} must be of the type string, null given to TypeError: Argument 2 passed to MediaWiki\Extension\AbuseFilter\ProtectedVarsAccessLogger::logViewProtectedVariableValue() must be of the type string, null given.Oct 10 2024, 2:59 PM
XXBlackburnXx subscribed.Oct 10 2024, 4:35 PM
kostajh claimed this task.Oct 15 2024, 12:37 PM
kostajh moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)) board.
kostajh moved this task from Backlog to In progress on the Temporary accounts (Blockers to minor pilot wiki deployment) board.
kostajh added a subscriber: STran.Oct 15 2024, 2:29 PM

The problem is that we assume that user_name will be set, but for account creations (and autocreations), AbuseFilter sets a value for accountname instead. I'll make a patch to update AbuseFilterExamine.php and SpecialAbuseLog.php to fallback to accountname if user_name is not set.

In theory, the same issue should occur in QueryAbuseLog.php (via the API) but I could not reproduce the error there. That appears to be because in QueryAbuseLog.php we check to see if a protected variable is actually used in the filter (with ->getUsedProtectedVariables) whereas in the other two entrypoints, we do not. I am not sure why we do that for the API entrypoint but not the other two (cc @STran).

gerritbot added a comment.Oct 15 2024, 2:33 PM

Change #1080302 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/AbuseFilter@master] (WIP) Protected variable logs: fallback to accountname if user_name is not set

https://gerrit.wikimedia.org/r/1080302

gerritbot added a project: Patch-For-Review.Oct 15 2024, 2:33 PM
gerritbot added a comment.Oct 21 2024, 8:18 PM

Change #1080302 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Protected variable logs: fallback to accountname if user_name is not set

https://gerrit.wikimedia.org/r/1080302

Maintenance_bot removed a project: Patch-For-Review.Oct 21 2024, 8:30 PM
ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.28; 2024-10-22).Oct 21 2024, 9:00 PM
kostajh moved this task from In Progress to Needs QA on the Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)) board.Mon, Oct 28, 10:28 AM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15); removed Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)).Mon, Oct 28, 11:05 AM
kostajh moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15) board.
kostajh moved this task from In progress to Done / QA on the Temporary accounts (Blockers to minor pilot wiki deployment) board.Mon, Oct 28, 4:31 PM
dom_walden moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15) board.Mon, Nov 4, 9:26 AM

I cannot reproduce this exception for either the autocreateaccount or createaccount actions.

Test environment: local docker Abuse Filter – (4616b72) 07:34, 1 November 2024.

kostajh closed this task as Resolved.Mon, Nov 4, 9:29 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits