Skip to content

Draft: Track spam scores for users

Ian Anderson requested to merge spam-score into master

What does this MR do and why?

This MR adds a new table called abuse_trust_scores that will be used to save scores from various systems used to asses user behavior and trust. These scores will be used to automate actions against abusive users.

Spamcheck is the first system we will aggregate scores for and those changes are also included in this MR.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Example below:

  1. Run the spamcheck service locally 
    docker run --rm -p 8001:8001 registry.gitlab.com/gitlab-org/gl-security/security-engineering/security-automation/spam/spamcheck:1.6.1
  2. Enable spamcheck in your local GDK instance by navigating to admin/application_settings/reporting.
    • Enable spamcheck
    • Set the URL of the external Spam Check endpoint to grpc://localhost:8001 image
  3. As a regular user, create an issue in a public project (i.e. gitlab-org/gitlab-test). It is important that the user is not a member of the project.
  4. You should see logs from the spamcheck service that the issue was checked for spam.
  5. Check that the spam score has been logged for the user
[2] pry(main)> Abuse::TrustScore.all
  Abuse::TrustScore Load (0.4ms)  SELECT "abuse_trust_scores".* FROM "abuse_trust_scores" /*application:console,db_config_name:main,console_hostname:imander-gtlb,console_username:imander,line:bin/rails:4:in `<main>'*/
=> [#<Abuse::TrustScore:0x000055cab27c50d8
  id: 1,
  user_id: 47,
  source: "spamcheck",
  score: 0.00011199856817256659,
  created_at: Wed, 22 Mar 2023 16:40:08.115796000 UTC +00:00,
  updated_at: Wed, 22 Mar 2023 16:40:08.115796000 UTC +00:00,
  correlation_id_value: "01GW532BEYJ6M352BJGJD0Z5H8">]

Database Migrations

▶ rake db:migrate:main VERSION=20230330201324
WARNING: This version of GitLab depends on gitlab-shell 14.18.0, but you're running 14.17.0. Please update gitlab-shell.
main: == 20230330201324 CreateAbuseTrustScores: migrating ===========================
main: -- create_table(:abuse_trust_scores)
main: -- quote_column_name(:correlation_id_value)
main:    -> 0.0000s
main:    -> 0.0065s
main: == 20230330201324 CreateAbuseTrustScores: migrated (0.0540s) ==================


▶ rake db:migrate:down:main VERSION=20230330201324
WARNING: This version of GitLab depends on gitlab-shell 14.18.0, but you're running 14.17.0. Please update gitlab-shell.
main: == 20230330201324 CreateAbuseTrustScores: reverting ===========================
main: -- drop_table(:abuse_trust_scores)
main:    -> 0.0034s
main: == 20230330201324 CreateAbuseTrustScores: reverted (0.0103s) ==================

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Ian Anderson

Merge request reports