Page MenuHomePhabricator
Create Task
Maniphest T57460

No reliable way to detect when an API edit is disallowed by the abuse filter
Closed, ResolvedPublic
Actions

Description

I set up an abuse filter on testwiki that warns the user with the MediaWiki message "snorkel-abuse" and also disallows the action. When triggering this filter using the API (action=edit) I get this:

<?xml version="1.0"?><api><edit code="snorkel-abuse" info="Hit AbuseFilter: TTO&#039;s test filter" warning="Don&#039;t create snorkel pages" result="Failure" /></api>

The only way to test for AbuseFilter being hit appears to be to check whether the "info" parameter starts with the string "Hit AbuseFilter". This seems a bit hackish.

The spam blacklist manages to do better than this, providing its own spamblacklist attribute on the <edit> element. AbuseFilter should be able to do better too.

Details

Reference
bz55460

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:15 AM
bzimport added a project: AbuseFilter.
bzimport set Reference to bz55460.
bzimport added a subscriber: Unknown Object (MLST).
TTO created this task.Oct 8 2013, 8:45 AM
werdna unsubscribed.Dec 10 2014, 5:27 PM
Fhocutt mentioned this in T108426: [AOI] Investigation: How can we improve Twinkle?.Aug 14 2015, 1:21 AM
TTO added a project: MediaWiki-Action-API.Feb 10 2016, 4:39 AM
TTO set Security to None.
TTO removed a subscriber: wikibugs-l-list.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 10 2016, 4:39 AM
Anomie moved this task from Unsorted to Non-core-API stuff on the MediaWiki-Action-API board.Feb 10 2016, 2:10 PM
matmarex merged a task: T96956: AbuseFilter should not let users specify arbitrary error codes which are then emitted over the API.Apr 2 2016, 10:36 PM
matmarex added subscribers: Anomie, Krenair, Deskana.
jayvdb mentioned this in T85656: Pywikibot to detect and correctly handle edits that trigger abusefilter rules.Apr 3 2016, 7:41 AM
Jay8g subscribed.Apr 4 2016, 5:15 AM
matmarex subscribed.Apr 17 2016, 5:21 AM

I solved a similar issue for TitleBlacklist (T115258) a while ago with 97b433286dc086ea5261b1b88736600b5454887f. The same approach should work here.

TTO mentioned this in T16261: Extension can't pass error information back to user in API call (tracking).Dec 30 2016, 10:42 AM
Krinkle awarded a token.Aug 16 2017, 3:25 AM
Krinkle subscribed.
matej_suchanek added a parent task: T85656: Pywikibot to detect and correctly handle edits that trigger abusefilter rules.Feb 4 2018, 6:01 PM
Krinkle unsubscribed.Feb 4 2018, 6:09 PM
matmarex unsubscribed.Apr 5 2018, 5:15 PM
matmarex updated the task description. (Show Details)Apr 5 2018, 5:20 PM
matmarex closed this task as Resolved.Apr 5 2018, 5:24 PM
matmarex claimed this task.

I actually fixed this soon after my last comment in 2016, with patch https://gerrit.wikimedia.org/r/295314 (T137961). You can now check for the abusefilter-disallowed error code (and abusefilter-warning for warnings).

Error message when edit is blocked with AbuseFilter looks like this now:

JSON
{
    "edit": {
        "code": "abusefilter-disallowed",
        "message": {
            "key": "abusefilter-disallowed",
            "params": [
                "Test filter disallow",
                3
            ]
        },
        "abusefilter": {
            "id": 3,
            "description": "Test filter disallow",
            "actions": [
                "disallow"
            ]
        },
        "info": "Hit AbuseFilter: Test filter disallow",
        "warning": "This action has been automatically identified as harmful, and therefore disallowed.\nIf you believe your action was constructive, please inform an administrator of what you were trying to do.\nA brief description of the abuse rule which your action matched is: Test filter disallow",
        "result": "Failure"
    }
}
XML
<?xml version="1.0"?>
<api>
  <edit code="abusefilter-disallowed" info="Hit AbuseFilter: Test filter disallow" warning="This action has been automatically identified as harmful, and therefore disallowed.&#10;If you believe your action was constructive, please inform an administrator of what you were trying to do.&#10;A brief description of the abuse rule which your action matched is: Test filter disallow" result="Failure">
    <message key="abusefilter-disallowed">
      <params>
        <param>Test filter disallow</param>
        <param>3</param>
      </params>
    </message>
    <abusefilter id="3" description="Test filter disallow">
      <actions>
        <_v>disallow</_v>
      </actions>
    </abusefilter>
  </edit>
</api>
Amorymeltzer subscribed.Apr 5 2019, 7:15 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:42 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL