Page MenuHomePhabricator
Create Task
Maniphest T380290

Remove protected flag from accidentally protected filters
Closed, ResolvedPublic
Actions

Description

Background

Before T377765: Do not allow protecting abuse filters if PII variables are not used, it was possible to set the protected flag on filters that did not contain protected variables. The flag cannot be removed (to avoid leaking private data via the logs), so doing this accidentally could cause editors who didn't have the right permissions to be locked out of the filter permanently.

In T378551: Create a way to unprotect an abuse filter, a maintenance script was added to undo this mistake. This task is for running the maintenance script.

Acceptance criteria
  • The filter mentioned in T377765#10307225 is set to unprotected
  • Any other filters known to be wrongly protected are unprotected

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
maintenance/SearchFilters: Allow searching by privacy levelmediawiki/extensions/AbuseFiltermaster+86 -18
Add documentation about running RemoveProtectedFlagFromFiltermediawiki/extensions/AbuseFiltermaster+8 -0
Customize query in gerrit

Related Objects

Event Timeline

Tchanders created this task.Nov 19 2024, 4:04 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 19 2024, 4:04 PM
Tchanders mentioned this in T378551: Create a way to unprotect an abuse filter.Nov 19 2024, 4:04 PM
Tchanders mentioned this in T377765: Do not allow protecting abuse filters if PII variables are not used.
Johannnes89 subscribed.Nov 20 2024, 6:13 PM
Tchanders moved this task from Ready to In Progress on the Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)) board.Nov 25 2024, 10:07 AM
Tchanders added a comment.Nov 25 2024, 11:12 AM

The filter mentioned in T377765#10307225 is set to unprotected

While preparing to run the script on this filter, I found that it may not be a good idea to do after all:

Tchanders added a comment.Nov 25 2024, 11:55 AM
In T380290#10352299, @Tchanders wrote:
  • Running the unprotect maintenance script therefore seems unnecessary and likely to cause confusion

Having discussed this on Slack, it was still valuable to run the script, so that the logs wouldn't be "protected". (They are still "hidden", as they were before they were accidentally "protected".)

Diff: https://en.wikipedia.org/wiki/Special:AbuseFilter/history/1165/diff/prev/34484 (access restricted)

gerritbot added a comment.Nov 25 2024, 12:08 PM

Change #1097358 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/AbuseFilter@master] Add documentation about running RemoveProtectedFlagFromFilter

https://gerrit.wikimedia.org/r/1097358

gerritbot added a project: Patch-For-Review.Nov 25 2024, 12:08 PM
Tchanders added a comment.Nov 25 2024, 1:12 PM
  • Any other filters known to be wrongly protected are unprotected

We'll do this by allowing AbuseFilter/maintenance/SearchFilters to search by privacy level.

gerritbot added a comment.Nov 25 2024, 1:28 PM

Change #1097377 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/AbuseFilter@master] maintenance/SearchFilters: Allow searching by privacy level

https://gerrit.wikimedia.org/r/1097377

gerritbot added a comment.Nov 25 2024, 3:02 PM

Change #1097358 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Add documentation about running RemoveProtectedFlagFromFilter

https://gerrit.wikimedia.org/r/1097358

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.5; 2024-11-25).Nov 25 2024, 4:00 PM
gerritbot added a comment.Nov 26 2024, 12:31 PM

Change #1097377 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] maintenance/SearchFilters: Allow searching by privacy level

https://gerrit.wikimedia.org/r/1097377

ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.6; 2024-12-03); removed MW-1.44-notes (1.44.0-wmf.5; 2024-11-25).Nov 26 2024, 1:00 PM
Maintenance_bot removed a project: Patch-For-Review.Nov 26 2024, 1:30 PM
Tchanders moved this task from In Progress to Ready on the Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)) board.Nov 26 2024, 5:21 PM
  • Any other filters known to be wrongly protected are unprotected

We can do this once https://gerrit.wikimedia.org/r/1097377 is deployed everywhere. Moving back to Ready until then.

Tchanders mentioned this in T365740: Document the changes introduced for temporary accounts.Nov 26 2024, 5:55 PM
Tchanders added a comment.Dec 6 2024, 4:58 PM

I checked which filters use protected variables and which are protected, across all wikis. Since there is only one protected variable (user_unnamed_ip) and any user can see which filters are protected, regardless of their rights (T381470), it is safe to share this information here.

Filters that contain a protected variable

Summary: All of these filters contain user_unnamed_ip. They are all protected (see second table), except for one where user_unnamed_ip was in the comments.
Action needed: None

wikifilteris protected
hrwiki18Y
hrwiki33Y
hrwiki38Y
hrwiki45Y
itwikiquote10Y
metawiki202No, but has never used protected variables. Match was in comment.
metawiki377Y
rowiki98Y
testwiki257Y
testwiki273Y
zh_yuewiki30Y
zh_yuewiki39Y
zh_yuewiki59Y
zh_yuewiki60Y
zh_yuewiki62Y
zh_yuewiki63Y
zh_yuewiki64Y
Filters that are protected

Summary: All of these filters are protected. Most currently use user_unnamed_ip. Some don't any more but used to, so are correctly protected. Some are protected but never used user_unnamed_ip, so should be unprotected.

Action needed: See table

wikifiltershould be protectedaction needed
hrwiki18Y-
hrwiki33Y-
hrwiki38Y-
hrwiki45Y-
itwikiquote10Y-
metawiki23No, never used protected variablesunprotect
metawiki377Y-
nlwiki151No, never used protected variablesunprotect
nlwiki171No, never used protected variablesunprotect
nlwiki172Y-
nlwiki174Y-
rowiki98Y-
test2wiki40No, never used protected variablesunprotect
testwiki24No, never used protected variablesunprotect
testwiki257Y-
testwiki271No, never used protected variablesunprotect
testwiki273Y-
zh_yuewiki30Y-
zh_yuewiki39Y-
zh_yuewiki59Y-
zh_yuewiki60Y-
zh_yuewiki62Y-
zh_yuewiki63Y-
zh_yuewiki64Y-
Tchanders closed this task as Resolved.Dec 6 2024, 5:33 PM
Tchanders moved this task from Ready to Done on the Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)) board.

The filters mentioned in T380290#10387123 have been updated (with explanatory comments added to the filters) and no longer appear in the search for protected filters.

Johannnes89 added a comment.Dec 6 2024, 7:39 PM

Thanks for your work on this!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits