mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git
synced 2024-11-27 15:30:42 +00:00
bf28dbce0e
Some exposed variables (eg. `user_ip`) used in filters are sensitive and need to only be available to restricted groups of users. Back-end changes: - Add `AbuseFilterProtectedVariables` which defines what variables are protected by the new right `abusefilter-access-protected-vars` - Add the concept of a `protected` variable, the use of which will denote the entire filter as protected via a flag on `af_hidden` New UX features: - Display changes to the protected status of filters on history and diff pages - Check for protected variables and the right to see them in filter validation and don't allow a filter to be saved if it uses a variable that the user doesn't have access to - Check for the right to view protected variables before allowing access and edits to existing filters that use them Bug: T364465 Bug: T363906 Change-Id: I828bbb4015e87040f69a8e10c7888273c4f24dd3
412 lines
17 KiB
PHP
412 lines
17 KiB
PHP
<?php
|
|
|
|
use MediaWiki\Config\ServiceOptions;
|
|
use MediaWiki\Extension\AbuseFilter\AbuseFilterActorMigration;
|
|
use MediaWiki\Extension\AbuseFilter\AbuseFilterPermissionManager as PermManager;
|
|
use MediaWiki\Extension\AbuseFilter\AbuseLogger;
|
|
use MediaWiki\Extension\AbuseFilter\AbuseLoggerFactory;
|
|
use MediaWiki\Extension\AbuseFilter\BlockAutopromoteStore;
|
|
use MediaWiki\Extension\AbuseFilter\BlockedDomainFilter;
|
|
use MediaWiki\Extension\AbuseFilter\BlockedDomainStorage;
|
|
use MediaWiki\Extension\AbuseFilter\CentralDBManager;
|
|
use MediaWiki\Extension\AbuseFilter\ChangeTags\ChangeTagger;
|
|
use MediaWiki\Extension\AbuseFilter\ChangeTags\ChangeTagsManager;
|
|
use MediaWiki\Extension\AbuseFilter\ChangeTags\ChangeTagValidator;
|
|
use MediaWiki\Extension\AbuseFilter\Consequences\ConsequencesExecutor;
|
|
use MediaWiki\Extension\AbuseFilter\Consequences\ConsequencesExecutorFactory as ConsExecutorFactory;
|
|
use MediaWiki\Extension\AbuseFilter\Consequences\ConsequencesFactory;
|
|
use MediaWiki\Extension\AbuseFilter\Consequences\ConsequencesLookup;
|
|
use MediaWiki\Extension\AbuseFilter\Consequences\ConsequencesRegistry;
|
|
use MediaWiki\Extension\AbuseFilter\EchoNotifier;
|
|
use MediaWiki\Extension\AbuseFilter\EditBox\EditBoxBuilderFactory;
|
|
use MediaWiki\Extension\AbuseFilter\EditRevUpdater;
|
|
use MediaWiki\Extension\AbuseFilter\EmergencyCache;
|
|
use MediaWiki\Extension\AbuseFilter\FilterCompare;
|
|
use MediaWiki\Extension\AbuseFilter\FilterImporter;
|
|
use MediaWiki\Extension\AbuseFilter\FilterLookup;
|
|
use MediaWiki\Extension\AbuseFilter\FilterProfiler;
|
|
use MediaWiki\Extension\AbuseFilter\FilterRunner;
|
|
use MediaWiki\Extension\AbuseFilter\FilterRunnerFactory;
|
|
use MediaWiki\Extension\AbuseFilter\FilterStore;
|
|
use MediaWiki\Extension\AbuseFilter\FilterUser;
|
|
use MediaWiki\Extension\AbuseFilter\FilterValidator;
|
|
use MediaWiki\Extension\AbuseFilter\Hooks\AbuseFilterHookRunner;
|
|
use MediaWiki\Extension\AbuseFilter\KeywordsManager;
|
|
use MediaWiki\Extension\AbuseFilter\Parser\RuleCheckerFactory;
|
|
use MediaWiki\Extension\AbuseFilter\SpecsFormatter;
|
|
use MediaWiki\Extension\AbuseFilter\TextExtractor;
|
|
use MediaWiki\Extension\AbuseFilter\VariableGenerator\VariableGeneratorFactory;
|
|
use MediaWiki\Extension\AbuseFilter\Variables\LazyVariableComputer;
|
|
use MediaWiki\Extension\AbuseFilter\Variables\VariablesBlobStore;
|
|
use MediaWiki\Extension\AbuseFilter\Variables\VariablesFormatter;
|
|
use MediaWiki\Extension\AbuseFilter\Variables\VariablesManager;
|
|
use MediaWiki\Extension\AbuseFilter\Watcher\EmergencyWatcher;
|
|
use MediaWiki\Extension\AbuseFilter\Watcher\UpdateHitCountWatcher;
|
|
use MediaWiki\Logger\LoggerFactory;
|
|
use MediaWiki\MediaWikiServices;
|
|
use MediaWiki\WikiMap\WikiMap;
|
|
use Wikimedia\Equivset\Equivset;
|
|
|
|
// This file is actually covered by AbuseFilterServicesTest, but it's not possible to specify a path
|
|
// in @covers annotations (https://github.com/sebastianbergmann/phpunit/issues/3794)
|
|
// @codeCoverageIgnoreStart
|
|
|
|
return [
|
|
AbuseFilterHookRunner::SERVICE_NAME => static function ( MediaWikiServices $services ): AbuseFilterHookRunner {
|
|
return new AbuseFilterHookRunner( $services->getHookContainer() );
|
|
},
|
|
KeywordsManager::SERVICE_NAME => static function ( MediaWikiServices $services ): KeywordsManager {
|
|
return new KeywordsManager( $services->get( AbuseFilterHookRunner::SERVICE_NAME ) );
|
|
},
|
|
FilterProfiler::SERVICE_NAME => static function ( MediaWikiServices $services ): FilterProfiler {
|
|
return new FilterProfiler(
|
|
$services->getWRStatsFactory(),
|
|
new ServiceOptions(
|
|
FilterProfiler::CONSTRUCTOR_OPTIONS,
|
|
$services->getMainConfig()
|
|
),
|
|
WikiMap::getCurrentWikiDbDomain()->getId(),
|
|
$services->getStatsdDataFactory(),
|
|
LoggerFactory::getInstance( 'AbuseFilter' )
|
|
);
|
|
},
|
|
PermManager::SERVICE_NAME => static function ( MediaWikiServices $services ): PermManager {
|
|
return new PermManager(
|
|
new ServiceOptions(
|
|
PermManager::CONSTRUCTOR_OPTIONS,
|
|
$services->getMainConfig(),
|
|
[ 'AbuseFilterProtectedVariables' => [] ]
|
|
)
|
|
);
|
|
},
|
|
ChangeTagger::SERVICE_NAME => static function ( MediaWikiServices $services ): ChangeTagger {
|
|
return new ChangeTagger(
|
|
$services->getService( ChangeTagsManager::SERVICE_NAME )
|
|
);
|
|
},
|
|
ChangeTagsManager::SERVICE_NAME => static function ( MediaWikiServices $services ): ChangeTagsManager {
|
|
return new ChangeTagsManager(
|
|
$services->getChangeTagsStore(),
|
|
$services->getDBLoadBalancerFactory(),
|
|
$services->getMainWANObjectCache(),
|
|
$services->get( CentralDBManager::SERVICE_NAME )
|
|
);
|
|
},
|
|
ChangeTagValidator::SERVICE_NAME => static function ( MediaWikiServices $services ): ChangeTagValidator {
|
|
return new ChangeTagValidator(
|
|
$services->getService( ChangeTagsManager::SERVICE_NAME )
|
|
);
|
|
},
|
|
CentralDBManager::SERVICE_NAME => static function ( MediaWikiServices $services ): CentralDBManager {
|
|
return new CentralDBManager(
|
|
$services->getDBLoadBalancerFactory(),
|
|
$services->getMainConfig()->get( 'AbuseFilterCentralDB' ),
|
|
$services->getMainConfig()->get( 'AbuseFilterIsCentral' )
|
|
);
|
|
},
|
|
BlockAutopromoteStore::SERVICE_NAME => static function ( MediaWikiServices $services ): BlockAutopromoteStore {
|
|
return new BlockAutopromoteStore(
|
|
$services->getMainObjectStash(),
|
|
LoggerFactory::getInstance( 'AbuseFilter' ),
|
|
$services->get( FilterUser::SERVICE_NAME )
|
|
);
|
|
},
|
|
FilterUser::SERVICE_NAME => static function ( MediaWikiServices $services ): FilterUser {
|
|
return new FilterUser(
|
|
// TODO We need a proper MessageLocalizer, see T247127
|
|
RequestContext::getMain(),
|
|
$services->getUserGroupManager(),
|
|
$services->getUserNameUtils(),
|
|
LoggerFactory::getInstance( 'AbuseFilter' )
|
|
);
|
|
},
|
|
RuleCheckerFactory::SERVICE_NAME => static function ( MediaWikiServices $services ): RuleCheckerFactory {
|
|
return new RuleCheckerFactory(
|
|
$services->getContentLanguage(),
|
|
$services->getObjectCacheFactory()->getLocalServerInstance( CACHE_HASH ),
|
|
LoggerFactory::getInstance( 'AbuseFilter' ),
|
|
$services->getService( KeywordsManager::SERVICE_NAME ),
|
|
$services->get( VariablesManager::SERVICE_NAME ),
|
|
$services->getStatsdDataFactory(),
|
|
new Equivset(),
|
|
$services->getMainConfig()->get( 'AbuseFilterConditionLimit' )
|
|
);
|
|
},
|
|
FilterLookup::SERVICE_NAME => static function ( MediaWikiServices $services ): FilterLookup {
|
|
return new FilterLookup(
|
|
$services->getDBLoadBalancer(),
|
|
$services->getMainWANObjectCache(),
|
|
$services->get( CentralDBManager::SERVICE_NAME )
|
|
);
|
|
},
|
|
EmergencyCache::SERVICE_NAME => static function ( MediaWikiServices $services ): EmergencyCache {
|
|
return new EmergencyCache(
|
|
$services->getMainObjectStash(),
|
|
$services->getMainConfig()->get( 'AbuseFilterEmergencyDisableAge' )
|
|
);
|
|
},
|
|
EmergencyWatcher::SERVICE_NAME => static function ( MediaWikiServices $services ): EmergencyWatcher {
|
|
return new EmergencyWatcher(
|
|
$services->getService( EmergencyCache::SERVICE_NAME ),
|
|
$services->getDBLoadBalancerFactory(),
|
|
$services->getService( FilterLookup::SERVICE_NAME ),
|
|
$services->getService( EchoNotifier::SERVICE_NAME ),
|
|
new ServiceOptions(
|
|
EmergencyWatcher::CONSTRUCTOR_OPTIONS,
|
|
$services->getMainConfig()
|
|
)
|
|
);
|
|
},
|
|
EchoNotifier::SERVICE_NAME => static function ( MediaWikiServices $services ): EchoNotifier {
|
|
return new EchoNotifier(
|
|
$services->getService( FilterLookup::SERVICE_NAME ),
|
|
$services->getService( ConsequencesRegistry::SERVICE_NAME ),
|
|
ExtensionRegistry::getInstance()->isLoaded( 'Echo' )
|
|
);
|
|
},
|
|
FilterValidator::SERVICE_NAME => static function ( MediaWikiServices $services ): FilterValidator {
|
|
return new FilterValidator(
|
|
$services->get( ChangeTagValidator::SERVICE_NAME ),
|
|
$services->get( RuleCheckerFactory::SERVICE_NAME ),
|
|
$services->get( PermManager::SERVICE_NAME ),
|
|
new ServiceOptions(
|
|
FilterValidator::CONSTRUCTOR_OPTIONS,
|
|
$services->getMainConfig(),
|
|
[ 'AbuseFilterProtectedVariables' => [] ]
|
|
)
|
|
);
|
|
},
|
|
FilterCompare::SERVICE_NAME => static function ( MediaWikiServices $services ): FilterCompare {
|
|
return new FilterCompare(
|
|
$services->get( ConsequencesRegistry::SERVICE_NAME )
|
|
);
|
|
},
|
|
FilterImporter::SERVICE_NAME => static function ( MediaWikiServices $services ): FilterImporter {
|
|
return new FilterImporter(
|
|
new ServiceOptions(
|
|
FilterImporter::CONSTRUCTOR_OPTIONS,
|
|
$services->getMainConfig()
|
|
),
|
|
$services->get( ConsequencesRegistry::SERVICE_NAME )
|
|
);
|
|
},
|
|
FilterStore::SERVICE_NAME => static function ( MediaWikiServices $services ): FilterStore {
|
|
return new FilterStore(
|
|
$services->get( ConsequencesRegistry::SERVICE_NAME ),
|
|
$services->getDBLoadBalancerFactory(),
|
|
$services->get( FilterProfiler::SERVICE_NAME ),
|
|
$services->get( FilterLookup::SERVICE_NAME ),
|
|
$services->get( ChangeTagsManager::SERVICE_NAME ),
|
|
$services->get( FilterValidator::SERVICE_NAME ),
|
|
$services->get( FilterCompare::SERVICE_NAME ),
|
|
$services->get( EmergencyCache::SERVICE_NAME ),
|
|
$services->get( AbuseFilterActorMigration::SERVICE_NAME )
|
|
);
|
|
},
|
|
ConsequencesFactory::SERVICE_NAME => static function ( MediaWikiServices $services ): ConsequencesFactory {
|
|
return new ConsequencesFactory(
|
|
new ServiceOptions(
|
|
ConsequencesFactory::CONSTRUCTOR_OPTIONS,
|
|
$services->getMainConfig()
|
|
),
|
|
LoggerFactory::getInstance( 'AbuseFilter' ),
|
|
$services->getBlockUserFactory(),
|
|
$services->getDatabaseBlockStore(),
|
|
$services->getUserGroupManager(),
|
|
$services->getMainObjectStash(),
|
|
$services->get( ChangeTagger::SERVICE_NAME ),
|
|
$services->get( BlockAutopromoteStore::SERVICE_NAME ),
|
|
$services->get( FilterUser::SERVICE_NAME ),
|
|
// TODO: Use a proper MessageLocalizer once available (T247127)
|
|
RequestContext::getMain(),
|
|
$services->getUserEditTracker(),
|
|
$services->getUserFactory(),
|
|
$services->getUserIdentityUtils()
|
|
);
|
|
},
|
|
EditBoxBuilderFactory::SERVICE_NAME => static function ( MediaWikiServices $services ): EditBoxBuilderFactory {
|
|
return new EditBoxBuilderFactory(
|
|
$services->get( PermManager::SERVICE_NAME ),
|
|
$services->get( KeywordsManager::SERVICE_NAME ),
|
|
ExtensionRegistry::getInstance()->isLoaded( 'CodeEditor' )
|
|
);
|
|
},
|
|
ConsequencesLookup::SERVICE_NAME => static function ( MediaWikiServices $services ): ConsequencesLookup {
|
|
return new ConsequencesLookup(
|
|
$services->getDBLoadBalancerFactory(),
|
|
$services->get( CentralDBManager::SERVICE_NAME ),
|
|
$services->get( ConsequencesRegistry::SERVICE_NAME ),
|
|
LoggerFactory::getInstance( 'AbuseFilter' )
|
|
);
|
|
},
|
|
ConsequencesRegistry::SERVICE_NAME => static function ( MediaWikiServices $services ): ConsequencesRegistry {
|
|
return new ConsequencesRegistry(
|
|
$services->get( AbuseFilterHookRunner::SERVICE_NAME ),
|
|
$services->getMainConfig()->get( 'AbuseFilterActions' )
|
|
);
|
|
},
|
|
AbuseLoggerFactory::SERVICE_NAME => static function ( MediaWikiServices $services ): AbuseLoggerFactory {
|
|
return new AbuseLoggerFactory(
|
|
$services->get( CentralDBManager::SERVICE_NAME ),
|
|
$services->get( FilterLookup::SERVICE_NAME ),
|
|
$services->get( VariablesBlobStore::SERVICE_NAME ),
|
|
$services->get( VariablesManager::SERVICE_NAME ),
|
|
$services->get( EditRevUpdater::SERVICE_NAME ),
|
|
$services->getDBLoadBalancerFactory(),
|
|
new ServiceOptions(
|
|
AbuseLogger::CONSTRUCTOR_OPTIONS,
|
|
$services->getMainConfig()
|
|
),
|
|
WikiMap::getCurrentWikiDbDomain()->getId(),
|
|
RequestContext::getMain()->getRequest()->getIP()
|
|
);
|
|
},
|
|
UpdateHitCountWatcher::SERVICE_NAME => static function ( MediaWikiServices $services ): UpdateHitCountWatcher {
|
|
return new UpdateHitCountWatcher(
|
|
$services->getDBLoadBalancerFactory(),
|
|
$services->get( CentralDBManager::SERVICE_NAME )
|
|
);
|
|
},
|
|
VariablesBlobStore::SERVICE_NAME => static function ( MediaWikiServices $services ): VariablesBlobStore {
|
|
return new VariablesBlobStore(
|
|
$services->get( VariablesManager::SERVICE_NAME ),
|
|
$services->getBlobStoreFactory(),
|
|
$services->getBlobStore(),
|
|
$services->getMainConfig()->get( 'AbuseFilterCentralDB' )
|
|
);
|
|
},
|
|
ConsExecutorFactory::SERVICE_NAME => static function ( MediaWikiServices $services ): ConsExecutorFactory {
|
|
return new ConsExecutorFactory(
|
|
$services->get( ConsequencesLookup::SERVICE_NAME ),
|
|
$services->get( ConsequencesFactory::SERVICE_NAME ),
|
|
$services->get( ConsequencesRegistry::SERVICE_NAME ),
|
|
$services->get( FilterLookup::SERVICE_NAME ),
|
|
LoggerFactory::getInstance( 'AbuseFilter' ),
|
|
$services->getUserIdentityUtils(),
|
|
new ServiceOptions(
|
|
ConsequencesExecutor::CONSTRUCTOR_OPTIONS,
|
|
$services->getMainConfig()
|
|
)
|
|
);
|
|
},
|
|
FilterRunnerFactory::SERVICE_NAME => static function ( MediaWikiServices $services ): FilterRunnerFactory {
|
|
return new FilterRunnerFactory(
|
|
$services->get( AbuseFilterHookRunner::SERVICE_NAME ),
|
|
$services->get( FilterProfiler::SERVICE_NAME ),
|
|
$services->get( ChangeTagger::SERVICE_NAME ),
|
|
$services->get( FilterLookup::SERVICE_NAME ),
|
|
$services->get( RuleCheckerFactory::SERVICE_NAME ),
|
|
$services->get( ConsExecutorFactory::SERVICE_NAME ),
|
|
$services->get( AbuseLoggerFactory::SERVICE_NAME ),
|
|
$services->get( VariablesManager::SERVICE_NAME ),
|
|
$services->get( VariableGeneratorFactory::SERVICE_NAME ),
|
|
$services->get( EmergencyCache::SERVICE_NAME ),
|
|
$services->get( UpdateHitCountWatcher::SERVICE_NAME ),
|
|
$services->get( EmergencyWatcher::SERVICE_NAME ),
|
|
ObjectCache::getLocalClusterInstance(),
|
|
LoggerFactory::getInstance( 'AbuseFilter' ),
|
|
LoggerFactory::getInstance( 'StashEdit' ),
|
|
$services->getStatsdDataFactory(),
|
|
new ServiceOptions(
|
|
FilterRunner::CONSTRUCTOR_OPTIONS,
|
|
$services->getMainConfig()
|
|
)
|
|
);
|
|
},
|
|
VariablesFormatter::SERVICE_NAME => static function ( MediaWikiServices $services ): VariablesFormatter {
|
|
return new VariablesFormatter(
|
|
$services->get( KeywordsManager::SERVICE_NAME ),
|
|
$services->get( VariablesManager::SERVICE_NAME ),
|
|
// TODO: Use a proper MessageLocalizer once available (T247127)
|
|
RequestContext::getMain()
|
|
);
|
|
},
|
|
SpecsFormatter::SERVICE_NAME => static function ( MediaWikiServices $services ): SpecsFormatter {
|
|
return new SpecsFormatter(
|
|
// TODO: Use a proper MessageLocalizer once available (T247127)
|
|
RequestContext::getMain()
|
|
);
|
|
},
|
|
LazyVariableComputer::SERVICE_NAME => static function ( MediaWikiServices $services ): LazyVariableComputer {
|
|
return new LazyVariableComputer(
|
|
$services->get( TextExtractor::SERVICE_NAME ),
|
|
$services->get( AbuseFilterHookRunner::SERVICE_NAME ),
|
|
LoggerFactory::getInstance( 'AbuseFilter' ),
|
|
$services->getDBLoadBalancerFactory(),
|
|
$services->getMainWANObjectCache(),
|
|
$services->getRevisionLookup(),
|
|
$services->getRevisionStore(),
|
|
$services->getContentLanguage(),
|
|
$services->getParserFactory(),
|
|
$services->getUserEditTracker(),
|
|
$services->getUserGroupManager(),
|
|
$services->getPermissionManager(),
|
|
$services->getRestrictionStore(),
|
|
$services->getUserIdentityUtils(),
|
|
WikiMap::getCurrentWikiDbDomain()->getId()
|
|
);
|
|
},
|
|
TextExtractor::SERVICE_NAME => static function ( MediaWikiServices $services ): TextExtractor {
|
|
return new TextExtractor( $services->get( AbuseFilterHookRunner::SERVICE_NAME ) );
|
|
},
|
|
VariablesManager::SERVICE_NAME => static function ( MediaWikiServices $services ): VariablesManager {
|
|
return new VariablesManager(
|
|
$services->get( KeywordsManager::SERVICE_NAME ),
|
|
$services->get( LazyVariableComputer::SERVICE_NAME )
|
|
);
|
|
},
|
|
VariableGeneratorFactory::SERVICE_NAME => static function (
|
|
MediaWikiServices $services
|
|
): VariableGeneratorFactory {
|
|
return new VariableGeneratorFactory(
|
|
$services->get( AbuseFilterHookRunner::SERVICE_NAME ),
|
|
$services->get( TextExtractor::SERVICE_NAME ),
|
|
$services->getMimeAnalyzer(),
|
|
$services->getRepoGroup(),
|
|
$services->getWikiPageFactory(),
|
|
$services->getUserFactory()
|
|
);
|
|
},
|
|
EditRevUpdater::SERVICE_NAME => static function ( MediaWikiServices $services ): EditRevUpdater {
|
|
return new EditRevUpdater(
|
|
$services->get( CentralDBManager::SERVICE_NAME ),
|
|
$services->getRevisionLookup(),
|
|
$services->getDBLoadBalancerFactory(),
|
|
WikiMap::getCurrentWikiDbDomain()->getId()
|
|
);
|
|
},
|
|
AbuseFilterActorMigration::SERVICE_NAME => static function (
|
|
MediaWikiServices $services
|
|
): AbuseFilterActorMigration {
|
|
return new AbuseFilterActorMigration(
|
|
$services->getMainConfig()->get( 'AbuseFilterActorTableSchemaMigrationStage' ),
|
|
$services->getActorStoreFactory(),
|
|
);
|
|
},
|
|
BlockedDomainStorage::SERVICE_NAME => static function (
|
|
MediaWikiServices $services
|
|
): BlockedDomainStorage {
|
|
return new BlockedDomainStorage(
|
|
$services->getLocalServerObjectCache(),
|
|
$services->getRevisionLookup(),
|
|
$services->getUserFactory(),
|
|
$services->getWikiPageFactory(),
|
|
$services->getUrlUtils()
|
|
);
|
|
},
|
|
BlockedDomainFilter::SERVICE_NAME => static function (
|
|
MediaWikiServices $services
|
|
): BlockedDomainFilter {
|
|
return new BlockedDomainFilter(
|
|
$services->get( VariablesManager::SERVICE_NAME ),
|
|
$services->get( BlockedDomainStorage::SERVICE_NAME )
|
|
);
|
|
},
|
|
// b/c for extensions
|
|
'AbuseFilterRunnerFactory' => static function ( MediaWikiServices $services ): FilterRunnerFactory {
|
|
return $services->get( FilterRunnerFactory::SERVICE_NAME );
|
|
},
|
|
];
|
|
|
|
// @codeCoverageIgnoreEnd
|