jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add additional post flag validation preventing targeting

Browse Source
This commit is contained in:
Albert Yi
2018-06-15 17:11:06 -07:00
parent f4d5932a66
commit cdcd4d4014
5 changed files with 191 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/controllers/reports_controller.rb
View File

@@ -24,6 +24,13 @@ class ReportsController < ApplicationController
@upload_reports = Reports::UploadTags.includes(versions: { post: :versions }).for_user(params[:user_id]).order("id desc").paginate(params[:page], :limit => params[:limit])
end
def flag_targeting
end
def flag_targeting_create(user_id)
end
def down_voting_post
end

11
app/logical/danbooru_math.rb Normal file
View File

@@ -0,0 +1,11 @@
class DanbooruMath
def self.ci_lower_bound(pos, n, confidence = 0.95)
if n == 0
return 0
end
z = Statistics2.pnormaldist(1-(1-confidence)/2)
phat = 1.0*pos/n
100 * (phat + z*z/(2*n) - z * Math.sqrt((phat*(1-phat)+z*z/(4*n))/n))/(1+z*z/n)
end
end

62
app/logical/reports/post_flags.rb Normal file
View File

@@ -0,0 +1,62 @@
module Reports
class PostFlags
attr_reader :user_id, :date_range
def initialize(user_id:, date_range:)
@user_id = user_id
@date_range = date_range
end
def candidates
PostFlag.where("posts.uploader_id = ? and posts.created_at >= ? and post_flags.creator_id <> ?", user_id, date_range, User.system.id).joins(:post).pluck("post_flags.creator_id").uniq
end
def build_message(user_id, data)
user_name = User.id_to_name(user_id)
if data.empty?
return "There don't appear to be any users targeting #{user_name} for flags."
else
msg = "The following users may be targeting #{user_name} for flags. Over half of their flags are targeting the user, with 95\% confidence.\n\n"
data.each do |flagger_id, targets|
targets.each do |uploader_id, score|
if uploader_id == user_id && score > 50
msg += "* " + User.id_to_name(flagger_id)
end
end
end
end
end
def attackers
matches = []
build.each do |flagger, uploaders|
if uploaders[user_id].to_i > 50
matches << flagger
end
end
return matches
end
def build
flaggers = Hash.new {|h, k| h[k] = {}}
candidates.each do |candidate|
PostFlag.joins(:post).where("post_flags.creator_id = ? and posts.created_at >= ?", candidate, date_range).select("posts.uploader_id").group("posts.uploader_id").having("count(*) > 1").count.each do |uploader_id, count|
flaggers[candidate][uploader_id] = count
end
sum = flaggers[candidate].values.sum
flaggers[candidate].each_key do |user_id|
flaggers[candidate][user_id] = DanbooruMath.ci_lower_bound(flaggers[candidate][user_id], sum)
end
end
return flaggers
end
end
end

21
app/models/post_flag.rb
View File

@@ -8,13 +8,13 @@ class PostFlag < ApplicationRecord
end
COOLDOWN_PERIOD = 3.days
CREATION_THRESHOLD = 10 # in 30 days
belongs_to :creator, :class_name => "User"
belongs_to_creator :class_name => "User"
belongs_to :post
validates_presence_of :reason, :creator_id, :creator_ip_addr
validate :validate_creator_is_not_limited
validates_presence_of :reason
validate :validate_creator_is_not_limited, on: :create
validate :validate_post
before_validation :initialize_creator, :on => :create
validates_uniqueness_of :creator_id, :scope => :post_id, :on => :create, :unless => :is_deletion, :message => "have already flagged this post"
before_save :update_post
attr_accessor :is_deletion
@@ -156,6 +156,14 @@ class PostFlag < ApplicationRecord
def validate_creator_is_not_limited
return if is_deletion
if PostFlag.for_creator(creator_id).where("created_at > ?", 30.days.ago).count >= CREATION_THRESHOLD
report = Reports::PostFlags.new(user_id: post.uploader_id, date_range: 90.days.ago)
if report.attackers.include?(creator_id)
errors[:creator] << "cannot flag posts uploaded by this user"
end
end
if CurrentUser.can_approve_posts?
# do nothing
elsif creator.created_at > 1.week.ago
@@ -178,11 +186,6 @@ class PostFlag < ApplicationRecord
errors[:post] << "is deleted" if post.is_deleted?
end
def initialize_creator
self.creator_id ||= CurrentUser.id
self.creator_ip_addr = CurrentUser.ip_addr if creator_ip_addr == "127.0.0.1" || creator_ip_addr.blank?
end
def resolve!
update_column(:is_resolved, true)
end

146
test/unit/post_flag_test.rb
View File

@@ -3,116 +3,168 @@ require 'test_helper'
class PostFlagTest < ActiveSupport::TestCase
context "In all cases" do
setup do
Timecop.travel(2.weeks.ago) do
@alice = FactoryBot.create(:gold_user)
travel_to(2.weeks.ago) do
@alice = create(:gold_user)
end
as(@alice) do
@post = create(:post, tag_string: "aaa", uploader: @alice)
end
CurrentUser.user = @alice
CurrentUser.ip_addr = "127.0.0.2"
@post = FactoryBot.create(:post, :tag_string => "aaa")
end
teardown do
CurrentUser.user = nil
CurrentUser.ip_addr = nil
end
context "a basic user" do
setup do
Timecop.travel(2.weeks.ago) do
@bob = FactoryBot.create(:user)
travel_to(2.weeks.ago) do
@bob = create(:user)
end
CurrentUser.user = @bob
end
should "not be able to flag more than 1 post in 24 hours" do
@post_flag = PostFlag.new(:post => @post, :reason => "aaa", :is_resolved => false)
@post_flag = PostFlag.new(post: @post, reason: "aaa", is_resolved: false)
@post_flag.expects(:flag_count_for_creator).returns(1)
assert_difference("PostFlag.count", 0) do
@post_flag.save
as(@bob) { @post_flag.save }
end
assert_equal(["You can flag 1 post a day"], @post_flag.errors.full_messages)
end
end
context "a gold user" do
setup do
travel_to(2.weeks.ago) do
@bob = create(:gold_user)
end
end
should "not be able to flag a post more than twice" do
assert_difference("PostFlag.count", 1) do
@post_flag = PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
assert_difference(-> { PostFlag.count }, 1) do
as(@bob) do
@post_flag = PostFlag.create(post: @post, reason: "aaa", is_resolved: false)
end
end
assert_difference("PostFlag.count", 0) do
@post_flag = PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
assert_difference(-> { PostFlag.count }, 0) do
as(@bob) do
@post_flag = PostFlag.create(post: @post, reason: "aaa", is_resolved: false)
end
end
assert_equal(["have already flagged this post"], @post_flag.errors[:creator_id])
end
should "not be able to target a single uploader" do
travel_to(2.weeks.ago) do
as(@alice) do
@posts = FactoryBot.create_list(:post, 10, uploader: @alice)
end
end
as(@bob) do
travel_to(1.week.ago) do
@flags = @posts.map {|x| PostFlag.create(reason: "bad #{x.id}", post: x)}
end
@bad_flag = PostFlag.create(post: @post, reason: "bad #{@post.id}")
end
assert_equal(["You cannot flag posts uploaded by this user"], @bad_flag.errors.full_messages)
end
should "not be able to flag more than 10 posts in 24 hours" do
@post_flag = PostFlag.new(:post => @post, :reason => "aaa", :is_resolved => false)
@post_flag.expects(:flag_count_for_creator).returns(10)
assert_difference("PostFlag.count", 0) do
@post_flag.save
as(@bob) do
@post_flag = PostFlag.new(post: @post, reason: "aaa", is_resolved: false)
@post_flag.expects(:flag_count_for_creator).returns(10)
assert_difference(-> { PostFlag.count }, 0) do
@post_flag.save
end
end
assert_equal(["You can flag 10 posts a day"], @post_flag.errors.full_messages)
end
should "not be able to flag a deleted post" do
@post.update_attribute(:is_deleted, true)
assert_difference("PostFlag.count", 0) do
@post_flag = PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
as(@alice) do
@post.update(is_deleted: true)
end
assert_difference(-> { PostFlag.count }, 0) do
as(@bob) do
@post_flag = PostFlag.create(post: @post, reason: "aaa", is_resolved: false)
end
end
assert_equal(["Post is deleted"], @post_flag.errors.full_messages)
end
should "not be able to flag a pending post" do
@post.update_columns(is_pending: true)
@flag = @post.flags.create(reason: "test")
as(@alice) do
@post.update(is_pending: true)
end
as(@bob) do
@flag = @post.flags.create(reason: "test")
end
assert_equal(["Post is pending and cannot be flagged"], @flag.errors.full_messages)
end
should "not be able to flag a post in the cooldown period" do
users = FactoryBot.create_list(:user, 2, created_at: 2.weeks.ago)
flag1 = FactoryBot.create(:post_flag, post: @post, creator: users.first)
@post.approve!
@mod = create(:moderator_user)
travel_to(2.weeks.ago) do
@users = FactoryBot.create_list(:user, 2)
end
as(@users.first) do
@flag1 = PostFlag.create(post: @post, reason: "something")
end
as(@mod) do
@post.approve!
end
travel_to(PostFlag::COOLDOWN_PERIOD.from_now - 1.minute) do
flag2 = FactoryBot.build(:post_flag, post: @post, creator: users.second)
assert(flag2.invalid?)
assert_match(/cannot be flagged more than once/, flag2.errors[:post].join)
as(@users.second) do
@flag2 = PostFlag.create(post: @post, reason: "something")
end
assert_match(/cannot be flagged more than once/, @flag2.errors[:post].join)
end
travel_to(PostFlag::COOLDOWN_PERIOD.from_now + 1.minute) do
flag3 = FactoryBot.build(:post_flag, post: @post, creator: users.second)
assert(flag3.valid?)
as(@users.second) do
@flag3 = PostFlag.create(post: @post, reason: "something")
end
assert(@flag3.errors.empty?)
end
end
should "initialize its creator" do
@post_flag = PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
@post_flag = as(@alice) do
PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
end
assert_equal(@alice.id, @post_flag.creator_id)
assert_equal(IPAddr.new("127.0.0.2"), @post_flag.creator_ip_addr)
assert_equal(IPAddr.new("127.0.0.1"), @post_flag.creator_ip_addr)
end
end
context "a moderator user" do
setup do
Timecop.travel(2.weeks.ago) do
@dave = FactoryBot.create(:moderator_user)
travel_to(2.weeks.ago) do
@dave = create(:moderator_user)
end
CurrentUser.user = @dave
end
should "not be able to view flags on their own uploads" do
@modpost = FactoryBot.create(:post, :tag_string => "mmm",:uploader_id => @dave.id)
CurrentUser.scoped(@alice) do
@modpost = create(:post, :tag_string => "mmm", :uploader => @dave)
as(@alice) do
@flag1 = PostFlag.create(:post => @modpost, :reason => "aaa", :is_resolved => false)
end
assert_equal(false, @dave.can_view_flagger_on_post?(@flag1))
flag2 = PostFlag.search(:creator_id => @alice.id)
assert_equal(0, flag2.length)
flag3 = PostFlag.search({})
assert_nil(JSON.parse(flag3.to_json)[0]["creator_id"])
as(@dave) do
flag2 = PostFlag.search(:creator_id => @alice.id)
assert_equal(0, flag2.length)
flag3 = PostFlag.search({})
assert_nil(JSON.parse(flag3.to_json)[0]["creator_id"])
end
end
end
end