Page MenuHomePhabricator
Create Task
Maniphest T391720

Address Rust security review findings
Closed, ResolvedPublic
Actions

Description

Description

We probably can't reduce the risk below medium, but there are absolutely actions we can take to mitigate some of the findings.

This is a tracking bug.

Completion checklist

Related Objects
Search...

Event Timeline

cmassaro created this task.Apr 11 2025, 7:05 PM
cmassaro added a subtask: T391721: Run cargo clippy/fix in CI.
cmassaro added a subtask: T391722: Add fuzz testing to the Rust evaluator.Apr 11 2025, 7:10 PM
cmassaro added a subtask: T391723: Fix broken JS executor tests for Rust.
Jdforrester-WMF edited projects, added Abstract Wikipedia team (25Q4 (Apr–Jun)), OKR-Work; removed Abstract Wikipedia team.Apr 16 2025, 3:50 PM
Jdforrester-WMF moved this task from Incoming to Ready on the Abstract Wikipedia team (25Q4 (Apr–Jun)) board.Apr 16 2025, 3:57 PM
DSantamaria triaged this task as Medium priority.Apr 16 2025, 4:31 PM
DSantamaria edited projects, added Essential-Work; removed OKR-Work.
DSantamaria edited projects, added Abstract Wikipedia team; removed Abstract Wikipedia team (25Q4 (Apr–Jun)).May 14 2025, 1:47 PM
DSantamaria moved this task from To Triage to Engineering Backlog on the Abstract Wikipedia team board.
Jdforrester-WMF subscribed.May 14 2025, 1:56 PM

This is essential work that we committed to Security to do, and was triaged as such. Why did this get moved out to the engineering backlog?

cmassaro added a comment.May 14 2025, 2:20 PM

@Jdforrester-WMF The plan was to tie this to a Q1 epic around Rust. Is that reasonable? If not, do we have a more "urgent" place to put it than the engineering backlog?

cmassaro added a parent task: T382433: Get the Rust prototype of the function-evaluator's executors into a state where it could be deployed.May 21 2025, 12:26 PM
DSantamaria edited projects, added Abstract Wikipedia team (26Q1 (Jul–Sep)); removed Abstract Wikipedia team.Jul 16 2025, 2:11 PM
DSantamaria moved this task from Incoming to Ready on the Abstract Wikipedia team (26Q1 (Jul–Sep)) board.
cmassaro closed subtask T391721: Run cargo clippy/fix in CI as Resolved.Aug 22 2025, 9:07 PM
cmassaro changed the status of subtask T391723: Fix broken JS executor tests for Rust from Open to In Progress.Sep 23 2025, 12:55 PM
Jdforrester-WMF closed subtask T391723: Fix broken JS executor tests for Rust as Resolved.Sep 25 2025, 9:47 AM
Jdforrester-WMF changed the status of subtask T391722: Add fuzz testing to the Rust evaluator from Open to In Progress.
Jdforrester-WMF moved this task from Ready to Needs Sign-off on the Abstract Wikipedia team (26Q1 (Jul–Sep)) board.Sep 30 2025, 1:39 PM

All sub-tasks are Resolved or in sign-off, so this is too.

Jdforrester-WMF assigned this task to cmassaro.Sep 30 2025, 1:39 PM
cmassaro closed this task as Resolved.Sep 30 2025, 1:40 PM
cmassaro closed subtask T391722: Add fuzz testing to the Rust evaluator as Resolved.
Jdforrester-WMF removed a parent task: T382433: Get the Rust prototype of the function-evaluator's executors into a state where it could be deployed.Oct 1 2025, 8:54 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits