Store spam verdicts as abuse events
What does this MR do and why?
This MR creates a background job that runs when a user creates a spammable that is reported as spammy based on verdicts returned by the spam verdict service. It automates the creation and/or update of an abuse report and correlates this with an abuse event that stores useful metadata regarding the spammable for future analysis.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
- Enable Spamcheck for local development.
- Tail the sidekiq logs -
tail -f /path/to/GDK/gitlab/log/sidekiq.log | grep SpamAbuseEventsWorker
- Create a spammy issue in a public project as a regular user.
- After creating the issue, you should see the job started and completed in the sidekiq logs.
- On the Rails console, check that an abuse report and an abuse event was created:
$ rails console > new_user = User.last > new_user.abuse_reports => [#<AbuseReport:0x000000028462c330 id: 28, reporter_id: 53, user_id: 56, message: "User reported for abuse based on spam verdict", created_at: Wed, 04 Oct 2023 10:27:50.728360000 UTC +00:00, updated_at: Wed, 04 Oct 2023 10:27:50.728360000 UTC +00:00, message_html: "User reported for abuse based on spam verdict", cached_markdown_version: 2097152, category: "spam", reported_from_url: "", links_to_spam: [], status: "open", resolved_at: nil, screenshot: nil, resolved_by_id: nil, assignee_id: nil, mitigation_steps: nil, evidence: nil>] > new_user.abuse_events => [#<Abuse::Event:0x0000000145586b00 id: 17, user_id: 56, created_at: Wed, 04 Oct 2023 10:27:50.843784000 UTC +00:00, updated_at: Wed, 04 Oct 2023 10:27:50.843784000 UTC +00:00, abuse_report_id: 28, source: "spamcheck", category: "spam", metadata: {"title"=>"[FILTERED]", "verdict"=>"conditional_allow", "ip_address"=>"", "user_agent"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36", "description"=>"[FILTERED]", "noteable_type"=>"Issue"}>]
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Juliet Wanjohi