Update spamcheck to version 1.2.0
What does this MR do and why?
This MR updates the spamcheck gem to version 1.2.0
. This update includes features that are needed to eventually aggregate per-user spam scores to allow for automated anti-abuse actions.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
In addition to the changes in the spec
files proper functionality of spamcheck can be validated locally.
- Run the spamcheck service locally
docker run --rm -p 8001:8001 registry.gitlab.com/gitlab-org/gl-security/security-engineering/security-automation/spam/spamcheck:1.6.1
- Enable spamcheck in your local GDK instance by navigating to
admin/application_settings/reporting
. - As a regular user, create an issue in a public project (i.e.
gitlab-org/gitlab-test
). It is important that the user is not a member of the project. - You should see logs from the spamcheck service that the issue was checked for spam.
- Since spamcheck defaults to
ALLOW
if any errors occur, create a "spammy" issue and verify that it is blocked.
curl -i --request POST --header "PRIVATE-TOKEN: <TOKEN>" "http://gdk.test:3000/api/v4/projects/2/issues?title=live%20stream&description=Check%20the%20latest%20streaming%20sports%20here"
HTTP/1.1 409 Conflict
Cache-Control: no-cache
Content-Security-Policy: default-src 'none'
Content-Type: application/json
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 01GX6FYXTXFYVH0JNCWZYNM5BY
X-Runtime: 7.282446
Date: Tue, 04 Apr 2023 16:00:30 GMT
Content-Length: 235
{"needs_captcha_response":true,"spam_log_id":234,"captcha_site_key":"6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI","message":{"error":"Your issue has been recognized as spam. Please, change the content or solve the reCAPTCHA to proceed."}}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Ian Anderson