Page MenuHomePhabricator
Create Task
Maniphest T389854

Protected variables log: Log is not debounced if the target of the log entry has a space in their username
Closed, ResolvedPublic
Actions

Description

Summary

The AbuseFilter protected variables access log debounces logs, but fails to do this if the target has a space in their username. This also occurs in the CheckUser implementation of the logging.

Background

  • The AbuseFilter extension debounces logs related to viewing the value of protected variables for a given target user
  • This log debounces based on checking if an associated logging row already exists
    • However, this check does not properly format the target username into a DB form
    • This leads to the check always failing if the username includes a space
  • CheckUser overrides the logging to put the logs in the same place as other IP reveal logs, and the associated code has the same problem

Steps to reproduce

  1. Either:
    1. When testing the AbuseFilter part of the bug: Make sure that CheckUser is not installed, and if it is installed then temporarily uninstall it (commenting out wfLoadExtension( 'CheckUser' ); is enough for this step)
    2. When testing the CheckUser part of the bug: Make sure that CheckUser and AbuseFilter are installed
  2. Modify your temporary account creation config to include spaces in the username. For example, temporarily set $wgAutoCreateTempUser['genPattern'] = "~ $1";
  3. Create a test AbuseFilter where the filter includes the user_unnamed_ip variable such that it matches against edits made by temporary accounts on your wiki. For example, something like user_unnamed_ip = '172.20.0.1' for a local wiki
  4. Make a test edit using a temporary account that should cause a log entry for a match against the filter from step 2
  5. Open an account which can view protected variables and navigate to the Special:AbuseLog page
  6. Press details for the log entry created by the edit in step 3
  7. Refresh the page a couple of times
  8. Either:
    1. When testing AbuseFilter: Go to Special:Log and filter for the "Abuse filter protected variables log" type
    2. When testing CheckUser: Go to Special:Log and filter for the "Checkuser temporary account log" type

What happens
There is more than one log for the temporary account editing in step 3

What should happen instead
Only one log entry should exist for the temporary account editing in step 3

Acceptance criteria

  • The steps to reproduce no longer produce the unexpected behaviour

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Don't sanitize usernames passed to LogTemporaryAccountAccessJobmediawiki/extensions/CheckUsermaster+2 -2
Fix debouncing of IP reveal logs when target includes spacemediawiki/extensions/CheckUsermaster+150 -192
ProtectedVarsAccessLogger: Fix debouncer to use DB form for targetmediawiki/extensions/AbuseFiltermaster+52 -10
Customize query in gerrit

Event Timeline

Dreamy_Jazz created this task.Mar 24 2025, 6:39 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 24 2025, 6:39 PM
Dreamy_Jazz renamed this task from AbuseFilter protected variables log: Log is not debounced if the target of the log entry has a space in their username to Protected variables log: Log is not debounced if the target of the log entry has a space in their username.Mar 24 2025, 6:42 PM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz updated the task description. (Show Details)
gerritbot added a comment.Mar 25 2025, 1:19 PM

Change #1131006 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/AbuseFilter@master] ProtectedVarsAccessLogger: Fix debouncer to use DB form for target

https://gerrit.wikimedia.org/r/1131006

gerritbot added a project: Patch-For-Review.Mar 25 2025, 1:19 PM
gerritbot added a comment.Mar 25 2025, 6:43 PM

Change #1131074 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [WIP] Fix debouncing of IP reveal logs when target includes space

https://gerrit.wikimedia.org/r/1131074

Dreamy_Jazz claimed this task.Mar 25 2025, 6:54 PM
Dreamy_Jazz moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)) board.
Dreamy_Jazz moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)) board.Mar 26 2025, 7:13 PM
Dreamy_Jazz moved this task from Needs Review to In Progress on the Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)) board.
Dreamy_Jazz moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)) board.Mar 26 2025, 7:34 PM
gerritbot added a comment.Mar 31 2025, 12:26 PM

Change #1131006 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] ProtectedVarsAccessLogger: Fix debouncer to use DB form for target

https://gerrit.wikimedia.org/r/1131006

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.23; 2025-04-01).Mar 31 2025, 1:00 PM
Dreamy_Jazz moved this task from Inbox to Engineering on the Trust and Safety Product Team board.Apr 3 2025, 11:23 AM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)); removed Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)).Apr 14 2025, 2:52 PM
kostajh moved this task from Priority Backlog to Needs Review on the Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)) board.
gerritbot added a comment.Apr 23 2025, 5:14 PM

Change #1138418 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/CheckUser@master] Don't sanitize usernames passed to LogTemporaryAccountAccessJob

https://gerrit.wikimedia.org/r/1138418

gerritbot added a comment.Apr 24 2025, 4:34 PM

Change #1131074 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Fix debouncing of IP reveal logs when target includes space

https://gerrit.wikimedia.org/r/1131074

gerritbot added a comment.Apr 24 2025, 4:34 PM

Change #1138418 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Don't sanitize usernames passed to LogTemporaryAccountAccessJob

https://gerrit.wikimedia.org/r/1138418

ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.27; 2025-04-29); removed MW-1.44-notes (1.44.0-wmf.23; 2025-04-01).Apr 24 2025, 5:00 PM
Maintenance_bot removed a project: Patch-For-Review.Apr 24 2025, 5:30 PM
Dreamy_Jazz moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)) board.Apr 24 2025, 10:10 PM
Djackson-ctr moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)) board.Apr 30 2025, 5:19 AM
Djackson-ctr subscribed.

QA is completed, I have verified the new code has been implemented and is functioning as expected (Only one log entry exist for temporary accounts that have a space in the temporary account username).

kostajh closed this task as Resolved.Apr 30 2025, 6:02 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits