Draft: Track spam scores for users
What does this MR do and why?
This MR adds a new table called abuse_trust_scores
that will be used to save scores from various systems used to asses user behavior and trust. These scores will be used to automate actions against abusive users.
Spamcheck is the first system we will aggregate scores for and those changes are also included in this MR.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Example below:
- Run the spamcheck service locally
docker run --rm -p 8001:8001 registry.gitlab.com/gitlab-org/gl-security/security-engineering/security-automation/spam/spamcheck:1.6.1
- Enable spamcheck in your local GDK instance by navigating to
admin/application_settings/reporting
. - As a regular user, create an issue in a public project (i.e.
gitlab-org/gitlab-test
). It is important that the user is not a member of the project. - You should see logs from the spamcheck service that the issue was checked for spam.
- Check that the spam score has been logged for the user
[2] pry(main)> Abuse::TrustScore.all
Abuse::TrustScore Load (0.4ms) SELECT "abuse_trust_scores".* FROM "abuse_trust_scores" /*application:console,db_config_name:main,console_hostname:imander-gtlb,console_username:imander,line:bin/rails:4:in `<main>'*/
=> [#<Abuse::TrustScore:0x000055cab27c50d8
id: 1,
user_id: 47,
source: "spamcheck",
score: 0.00011199856817256659,
created_at: Wed, 22 Mar 2023 16:40:08.115796000 UTC +00:00,
updated_at: Wed, 22 Mar 2023 16:40:08.115796000 UTC +00:00,
correlation_id_value: "01GW532BEYJ6M352BJGJD0Z5H8">]
Database Migrations
▶ rake db:migrate:main VERSION=20230330201324
WARNING: This version of GitLab depends on gitlab-shell 14.18.0, but you're running 14.17.0. Please update gitlab-shell.
main: == 20230330201324 CreateAbuseTrustScores: migrating ===========================
main: -- create_table(:abuse_trust_scores)
main: -- quote_column_name(:correlation_id_value)
main: -> 0.0000s
main: -> 0.0065s
main: == 20230330201324 CreateAbuseTrustScores: migrated (0.0540s) ==================
▶ rake db:migrate:down:main VERSION=20230330201324
WARNING: This version of GitLab depends on gitlab-shell 14.18.0, but you're running 14.17.0. Please update gitlab-shell.
main: == 20230330201324 CreateAbuseTrustScores: reverting ===========================
main: -- drop_table(:abuse_trust_scores)
main: -> 0.0034s
main: == 20230330201324 CreateAbuseTrustScores: reverted (0.0103s) ==================
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Ian Anderson