Remove WebPurify check for Play Lab when fetching source file#65468
Conversation
| metadata = result[:metadata] | ||
| abuse_score = [metadata['abuse_score'].to_i, metadata['abuse-score'].to_i].max | ||
| not_found if abuse_score >= SharedConstants::ABUSE_CONSTANTS.ABUSE_THRESHOLD && !can_view_abusive_assets?(encrypted_channel_id) | ||
| not_found if profanity_privacy_violation?(filename, result[:body]) && !can_view_profane_or_pii_assets?(encrypted_channel_id) |
There was a problem hiding this comment.
does this mean we aren't checking for profanity at all?
There was a problem hiding this comment.
That's correct. profanity_privacy_violation currently only checks Play Lab project sources (no other project sources are filtered), and we are removing this check.
There was a problem hiding this comment.
Oh gotcha! Could we also update or remove that function (should it always return false now?)
There was a problem hiding this comment.
By that function I mean should_filter_program
There was a problem hiding this comment.
Yes, we should. But I am proposing to do so in a follow-up PR because there are other places it is called that other teams may be impacted. See comment in investigation PR: https://github.com/code-dot-org/code-dot-org/pull/65463/files#r2056956932
This PR removes the WebPurify check for Play Lab projects when fetching the project source file and is a follow-up to #65397 which removed the profanity/privacy check for Play Lab projects on the frontend.
In #65397, I removed the WebPurify filter check for Play Lab projects on project or project-backed level load. However, I did not catch the need to update the backend because I used an account with project validator permission when testing locally.
When fetching the project source file for a project that contains content that would be flagged by WebPurify,
404is returned ifcan_view_profane_or_pii_assets?returnsfalse, i.e., you are not the owner nor admin nor have project validator permission. Thus, you get the "This version of this project cannot be found or is no longer available" alert.This PR makes minimal updates so that we can unblock users in a timely manner. See Zendesk ticket.
However, follow-up is needed. There are a couple pathways moving forward:
showProjectAdminin Extra Links. (This is a medium-sized task - branch starting the clean-up process.) - Note that we do have a report abuse system and projects can be blocked by abuse score or project validators. Also, users can no longer self-publish projects to a public gallery as we now host a curated featured project gallery.find_share_failure, removing block ids and checking only user-generated text. Re-institute checking Play Lab projects, but also consider checking other project types such as Sprite Lab. (This is a large-sized task.)Filtering of Play Lab projects was implemented before Sprite Lab existed. In
should_filter_program, the program must be from Play Lab and include user-entered-text indicators beforefind_failureis called.code-dot-org/lib/cdo/share_filtering.rb
Lines 53 to 66 in f844fcb
When this filter was instituted, Play Lab allowed free-form user text while other project types geared for elementary-age students (such as Artist or Flappy) did not. App Lab and Game Lab allows free-form text, but is restricted to students age 13 and older.
Not filtering Sprite Lab projects while filtering Play Lab projects does seem inconsistent at this point so product recently confirmed that Play Lab should follow the same pattern as Sprite Lab and not be more strict than other labs. However, Mike H brought up pathway option 2 above (filter both Play Lab and Sprite Lab projects after a refactor) during a recent check-in meeting. I'll bring this topic up during a team meeting.
Before update
Screencast video of a Play Lab project that contains a flagged word. A non-owner user opens the project and cannot see project content. However, the current workaround to view project is to remix the project (append '/remix' to end of project URL).
before-update.mov
Screenshot of error in Network tab:
After update
Now a non-owner user and a signed-out user can view a Play Lab project that contains content that would be flagged by WebPurify.
after-update.mov
Warning!!
The AP CSP Create Performance Task is in progress. The most critical dates are from April 3 - April 30, 2025. Please consider any risk introduced by this PR that could affect our students taking AP CSP. Code.org students taking AP CSP primarily use App Lab for their Create Task, however a small percent use Game Lab. Carefully consider whether your change has any risk of alterering, changing, or breaking anything in these two labs. Even small changes, such as a different button color, are considered significant during this time period. Reach out to the Student Learning team or Curriculum team for more details.
Links
Testing story
I tested locally using different types of accounts: student, teacher (without project validator permission), and also as a signed-out user.
Deployment strategy
Follow-up work
Privacy
Security
Caching
PR Checklist: