Enable anti-spam for notes
What does this MR do and why?
Related to: https://gitlab.com/gitlab-org/gl-security/security-engineering/security-automation/spam/spamcheck/-/issues/6
This MR onboard notes to spamcheck. The current version of spamcheck will always return an ALLOW
verdict for any Generic spammable. This will allow us to analyze the results before implementing more restrictive actions. The ALLOW
verdicts also make it safe to merge this MR before applying the fixes in https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/spamcheck/client.rb#L51 which addresses some bugs in how validation errors are handled by notes.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Enable spamcheck in GDK
- As create a note in a public project. You should see logs emitted from the spamcheck container showing that the note was checked for spam.
- Edit the content of the note. Changing the content should result in another call to spamcheck.
- Create a note with only commands (i.e
/label ~Accord
). Spamcheck should not be queried. - Create a note in a confidential issue and verify that spamcheck was not queried.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.