Skip to content

Ignore "scam" send by trusted users #1282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 21, 2025
Merged

Ignore "scam" send by trusted users #1282

merged 2 commits into from
Jul 21, 2025

Conversation

@Zabuzard
Copy link
Member

@Zabuzard Zabuzard commented Jul 21, 2025
edited
Loading

Summary

This makes it so that trusted users, such as moderators, are ignored by the scam detection.

The idea here is not to let them send scam around but when the scam detector has a false positive, mods could then at least still send the message for the user.

This of course bears the risk that if a mod is hacked, they can freely send undetected scam in the server. We never had such a case though and mods are required to enable 2FA anyways.

Config Changes

This adds a new entry to the scamBlocker config:

"trustedUserRolePattern": "Top Helpers .+|Moderator|Community Ambassador|Expert",

@Zabuzard Zabuzard self-assigned this Jul 21, 2025
@Zabuzard Zabuzard requested a review from a team as a code owner July 21, 2025 08:57
@Zabuzard Zabuzard added enhancement New feature or request priority: normal labels Jul 21, 2025
@SquidXTV
Copy link
Member

SquidXTV commented Jul 21, 2025

This does not require a config change as it uses the already-existing:

"softModerationRolePattern": "Moderator|Community Ambassador",

Do we really only include these two roles? I would say that Expert or Top Helper should also be skipped here. It is rarely (basically never) the case that these accounts get hacked and start spamming scam. And even if we can still manually handle that like we did all the years before.

@Zabuzard
Copy link
Member Author

Zabuzard commented Jul 21, 2025
edited
Loading

Do we really only include these two roles? I would say that Expert or Top Helper should also be skipped here. It is rarely (basically never) the case that these accounts get hacked and start spamming scam. And even if we can still manually handle that like we did all the years before.

I wouldnt mind. I kinda wanted to prevent adding yet another config entry for roles. But welp 🤷

@marko-radosavljevic
Copy link
Contributor

marko-radosavljevic commented Jul 21, 2025
edited
Loading

I agree with squid, we have this one in config already, which is perfect:

"excludeCodeAutoDetectionRolePattern": "Top Helpers .+|Moderator|Community Ambassador|Expert"

It's made for similar purpose, to not annoy trusted memebers that know how to format. It's nice to have some granularity wtih roles, those current patterns can also be renamed to something more general, and resued. Because intent behind them is same, trusted/knowledgeble member that shouldn't be automated, a member that is trusted to edit the tag, etc.

Only in case if our worry is that we are exploding with pattens, and that almost every feature is using a unique one, otherwise I don't mind explicit naming even if we have slightly bigger configs.

(there is also tagManageRolePattern)

@Zabuzard Zabuzard added the config-changes if your PR contains any changes related to config file label Jul 21, 2025
marko-radosavljevic
marko-radosavljevic approved these changes Jul 21, 2025
View reviewed changes
Copy link
Contributor

@marko-radosavljevic marko-radosavljevic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cute! ❤️

I will be safe from the bloodthirsty robot! 😌 🙏

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 21, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Zabuzard Zabuzard merged commit c33d235 into develop Jul 21, 2025
11 checks passed
@Zabuzard Zabuzard deleted the feature/scam_ignore_mods branch July 21, 2025 11:03
@Zabuzard Zabuzard mentioned this pull request Jul 26, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marko-radosavljevic marko-radosavljevic marko-radosavljevic approved these changes

@SquidXTV SquidXTV SquidXTV approved these changes

Assignees

@Zabuzard Zabuzard

Labels

config-changes if your PR contains any changes related to config file enhancement New feature or request priority: normal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Zabuzard @SquidXTV @marko-radosavljevic