[customs] Handle new action events from Dataflow fraud detection pipeline

mozilla / fxa

Monorepo for Mozilla Accounts (formerly Firefox Accounts)

https://mozilla.github.io/ecosystem-platform/

Mozilla Public License 2.0

597 stars 210 forks source link

[customs] Handle new action events from Dataflow fraud detection pipeline #2116

Closed philbooth closed 5 years ago

philbooth commented 5 years ago

Related to #2012.

Secops are going to start publishing actionable events for the customs server to consume, e.g. to block a given IP address. We should handle them but we should also put that handling behind config on a per-event basis, so we can turn things off if there are any teething problems.

shane-tomlinson commented 5 years ago

@philbooth the events are from the DataFlow fraud detection pipeline. We are already consuming most of the events and checking whether we expect them or not, but we do not act on them, i.e., we don't add any additional blocks when DataFlow says we should.

The code is here: https://github.com/mozilla/fxa/blob/0ec1e3fc2e53092bb00a4a82da9239c9628376fa/packages/fxa-customs-server/lib/dataflow.js#L54

Where we check for expected blocks, we should instead be adding blocks.

shane-tomlinson commented 5 years ago

cc @ameihm0912

shane-tomlinson commented 5 years ago

Ref https://github.com/mozilla/fxa-customs-server/issues/311 and https://github.com/mozilla/fxa-customs-server/pull/317

shane-tomlinson commented 5 years ago

@philbooth philbooth closed this in #2445 3 hours ago

\o/