Page MenuHomePhabricator
Create Task
Maniphest T49512

Switch AbuseFilter to using Lua
Closed, DeclinedPublic
Actions

Assigned To
None
Authored By
Reedy
Apr 22 2013, 7:30 PM
Tags
Referenced Files
None
Subscribers
Aklapper
Daimona
Dalba
Danilo
Danny_B
Edgars2007
Glaisher
View All 16 Subscribers
Tokens
"Love" token, awarded by Danny_B."Love" token, awarded by Ricordisamoa."Like" token, awarded by Dalba."Like" token, awarded by werdna.

Description

As a maintainer of Lua modules and abuse filters, I want to be able to use the same language for both tasks, so that the learning curve is not so steep.

Rather than using AbuseFilters own language, with its own bugs and limitations, could/should we switch it to Lua? Just dropping support of the current language would be bad, but preferring to use something more standard?

See Also:

Details

Reference
bz47512

Related Objects

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 1:27 AM
bzimport added projects: AbuseFilter, Performance Issue.
bzimport set Reference to bz47512.
bzimport added a subscriber: Unknown Object (MLST).
Reedy created this task.Apr 22 2013, 7:30 PM
He7d3r added a comment.Jul 15 2013, 7:03 PM

+1

liangent added a comment.Jul 15 2013, 7:06 PM
  • Bug 49248 has been marked as a duplicate of this bug. ***
Danilo added a comment.Jul 15 2013, 8:07 PM

It is a very good idea. Now the conditions of all filters are tested for all edits, by using Lua we can group the conditions and don't test, for example, filters for anonymous in registered edits.

liangent added a comment.Jun 2 2014, 3:26 PM

Not sure whether it's good to add bug 50454 to "see also" and/or reopen it, but this Lua (for AbuseFilter) needs to include a regex library (see ngx.re in the nginx version of Lua), or it will be impossible to migrate current filters.

werdna unsubscribed.Dec 10 2014, 6:15 PM
He7d3r merged a task: T51248: Integrate AbuseFilter and Lua engine.Apr 5 2015, 1:10 PM
He7d3r added a subscriber: werdna.
He7d3r updated the task description. (Show Details)Apr 5 2015, 1:20 PM
He7d3r set Security to None.
He7d3r mentioned this in T39192: Add syntax highlight for AbuseFilter.Apr 5 2015, 1:25 PM
He7d3r mentioned this in T48773: Word boundary parameter \b not working with Unicode devanagari words.
werdna awarded a token.Apr 6 2015, 2:26 PM
GWicke subscribed.EditedApr 6 2015, 8:03 PM

I think it's worth considering to let the next generation of AbuseFilter work on the HTML DOM rather than wikitext.

Advantages:

  • Matching semantic HTML can be more precise and simpler than matching wikitext.
  • We can speed up HTML saves by returning success after checking the HTML and saving it to the DB only, without waiting for the re-parse from wikitext to HTML.
  • We can continue to use AbuseFilter with HTML-only wikis and other HTML-primary features.

Issues:

  • On wikitext edit, we'd need to parse the new revision from the edited wikitext before feeding it to AbuseFilter and then saving it. While the total time this takes should be unaffected by reordering, there are potentially issues with {{REVISION*}} magic words. Those would need to be updated in the HTML after the parse, which is possible but not implemented so far. This might already be partly solved by T66767.
He7d3r added a parent task: T43693: Support short-circuit bool ops.Apr 9 2015, 2:09 PM
Glaisher subscribed.Apr 9 2015, 4:43 PM
Dalba awarded a token.May 15 2015, 11:51 AM
Dalba subscribed.
Edgars2007 subscribed.Nov 22 2015, 12:25 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 22 2015, 12:25 PM
Ricordisamoa awarded a token.Dec 18 2015, 7:24 PM
Ricordisamoa mentioned this in T120740: Shared variables for AbuseFilter.
Ricordisamoa subscribed.
Ricordisamoa added a project: Scribunto.Dec 18 2015, 7:27 PM
Anomie subscribed.Dec 18 2015, 7:55 PM

@Ricordisamoa added a project: Scribunto.

I'm not sure what this has to do with Scribunto, besides that AbuseFilter would likely want to reuse Scribunto's classes for interfacing with Lua and that might want some refactoring.

In T49512#506539, @liangent wrote:

Not sure whether it's good to add bug 50454 to "see also" and/or reopen it, but this Lua (for AbuseFilter) needs to include a regex library (see ngx.re in the nginx version of Lua), or it will be impossible to migrate current filters.

Scribunto isn't going to get a regex library, for the reasons described in T52454#555457.

But that doesn't mean AbuseFilter can't create its own instance of Scribunto_LuaEngine or Scribunto_LuaInterpreter and inject extra libraries, including one that provides regular expression matching, if it's deemed safe for that context.

Legoktm removed a parent task: T43693: Support short-circuit bool ops.Apr 11 2016, 7:08 PM
Danny_B awarded a token.Apr 11 2016, 10:23 PM
Danny_B subscribed.
Amire80 moved this task from Backlog to Filtering features on the AbuseFilter board.May 8 2016, 9:06 AM
Huji subscribed.Mar 4 2017, 2:46 PM
Krinkle mentioned this in T172447: Investigate 2017-08-02 Save Timing regression (+40-60%).Aug 17 2017, 1:32 AM
He7d3r mentioned this in T68032: AbuseFilter should allow storing regex matches into variables.Aug 30 2017, 1:21 PM
Liuxinyu970226 subscribed.Mar 31 2018, 4:02 AM

@Anomie写道:

I'm not sure what this has to do with Scribunto, besides that AbuseFilter would likely want to reuse Scribunto's classes for interfacing with Lua and that might want some refactoring.

Not only this, I would also suggest to add Wikidata here, since Lua things are more and more intimacy with them.

Anomie moved this task from Backlog to External on the Scribunto board.Oct 22 2018, 6:33 PM
Daimona closed this task as Declined.Nov 3 2018, 11:00 AM
Daimona subscribed.

My assessment:

  1. We only need a fairly simple syntax for filters, there's no need to allow complicated stuff
  2. Our dedicated parser is probably faster than Lua's (exactly because it's dedicated), and this will be especially true as CachingParser will be implemented
  3. Higher expressive power means potential performance troubles from badly-written filters
  4. Adapting Lua to our needs (removing potentially dangerous stuff, injecting our variables, regex library etc.) could possibly nullify the performance gain
  5. AbuseFilter's syntax is actually simpler than Lua's, and would only make writing filters harder for non-tech people (they'd have to learn a full programming language, instead of a basic language).

Personally I never had the necessity to do something in AbuseFilter for which Lua would be needed, nor I see possible use cases. Also, bugs from AF parser should be resolved inside AF parser, so that's not a good reason for the switch.
If someone can find a use case for Lua syntax, a simple way to adapt Lua to our needs without performance loss, and it turns out that Lua is easier to learn for non-tech people, then feel free to reopen the task.

Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptNov 3 2018, 11:00 AM
Nirmos mentioned this in T227544: Remove AbuseFilter's DSL and use JavaScript instead.Jul 8 2019, 11:15 PM
Aklapper removed subscribers: Anomie, werdna, wikibugs-l-list.Oct 16 2020, 5:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL