debian-mirror-gitlab/app/services/spam/spam_verdict_service.rb

# frozen_string_literal: true

module Spam
  class SpamVerdictService
    include AkismetMethods
    include SpamConstants

    def initialize(user:, target:, options:, context: {}, extra_features: {})
      @target = target
      @user = user
      @options = options
      @context = context
      @extra_features = extra_features
    end

    def execute
      spamcheck_verdict = nil

      external_spam_check_round_trip_time = Benchmark.realtime do
        spamcheck_verdict = get_spamcheck_verdict
      end

      histogram.observe({ result: spamcheck_verdict.upcase }, external_spam_check_round_trip_time) if spamcheck_verdict

      akismet_verdict = get_akismet_verdict

      # filter out anything we don't recognise, including nils.
      valid_verdicts = [spamcheck_verdict, akismet_verdict].compact.select { |r| SUPPORTED_VERDICTS.key?(r) }

      # Treat nils - such as service unavailable - as ALLOW
      return ALLOW unless valid_verdicts.any?

      # Favour the most restrictive verdict
      final_verdict = valid_verdicts.min_by { |v| SUPPORTED_VERDICTS[v][:priority] }

      # The target can override the verdict via the `allow_possible_spam` application setting
      final_verdict = OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM if override_via_allow_possible_spam?(verdict: final_verdict)

      logger.info(class: self.class.name,
                  akismet_verdict: akismet_verdict,
                  spam_check_verdict: spamcheck_verdict,
                  spam_check_rtt: external_spam_check_round_trip_time.real,
                  final_verdict: final_verdict,
                  username: user.username,
                  user_id: user.id,
                  target_type: target.class.to_s,
                  project_id: target.project_id
                 )

      final_verdict
    end

    private

    attr_reader :user, :target, :options, :context, :extra_features

    def get_akismet_verdict
      if akismet.spam?
        Gitlab::Recaptcha.enabled? ? CONDITIONAL_ALLOW : DISALLOW
      else
        ALLOW
      end
    end

    def get_spamcheck_verdict
      return unless Gitlab::CurrentSettings.spam_check_endpoint_enabled

      begin
        result = spamcheck_client.spam?(spammable: target, user: user, context: context, extra_features: extra_features)

        if result.evaluated? && Feature.enabled?(:user_spam_scores)
          Abuse::TrustScore.create!(user: user, score: result.score, source: :spamcheck)
        end

        result.verdict

      rescue StandardError => e
        Gitlab::ErrorTracking.log_exception(e, error: ERROR_TYPE)
        nil
      end
    end

    def override_via_allow_possible_spam?(verdict:)
      # If the verdict is already going to allow (because current verdict's priority value is greater
      # than the override verdict's priority value), then we don't need to override it.
      return false if SUPPORTED_VERDICTS[verdict][:priority] > SUPPORTED_VERDICTS[OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM][:priority]

      target.allow_possible_spam?
    end

    def spamcheck_client
      @spamcheck_client ||= Gitlab::Spamcheck::Client.new
    end

    def logger
      @logger ||= Gitlab::AppJsonLogger.build
    end

    def histogram
      @histogram ||= Gitlab::Metrics.histogram(:gitlab_spamcheck_request_duration_seconds, 'Request duration to the anti-spam service')
    end
  end
end
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`# frozen_string_literal: true`

			`module Spam`
			`class SpamVerdictService`
			`include AkismetMethods`
			`include SpamConstants`

New upstream version 15.4.2+ds1 2022-10-11 01:57:18 +05:30			`def initialize(user:, target:, options:, context: {}, extra_features: {})`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`@target = target`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`@user = user`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`@options = options`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`@context = context`
New upstream version 15.4.2+ds1 2022-10-11 01:57:18 +05:30			`@extra_features = extra_features`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`end`

			`def execute`
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`spamcheck_verdict = nil`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30
			`external_spam_check_round_trip_time = Benchmark.realtime do`
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`spamcheck_verdict = get_spamcheck_verdict`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`end`

New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`histogram.observe({ result: spamcheck_verdict.upcase }, external_spam_check_round_trip_time) if spamcheck_verdict`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`akismet_verdict = get_akismet_verdict`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30
			`# filter out anything we don't recognise, including nils.`
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`valid_verdicts = [spamcheck_verdict, akismet_verdict].compact.select { \|r\| SUPPORTED_VERDICTS.key?(r) }`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`# Treat nils - such as service unavailable - as ALLOW`
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`return ALLOW unless valid_verdicts.any?`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`# Favour the most restrictive verdict`
			`final_verdict = valid_verdicts.min_by { \|v\| SUPPORTED_VERDICTS[v][:priority] }`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			# The target can override the verdict via the `allow_possible_spam` application setting
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`final_verdict = OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM if override_via_allow_possible_spam?(verdict: final_verdict)`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30
			`logger.info(class: self.class.name,`
			`akismet_verdict: akismet_verdict,`
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`spam_check_verdict: spamcheck_verdict,`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`spam_check_rtt: external_spam_check_round_trip_time.real,`
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`final_verdict: final_verdict,`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`username: user.username,`
			`user_id: user.id,`
			`target_type: target.class.to_s,`
			`project_id: target.project_id`
			`)`

New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`final_verdict`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`end`

			`private`

New upstream version 15.4.2+ds1 2022-10-11 01:57:18 +05:30			`attr_reader :user, :target, :options, :context, :extra_features`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`def get_akismet_verdict`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`if akismet.spam?`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`Gitlab::Recaptcha.enabled? ? CONDITIONAL_ALLOW : DISALLOW`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`else`
			`ALLOW`
			`end`
			`end`

New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`def get_spamcheck_verdict`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`return unless Gitlab::CurrentSettings.spam_check_endpoint_enabled`

			`begin`
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`result = spamcheck_client.spam?(spammable: target, user: user, context: context, extra_features: extra_features)`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`if result.evaluated? && Feature.enabled?(:user_spam_scores)`
			`Abuse::TrustScore.create!(user: user, score: result.score, source: :spamcheck)`
			`end`
New upstream version 14.5.2+ds1 2021-12-11 22:18:48 +05:30
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`result.verdict`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30
			`rescue StandardError => e`
New upstream version 15.4.2+ds1 2022-10-11 01:57:18 +05:30			`Gitlab::ErrorTracking.log_exception(e, error: ERROR_TYPE)`
New upstream version 16.0.7+ds1 2023-07-09 08:55:56 +05:30			`nil`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`end`
			`end`

New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			`def override_via_allow_possible_spam?(verdict:)`
			`# If the verdict is already going to allow (because current verdict's priority value is greater`
			`# than the override verdict's priority value), then we don't need to override it.`
			`return false if SUPPORTED_VERDICTS[verdict][:priority] > SUPPORTED_VERDICTS[OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM][:priority]`

			`target.allow_possible_spam?`
			`end`

New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`def spamcheck_client`
			`@spamcheck_client \|\|= Gitlab::Spamcheck::Client.new`
			`end`

			`def logger`
			`@logger \|\|= Gitlab::AppJsonLogger.build`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`end`

New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`def histogram`
			`@histogram \|\|= Gitlab::Metrics.histogram(:gitlab_spamcheck_request_duration_seconds, 'Request duration to the anti-spam service')`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`end`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`end`
			`end`