Page MenuHomePhabricator
Create Task
Maniphest T387328

Refactor CheckUser ProtectedVarsAccessLogger logging out of AbuseFilter
Closed, ResolvedPublic
Actions

Description

Following T387324: Add hook to support custom logging in `ProtectedVarsAccessLogger`, we should no longer be checking for CheckUser in ProtectedVarsAccessLogger and instead should use this new mechanism from within the CU extension instead. Since CU no longer needs to expose its log to other extensions, the changes made in I35d50df7cd6754e29d964cc716fb3c42406272df could possibly be removed as well.

Acceptance Criteria:

  • ProtectedVarsAccessLogger no longer needs to check for CU or use its logger
  • Any refactoring needed to be done to TemporaryAccountLogger (external logging) is done
  • CheckUser calls the new hook in ProtectedVarsAccessLogger to log access
  • Access is not logged twice between AbuseFilter and CheckUser (feature parity)

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Remove CU-specific logging logicmediawiki/extensions/AbuseFiltermaster+51 -170
Log access to protected variables from AbuseFiltermediawiki/extensions/CheckUsermaster+154 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

STran created this task.Feb 26 2025, 1:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 26 2025, 1:00 PM
STran mentioned this in T385687: Investigate: How should the AbuseFilter variable `user_unnamed_ip` be restricted.Feb 26 2025, 1:31 PM
STran added a parent task: T354599: [EPIC] WE4.2.14b Provide IP reputation variables in AbuseFilter.Feb 26 2025, 3:38 PM
STran added a project: Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)).Feb 26 2025, 3:40 PM
STran mentioned this in T387329: Investigate: Confirm our logging expectations for AbuseFilter/CheckUser Temporary Accounts logs when using protected variables.Feb 26 2025, 3:47 PM
STran mentioned this in T380919: Don't funnel all protected variable access logs to CheckUser temporary account access log.
Dreamy_Jazz moved this task from Inbox to Engineering on the Trust and Safety Product Team board.Feb 28 2025, 5:52 PM
Dreamy_Jazz edited projects, added Trust and Safety Product Team (Engineering); removed Trust and Safety Product Team.
STran claimed this task.Mar 4 2025, 1:04 PM
STran moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)) board.
gerritbot added a comment.Mar 6 2025, 6:35 PM

Change #1125213 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] [WIP] Remove CU-specific logging logic

https://gerrit.wikimedia.org/r/1125213

gerritbot added a project: Patch-For-Review.Mar 6 2025, 6:35 PM

Change #1125214 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] [WIP] Log access to protected variables from AbuseFilter

https://gerrit.wikimedia.org/r/1125214

kostajh moved this task from Engineering to Engineering on the Trust and Safety Product Team board.Mar 10 2025, 12:44 PM
kostajh edited projects, added Trust and Safety Product Team; removed Trust and Safety Product Team (Engineering).
STran moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)) board.Mar 13 2025, 10:56 AM
gerritbot added a comment.Mar 13 2025, 1:43 PM

Change #1125214 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Log access to protected variables from AbuseFilter

https://gerrit.wikimedia.org/r/1125214

gerritbot added a comment.Mar 13 2025, 1:53 PM

Change #1125213 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Remove CU-specific logging logic

https://gerrit.wikimedia.org/r/1125213

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.21; 2025-03-18).Mar 13 2025, 2:00 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 13 2025, 2:30 PM
STran moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)) board.Mar 13 2025, 2:32 PM
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)); removed Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)).Mar 24 2025, 2:21 PM
Tchanders moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)) board.
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)); removed Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)).Apr 14 2025, 2:52 PM
kostajh moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)) board.
dom_walden moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)) board.Apr 16 2025, 2:57 PM
dom_walden subscribed.

This was tested as part of T390708#10748237. I added another variable to $wgAbuseFilterProtectedVariables so I could see access being logged to both checkuser-temporary-account and abusefilter-protected-vars, as appropriate.

kostajh closed this task as Resolved.Apr 16 2025, 3:34 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits