Skip to content

Add a worker to store spam verdicts as abuse events

Juliet Wanjohi requested to merge jw-add-worker-to-store-spam-verdicts into master

What does this MR do and why?

This MR creates a background job that runs when a user creates a spammable that is reported as spammy based on verdicts returned by the spam verdict service. It automates the creation and/or update of an abuse report and correlates this with an abuse event that stores useful metadata regarding the spammable for future analysis.

Closes https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/227

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

  1. Enable Spamcheck for local development.
  2. Tail the sidekiq logs - tail -f /path/to/GDK/gitlab/log/sidekiq.log | grep SpamAbuseEventsWorker
  3. Create a spammy issue in a public project as a regular user.
  4. After creating the issue, you should see the job started and completed in the sidekiq logs.
  5. On the Rails console, check that an abuse report and an abuse event was created: 
    $ rails console
> new_user = User.last
> new_user.abuse_reports
  => [#<AbuseReport:0x000000028462c330
  id: 28,
  reporter_id: 53,
  user_id: 56,
  message: "User reported for abuse based on spam verdict",
  created_at: Wed, 04 Oct 2023 10:27:50.728360000 UTC +00:00,
  updated_at: Wed, 04 Oct 2023 10:27:50.728360000 UTC +00:00,
  message_html: "User reported for abuse based on spam verdict",
  cached_markdown_version: 2097152,
  category: "spam",
  reported_from_url: "",
  links_to_spam: [],
  status: "open",
  resolved_at: nil,
  screenshot: nil,
  resolved_by_id: nil,
  assignee_id: nil,
  mitigation_steps: nil,
  evidence: nil>]
> new_user.abuse_events
 => [#<Abuse::Event:0x0000000145586b00
 id: 17,
 user_id: 56,
 created_at: Wed, 04 Oct 2023 10:27:50.843784000 UTC +00:00,
 updated_at: Wed, 04 Oct 2023 10:27:50.843784000 UTC +00:00,
 abuse_report_id: 28,
 source: "spamcheck",
 category: "spam",
 metadata: {"title"=>"[FILTERED]", "verdict"=>"conditional_allow", "source_ip"=>"", "user_agent"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 
 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36", "description"=>"[FILTERED]", "noteable_type"=>"Issue"}>]

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Juliet Wanjohi

Merge request reports