Closed Bug 1182909 Opened 6 years ago Closed 6 years ago

Prevent new accounts from CCing large numbers of users

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Production
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: kmag, Assigned: glob)

References

Details

Attachments

(1 file, 1 obsolete file)

A disgruntled former user has been creating abusive bugs and CCing every account with a Mozilla email address.

It would be nice to be able to specifically target these bugs, but I can't think of a good reason for a new account to be able to CC over 1,000 users. Limiting them to adding, say, 5 CCs to a given bug should hopefully curb the problem.
See Also: → 1182900, 1182887, 1182812
5 CCs + timeout for user.
(When bugs are cloned, usually more than 5 people are cc'ed)
(In reply to Paul Rouget [:paul] from comment #2)
> (When bugs are cloned, usually more than 5 people are cc'ed)

Fair point, but it usually takes people at least a few months to learn about cloning bugs.
blocking on 5 CCs is fine, but this limit should only apply to accounts created within the last 24 hours (ie. use a different metric for "new" than the "new to bugzilla" tag).

dropping priority because this is appears to be a single occurrence (across 3 bugs) and i've dealt with individual by preventing them from creating any new accounts.
Severity: major → normal
Assignee: nobody → glob
See Also: → 1183098
See Also: → 1183096
Attached patch 1182909_1.patch (obsolete) β€” β€” Splinter Review
- adds antispam_cc_limit_age (default:2) and antispam_cc_limit_count (default:5) parameters
- ignores cc requests from new accounts that exceed the limit
Attachment #8632860 - Flags: review?(dylan)
Comment on attachment 8632860 [details] [diff] [review]
1182909_1.patch

Review of attachment 8632860 [details] [diff] [review]:
-----------------------------------------------------------------

r- found a bug

::: extensions/AntiSpam/Extension.pm
@@ +143,5 @@
> +    my ($self, $params, $cc_field) = @_;
> +    return unless exists $params->{$cc_field};
> +
> +    my $user = Bugzilla->user;
> +    my $cc_count = scalar(@{ $params->{$cc_field} });

Can't use string ("dylan@mozilla.com") as an ARRAY ref while "strict refs" in use at ./extensions/AntiSpam/Extension.pm line 147.

perhaps $cc_count = ref $params->{$cc_field} ? 0 + @{ $params->{$cc_field} } : 1
Attachment #8632860 - Flags: review?(dylan) → review-
Attached patch 1182909_2.patch β€” β€” Splinter Review
Attachment #8632860 - Attachment is obsolete: true
Attachment #8632918 - Flags: review?(dylan)
Comment on attachment 8632918 [details] [diff] [review]
1182909_2.patch

r=dylan
Attachment #8632918 - Flags: review?(dylan) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   43740a1..da4255a  master -> master
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Can be this done also to needinfo and other places?
See e.g. in this bug #1160000 which was affected.
Flags: needinfo?(glob)
(In reply to Virtual_ManPL [:Virtual] from comment #10)
> Can be this done also to needinfo and other places?
> See e.g. in this bug #1160000 which was affected.

yes -- last night i was putting out that particular fire.  i plan on extending this to flags and other multi-user fields today.
Flags: needinfo?(glob)
See Also: → 1183975
Component: Extensions: AntiSpam → Extensions
You need to log in before you can comment on or make changes to this bug.