#### Description
I have been working on a refactor of the [[ https://www.mediawiki.org/wiki/Extension:StopForumSpam | StopForumSpam extension ]], with the goal of eventually deploying it to beta (T181217) and then some set of smaller projects which suffer from an onslaught of spam. Once the primary change set for this work has been merged, the plan is to deploy the extension to beta sometime prior to the end of Q2 (December 31st, 2020).
#### Preview environment
> If the changes cannot be hosted on Beta Cluster, explain why and provide links to an alternate public environment instead where the Performance Team can also SSH into. Links to code only is insufficient for a performance review.
The extension ~~is not yet within~~ has been deployed to the beta cluster ~~, but should be deployed there prior to the end of Q2 (December 31st, 2020~~). I have created this review task a bit early with the hope that it can be placed upon the #Performance-Team 's docket for Q3. Further, the extension doesn't feature much of a front-end and is fairly trivial to build out and test within a local MediaWiki installation.
#### Which code to review
The main refactor change set is here and ~~very close to being~~ has been merged: https://gerrit.wikimedia.org/r/630298
#### Performance assessment
Please initiate the performance assessment by answering the below:
- What work has been done to ensure the best possible performance of the feature?
- {icon info-circle color=blue} Basic coding best practices and guidelines for MediaWiki extension development.
- What are likely to be the weak areas (e.g. bottlenecks) of the code in terms of performance?
- {icon info-circle color=blue} The extension relies heavily upon MediaWiki's `WANObjectCache` for storage and retrieval of various IPv4 and IPv6 addresses, similar to [[ https://www.mediawiki.org/wiki/Extension:TorBlock | TorBlock ]].
- {icon info-circle color=blue} The `DenyListUpdate` class now supports fetching remote files from stopforumspam.com via MediaWiki's `HttpRequestFactory`.
- {icon info-circle color=blue} The primary way the extension triggers a block on a write-based action is with the `onGetUserPermissionsErrorsExpensive` hook.
- {icon info-circle color=blue} The `updateDenyList.php` maintenance script could be a DoS and/or data corruption vector if it was run concurrently at high frequency.
- Are there potential optimisations that haven't been performed yet?
- {icon info-circle color=blue} Not that I am aware of.
- Please list which performance measurements are in place for the feature and/or what you've measured ad-hoc so far. If you are unsure what to measure, ask the Performance Team for advice: [[ mailto:performance-team@wikimedia.org | performance-team@wikimedia.org ]].
- {icon info-circle color=blue} No extensive performance-testing has been completed thus far.