Check non-public issues for spam
What does this MR do and why?
This MR removes the check for issue spam that ensures an issue is publicly visible before executing a spam check. Spammers have been creating issues in private projects and subsequently making those projects public to avoid spam checking.
While we will start checking for spam for non-public issues, we will not block if those spammables are flagged as spam. This is done to minimize any negative impact due to false positives. When spammables are classified as spam the spamcheck service saves them for future training, a spam log will be created, and the user's spam score will be updated accordingly. This should allow secauto and trust and safety to detect spam quickly if it is generated in a private project.
Related Issue: https://gitlab.com/gitlab-org/gl-security/security-engineering/security-automation/spam/spamcheck/-/work_items/38
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Enable spamcheck in GDK
- Create a spam issue in a private project. You should see logs emitted from the spamcheck container showing that the issue was checked for spam. The issue creation should not be blocked or prompted for recaptcha.
Example spam content:
title: Watch fifa live stream
description: best live streaming [here](https://livestream.com)
- In the admin area, review the spam log and verify that a log was created for the spam issue.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.