[go: nahoru, domu]
Page MenuHomePhabricator
Create Task
Maniphest T365452

[ES] Special:NewEntitySchema doesn’t catch AbuseFilter errors
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

As mentioned in this security change and T339016#8984703, Special:NewEntitySchema currently produces an uncaught internal error if the EntitySchema creation is blocked by an AbuseFilter:

image.png (562×1 px, 70 KB)

According to the commit message, other edit scenarios also don’t show any details about the failed AbuseFilter, though at least they don’t crash completely. It would be nice to fix that too, though that might not be part of this task.

Error
normalized_message
[{reqId}] {exception_url}   RuntimeException: This action has been automatically identified as harmful, and therefore disallowed.
If you believe your action was constructive, please inform an administrator of what you were trying to do.
A brief descriptio
exception.trace
from /srv/mediawiki/php-1.43.0-wmf.6/extensions/EntitySchema/src/DataAccess/MediaWikiRevisionEntitySchemaInserter.php(124)
#0 /srv/mediawiki/php-1.43.0-wmf.6/extensions/EntitySchema/src/DataAccess/MediaWikiRevisionEntitySchemaInserter.php(100): EntitySchema\DataAccess\MediaWikiRevisionEntitySchemaInserter->saveRevision(MediaWiki\Storage\PageUpdater, EntitySchema\MediaWiki\Content\EntitySchemaContent, MediaWiki\CommentStore\CommentStoreComment)
#1 /srv/mediawiki/php-1.43.0-wmf.6/extensions/EntitySchema/src/MediaWiki/Specials/NewEntitySchema.php(119): EntitySchema\DataAccess\MediaWikiRevisionEntitySchemaInserter->insertSchema(string, string, string, array, string)
#2 [internal function]: EntitySchema\MediaWiki\Specials\NewEntitySchema->submitCallback(array, MediaWiki\HTMLForm\OOUIHTMLForm)
#3 /srv/mediawiki/php-1.43.0-wmf.6/includes/htmlform/HTMLForm.php(792): call_user_func(array, array, MediaWiki\HTMLForm\OOUIHTMLForm)
#4 /srv/mediawiki/php-1.43.0-wmf.6/includes/htmlform/HTMLForm.php(673): MediaWiki\HTMLForm\HTMLForm->trySubmit()
#5 /srv/mediawiki/php-1.43.0-wmf.6/extensions/EntitySchema/src/MediaWiki/Specials/NewEntitySchema.php(84): MediaWiki\HTMLForm\HTMLForm->tryAuthorizedSubmit()
#6 /srv/mediawiki/php-1.43.0-wmf.6/includes/specialpage/SpecialPage.php(719): EntitySchema\MediaWiki\Specials\NewEntitySchema->execute(NULL)
#7 /srv/mediawiki/php-1.43.0-wmf.6/includes/specialpage/SpecialPageFactory.php(1680): MediaWiki\SpecialPage\SpecialPage->run(NULL)
#8 /srv/mediawiki/php-1.43.0-wmf.6/includes/actions/ActionEntryPoint.php(502): MediaWiki\SpecialPage\SpecialPageFactory->executePath(string, MediaWiki\Context\RequestContext)
#9 /srv/mediawiki/php-1.43.0-wmf.6/includes/actions/ActionEntryPoint.php(145): MediaWiki\Actions\ActionEntryPoint->performRequest()
#10 /srv/mediawiki/php-1.43.0-wmf.6/includes/MediaWikiEntryPoint.php(200): MediaWiki\Actions\ActionEntryPoint->execute()
#11 /srv/mediawiki/php-1.43.0-wmf.6/index.php(58): MediaWiki\MediaWikiEntryPoint->run()
#12 /srv/mediawiki/w/index.php(3): require(string)
#13 {main}
Impact

While the edit is correctly blocked, users don’t see any useful information with the error. (Also, if the AbuseFilter is set to “warn”, that probably doesn’t work properly, since the user doesn’t get a chance to retry their edit.) Also, minor logspam (volume depends on how often users try to do the blocked activity).

Notes

Details

Request URL
https://test.wikidata.org/wiki/Special:NewEntitySchema
SubjectRepoBranchLines +/-
Add error handling for HookRunner failures during EntitySchema createmediawiki/extensions/EntitySchemamaster+84 -10
Customize query in gerrit

Related Objects

Event Timeline

Lucas_Werkmeister_WMDE created this task.May 21 2024, 9:55 AM
Restricted Application added a project: wmde-wikidata-tech. · View Herald TranscriptMay 21 2024, 9:55 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Lucas_Werkmeister_WMDE updated the task description. (Show Details)May 21 2024, 1:45 PM

Note: the abuse filter blocking Entityschema creation is currently enabled on Wikidata but disabled on Test Wikidata, so if you want to reproduce the issue on Test Wikidata, enable that AbuseFilter first.

Lucas_Werkmeister_WMDE renamed this task from Special:NewEntitySchema doesn’t catch AbuseFilter errors to [ES][SW] Special:NewEntitySchema doesn’t catch AbuseFilter errors.May 23 2024, 12:17 PM
Lucas_Werkmeister_WMDE moved this task from Incoming to [DOT] By Project on the wmde-wikidata-tech board.
Lucas_Werkmeister_WMDE added a project: Wikidata Dev Team.
Lucas_Werkmeister_WMDE added a comment.May 23 2024, 12:26 PM

Prio Notes:

Impact AreaAffected
production / end usersyes
monitoringno
development effortsno
onboarding effortsno
additional stakeholdersyes (Wikidata admins who manage the AbuseFilters and/or users who get blocked by the filters)
Lucas_Werkmeister_WMDE moved this task from [DOT] By Project to [DOT] Prioritized on the wmde-wikidata-tech board.May 23 2024, 12:27 PM
Lucas_Werkmeister_WMDE moved this task from Incoming to [DOT] Tech Backlog on the Wikidata Dev Team board.
brennen moved this task from Untriaged to May 2024 on the Wikimedia-production-error board.May 23 2024, 3:23 PM
ItamarWMDE subscribed.Jul 3 2024, 9:30 AM

Story Writing Notes

  • Ask Lucas for advice on how to set up and reproduce the errors locally
Arian_Bozorg renamed this task from [ES][SW] Special:NewEntitySchema doesn’t catch AbuseFilter errors to [ES] Special:NewEntitySchema doesn’t catch AbuseFilter errors.Jul 3 2024, 9:32 AM
Arian_Bozorg moved this task from [DOT] Tech Backlog to Unified DOT Backlog on the Wikidata Dev Team board.
ArthurTaylor claimed this task.Jul 8 2024, 9:16 AM
ArthurTaylor edited projects, added Wikidata Dev Team (Wikidata.org Slice); removed Wikidata Dev Team.
Lucas_Werkmeister_WMDE added a comment.Jul 8 2024, 10:19 AM

Ask Lucas for advice on how to set up and reproduce the errors locally

You can configure the filters on Special:AbuseFilter; I’ve found the following filters useful during testing:

  • block all edits: 1 == 1
  • block everything except redirects: !(added_lines contains "#REDIRECT")

Enable the filter only while testing (uncheck “Enable this filter” afterwards), and set the action to “Prevent the user from performing the action in question” (and none of the other actions).

ArthurTaylor moved this task from In Task Breakdown to In Development on the Wikidata Dev Team (Wikidata.org Slice) board.Jul 8 2024, 10:36 AM
gerritbot added a comment.Jul 8 2024, 11:59 AM

Change #1052714 had a related patch set uploaded (by Arthur taylor; author: Arthur taylor):

[mediawiki/extensions/EntitySchema@master] Add error handling for HookRunner failures during EntityScheam create

https://gerrit.wikimedia.org/r/1052714

gerritbot added a project: Patch-For-Review.Jul 8 2024, 11:59 AM
ArthurTaylor removed ArthurTaylor as the assignee of this task.Jul 8 2024, 12:17 PM
ArthurTaylor moved this task from In Development to Ready for Peer Review on the Wikidata Dev Team (Wikidata.org Slice) board.
ArthurTaylor subscribed.

Made a patch to address specifically the issue of errors from the AbuseFilter (or other EditFilterMergedContent hooks) for new entity schemas. If we want to fix other error messages, let's file a ticket that details which and under what circumstances they show up.

Lucas_Werkmeister_WMDE claimed this task.Jul 8 2024, 12:29 PM
Lucas_Werkmeister_WMDE moved this task from Ready for Peer Review to In Peer Review on the Wikidata Dev Team (Wikidata.org Slice) board.
gerritbot added a comment.Jul 9 2024, 10:52 AM

Change #1052714 merged by jenkins-bot:

[mediawiki/extensions/EntitySchema@master] Add error handling for HookRunner failures during EntitySchema create

https://gerrit.wikimedia.org/r/1052714

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.14; 2024-07-16).Jul 9 2024, 11:00 AM
Lucas_Werkmeister_WMDE removed Lucas_Werkmeister_WMDE as the assignee of this task.Jul 9 2024, 11:37 AM
Lucas_Werkmeister_WMDE moved this task from In Peer Review to Waiting for Deployment Window on the Wikidata Dev Team (Wikidata.org Slice) board.
Maintenance_bot removed a project: Patch-For-Review.Jul 9 2024, 7:51 PM
Maintenance_bot moved this task from [DOT] Prioritized to Ongoing on the wmde-wikidata-tech board.Jul 9 2024, 8:29 PM
Lucas_Werkmeister_WMDE moved this task from Waiting for Deployment Window to Product Verification on the Wikidata Dev Team (Wikidata.org Slice) board.Jul 16 2024, 8:23 AM
Lucas_Werkmeister_WMDE mentioned this in T356148: Adjust EntitySchema Special Pages to not leak IPs when editing and IP masking is enabled.Jul 23 2024, 3:11 PM
Arian_Bozorg closed this task as Resolved.Tue, Aug 27, 11:34 AM
Arian_Bozorg claimed this task.
Arian_Bozorg moved this task from Product Verification to Done on the Wikidata Dev Team (Wikidata.org Slice) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits