Commit graph

6389 commits

Author SHA1 Message Date
Daimona Eaytoy f8e9ac7e2a Rename AbuseFilterCachingParser -> FilterEvaluator
It's an evaluator, not a parser.

Change-Id: Ib6d33e8423ea72709cf5a33f4397ba33e352ea80
2021-09-08 13:40:47 +02:00
Translation updater bot 79c7f568f5 Localisation updates from https://translatewiki.net.
Change-Id: I56b56c165580f4ddf7960b94fa39c55d9cd043ca
2021-09-08 08:09:47 +02:00
libraryupgrader 2a4860e322 build: Updating mediawiki/mediawiki-phan-config to 0.11.0
Change-Id: I097d051e3c30e61d74a8e329b6110b219c72ec1a
2021-09-07 19:30:42 -07:00
Translation updater bot 8fe4c04aed Localisation updates from https://translatewiki.net.
Change-Id: I776ede58099f8264e0c61a46bf1bd6446709eace
2021-09-07 08:10:08 +02:00
Daimona Eaytoy 6684ea6450 Remove AFPTransitionBase
Also cleanup the mPos hack in the CachingParser.

Change-Id: Ib5693802a3ceb80cb736880ed65e27340abef689
2021-09-06 19:33:48 +00:00
Translation updater bot 9c8af59d2c Localisation updates from https://translatewiki.net.
Change-Id: I0e6ec717baff0495aabe9f9c3a0f5125ae68335a
2021-09-06 08:19:58 +02:00
jenkins-bot 199cf1edf8 Merge "Add a static analyzer for the filter language" 2021-09-03 19:51:58 +00:00
Translation updater bot c93662e240 Localisation updates from https://translatewiki.net.
Change-Id: Ia0a0f86728aa0431624d9d01c92db9ef0434c427
2021-09-02 08:25:21 +02:00
libraryupgrader 04693b060d build: Updating dependencies
composer:
* php-parallel-lint/php-parallel-lint: 1.3.0 → 1.3.1

npm:
* stylelint-config-wikimedia: 0.10.3 → 0.11.1

Change-Id: I2a79b93fbaa0e13cc723dc40ae4d35fbcd83f7a5
2021-09-02 00:07:53 +00:00
Translation updater bot fcfd5fbdf6 Localisation updates from https://translatewiki.net.
Change-Id: I20ea2a972c577c87b471ab68a7e503d658b88c23
2021-09-01 08:15:40 +02:00
Matěj Suchánek 0af21948fc Replace WikiPage::factory in non-test code
Change-Id: I1442ca6603ce5151b98fc88cd84c25af0f34e4f6
2021-09-01 04:55:25 +00:00
Daimona Eaytoy 86257d825c tests: Use DBConnRef, not IDatabase, as retval of getConnectionRef
So that the method can be typehinted in core.

Also add phan-var to fix broken master build due to typehint additions
in core.

Change-Id: I4a072e00ffeeb437753fc3d3c1f15de9929df510
2021-08-31 21:45:10 +02:00
Translation updater bot 4b01397324 Localisation updates from https://translatewiki.net.
Change-Id: I566cec67a166c1891b4b34d233260e414c1f9503
2021-08-31 08:15:08 +02:00
Sorawee Porncharoenwase 320e3d696f Add a static analyzer for the filter language
This commit adds a class AFPSyntaxChecker which can statically analyze
a filter code to detect the following errors:

- unbound variables (which comes in two modes: conservative and liberal,
  default to conservative)
- unused variables (disabled by default for compatibilty)
- assignment on built-in identifiers
- function application's arity mismatch
- function application's invalid function name
- non-string literal in the first argument of set / set_var

The existing parser and evaluator are modified as follows:

- The new (caching) evaluator no longer needs to perform variable
  hoisting at runtime.
  - Note that for array assignment, this changes the semantics.
- The new parser is more lenient, reducing parsing errors.
  The static analyzer will catch these errors instead, allowing us
  to give a much better error message and reduces the complexity of
  the parser.
  * The parser now allows function name to be any identifier.
  * The parser now allows arity mismatch to occur.
  * The parser now allows the first argument of set to be any expression.

Concretely, obvious changes that users will see are:

1. a := [1]; false & (a[] := 2); a[0] === 1

   would evaluate to true, while it used to evaluate to the undefined value
   due to hoisting

2. f(1)

   will now error with 'f is not a valid function' as opposed to
   'Unexpected "T_BRACE"'

3. length

   will now error with 'Illegal use of built-in identifier "length"'
   as opposed to 'Expected a ('

Appendix: conservative and liberal mode

The conservative mode is completely compatible with the current evaluator.
That is,

false & (a := 1); a

will not deem `a` as unbound, though this is actually undesirable because
`a` would then be bound to the troublesome undefined value.

The liberal mode rejects the above pattern by deeming `a` as unbound.
However, it also rejects

true & (a := 1); a

even though (a := 1) is always executed. Since there are several filters
in Wikimedia projects that rely on this behavior, we default the mode
to conservative for now.

Note that even the liberal mode doesn't really respect lexical scope
appeared in some other programming languages (see also T234690).
For instance:

(if true then (a := 1) else (a := 2) end); a

would be accepted by the liberal checker, even though under lexical scope,
`a` would be unbound. However, it is unlikely that lexical scope
will be suitable for the filter language, as most filters in
Wikimedia projects that have user-defined variable do violate lexical scope.

Bug: T260903
Bug: T238709
Bug: T237610
Bug: T234690
Bug: T231536
Change-Id: Ic6d030503e554933f8d220c6f87b680505918ae2
2021-08-31 03:28:24 +02:00
jenkins-bot ee5ff0077f Merge "Move parser exceptions to specific namespace and rename them" 2021-08-31 01:14:44 +00:00
Translation updater bot 32d5fd0218 Localisation updates from https://translatewiki.net.
Change-Id: Ifcff6e49b0690ebd9dca0a897d49f83f20dbb6a1
2021-08-30 08:19:21 +02:00
Daimona Eaytoy 704364a5e7 Move parser exceptions to specific namespace and rename them
Create a dedicated "Exception" sub-namespace and remove the "AFP"
prefix, a leftover from the pre-namespace era.

Change-Id: I7e5fded9316d8b7d1628bc1a6ba8b1879ac901e1
2021-08-29 23:38:31 +00:00
Translation updater bot 691e47a4a6 Localisation updates from https://translatewiki.net.
Change-Id: I1111bf7a2410c9fef6f3d4b1db6ba2bd759bd705
2021-08-26 08:35:01 +02:00
Translation updater bot aafbd68667 Localisation updates from https://translatewiki.net.
Change-Id: I24e6daae9e8909c7f0935ba53f02e2901388ce06
2021-08-24 10:16:42 +02:00
Matěj Suchánek 3630bb0a3f Use array_fill_keys() instead of array_flip() if that reflects the developer's intention
Do what Tim Starling did in core: If8d340a8bc816a15afec37e64f00106ae45e10ed.

Change-Id: Ic68e167e51ff8d289a0dab68874191b9b1a20665
2021-08-24 01:08:13 +00:00
Translation updater bot 5c3fbcfb83 Localisation updates from https://translatewiki.net.
Change-Id: I7c4e7977b632f8989b559c28f02d6bc81b7c0e14
2021-08-23 09:03:19 +02:00
Translation updater bot 052240a5a5 Localisation updates from https://translatewiki.net.
Change-Id: I60b9c7326f8d326d932f1ebe3ccc0e51396d727d
2021-08-20 08:23:36 +02:00
Amir Aharoni e03467102c Remove two unused messages
It looks like they were removed in 2008:
6c7b701cc2

Change-Id: I5d91d846523307d8a3adb104503d255d8c726ed8
2021-08-19 22:29:53 +03:00
jenkins-bot 9b93b0256a Merge "Avoid passing invalid offset to mb_strpos" 2021-08-18 18:45:12 +00:00
Translation updater bot d955f2f050 Localisation updates from https://translatewiki.net.
Change-Id: Ieb79b02caef2dafe7d3fe32b588ec1095b3366a2
2021-08-18 08:13:08 +02:00
jenkins-bot 4e47974eb7 Merge "Switch filterable actions hooks to the new system" 2021-08-17 07:48:39 +00:00
Daimona Eaytoy e9795468c4 Switch filterable actions hooks to the new system
Bug: T261067
Bug: T211680
Change-Id: I0e7e4a48b56c3e5fde56f50693fd0cdc19c30dd0
2021-08-16 14:18:56 +00:00
Translation updater bot ce420438d8 Localisation updates from https://translatewiki.net.
Change-Id: I8b23a371a1884e7242b970db6042bd6234f6f940
2021-08-16 08:15:32 +02:00
Translation updater bot 67528ede69 Localisation updates from https://translatewiki.net.
Change-Id: Iee1758f64d041c6f7b9f12555aa37cdc2b42e50a
2021-08-12 08:09:13 +02:00
jenkins-bot 6dfc673226 Merge "Use MovePageFactory" 2021-08-11 19:26:52 +00:00
libraryupgrader efdbc2db25 build: Updating path-parse to 1.0.7
* https://npmjs.com/advisories/1773 (CVE-2021-23343)

Change-Id: Idf536fa01cd3dd2ba302c71e6f6cf6f3786c341a
2021-08-11 06:47:32 +00:00
Translation updater bot e6eafdf496 Localisation updates from https://translatewiki.net.
Change-Id: I986c4c7c229c0808b6b374a143e42fd6c169faf2
2021-08-11 08:18:59 +02:00
TChin bfa72b9caf Use MovePageFactory
Bug: T252934
Change-Id: I39440ef05d9318f9ab4abd34990887971197a045
2021-08-10 16:31:05 -04:00
Translation updater bot d512f01e8f Localisation updates from https://translatewiki.net.
Change-Id: I2ed4e9d2c6889b0621010a00eeb10b83444d16b9
2021-08-10 08:06:15 +02:00
Translation updater bot cd7958ba60 Localisation updates from https://translatewiki.net.
Change-Id: Ieb3481038beb857b0eabbae1035af852e92c00cd
2021-08-09 08:22:54 +02:00
Translation updater bot 4be9ef8332 Localisation updates from https://translatewiki.net.
Change-Id: Ia5d42d3b38e18201020a9debb729c753fe61344a
2021-08-06 08:13:09 +02:00
Alexander Vorwerk 8e7d389029 Disallow interwiki on Special:AbuseLog
Bug: T288155
Depends-On: Ic00f4a0f27747b5ff0893b4c01f42f68a99771ab
Change-Id: I62574460bfaea04af2f617ca0929246c784cb4e8
2021-08-05 11:15:39 +02:00
Translation updater bot 6af66eba3d Localisation updates from https://translatewiki.net.
Change-Id: I4e81fa4d3dbe513540fc6470020c3329cebb4211
2021-08-04 08:14:28 +02:00
Translation updater bot 1dfb191585 Localisation updates from https://translatewiki.net.
Change-Id: I89b8759cf45e79debf47d73608f60f8c52bc2ddc
2021-08-03 08:11:19 +02:00
Translation updater bot 455b4d1a6d Localisation updates from https://translatewiki.net.
Change-Id: I05f20f4d65e5f080fef97adcff8cf53339953d51
2021-07-30 08:27:11 +02:00
jenkins-bot e50e1f507e Merge "AbuseFilterConsequencesTest: Don't call non-static method statically" 2021-07-30 01:42:54 +00:00
jenkins-bot ca31a12be4 Merge "Clean up Throttle::throttleIdentifier" 2021-07-30 01:37:24 +00:00
Matěj Suchánek ace6f652af AbuseFilterConsequencesTest: Don't call non-static method statically
Change-Id: I0b4ed2f456bf4a52756eb0b98a29994a4a53812c
2021-07-30 01:24:15 +00:00
Translation updater bot 122862cedc Localisation updates from https://translatewiki.net.
Change-Id: I637a0f345e22bb1c41ac9c167437562a94e90310
2021-07-26 08:11:26 +02:00
Matěj Suchánek 83794d7cb4 Clean up Throttle::throttleIdentifier
In 1.37, UserEditTracker was changed to allow anonymous users
as well.

Change-Id: I70d9e6db13416b7c017319ecac3e7e604aacd586
2021-07-22 16:56:12 +02:00
Lucas Werkmeister a2e42d5050 Don’t generate current content text twice
Previously, for non-newly-created pages, AbuseFilter would get the text
for filtering twice: once in AbuseFilterHooks::filterEdit(), and then
again in RunVariableGenerator::getEditTextForFiltering(). (Plus another
call for the text of the previous revision.) The first copy of the text
is only passed into RunVariableGenerator::getEditVars(), and there only
used if the title doesn’t exist, otherwise it’s overwritten with the
second copy. Instead, let’s make AbuseFilterHooks not get the text at
all, and only get the text from the content when we actually need it
(the content is new).

Change-Id: Id12430fa6ba4643113b945e0d0c01b9c0ee1742f
2021-07-22 13:45:32 +02:00
Translation updater bot 274be621ef Localisation updates from https://translatewiki.net.
Change-Id: If660263b08f22a3d8cd84126ed3d108ea136e6ee
2021-07-22 08:12:51 +02:00
libraryupgrader 5377ebe819 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)

Change-Id: I2b382f3bb236fb44eb24c6a257b13b8fd886541c
2021-07-21 18:51:18 +00:00
Translation updater bot ff5ada68aa Localisation updates from https://translatewiki.net.
Change-Id: I3e36ba4d1e8b53e439b9329dbce9f41391fd949d
2021-07-19 08:15:08 +02:00
Translation updater bot 708ae9a76d Localisation updates from https://translatewiki.net.
Change-Id: Ia7185f1946c5cb08a3fef63708b12ab3f08a8416
2021-07-16 08:43:08 +02:00