Extension:AbuseFilter/Rules format

The rules are formatted much as conditionals in a C/Java/Perl-like language.

Strings
You can specify a literal by placing it in single or double quotes (for strings), or by typing it in as-is (for numbers, both floating-point and integer).

You can get linebreaks with  , tab characters with  , and you can also escape the quote character with a backslash.

Use the   (plus) symbol to concatenate two literal strings or the values of two vars with a string value.


 * Examples :

User-defined variables
You can define custom variables for ease of understanding with the assign symbol   in a line (closed by  ) within a condition.

Such variables may use letters, underscores, and numbers (apart from the first character) and are case sensitive.

Example (from w:Special:AbuseFilter/79):

Arrays
AbuseFilter has support for non-associative arrays, which can be used like in the following examples.

Comments
You can specify comments using the following syntax: /* This is a comment */

Arithmetic
You can use basic arithmetic symbols to do arithmetic on variables and literals with the following syntax:


 * — Subtract the right-hand operand from the left-hand operand.
 * — Add the right-hand operand to the left-hand operand.
 * — Multiply the left-hand operand by the right-hand operand.
 * — Divide the left-hand operand by the right-hand operand.
 * — Raise the left-hand operand to the exponential power specified by the right-hand operand.
 * — Return the remainder given when the left-hand operand is divided by the right-hand operand.

The type of the returned result is the same that would be returned by PHP, for which a lot of documentation may be found [https://secure.php.net/language.operators.arithmetic online].

More exhaustive examples may be found in [https://phabricator.wikimedia.org/diffusion/EABF/browse/master/tests/parserTests/arith.t this AF parser test].

Boolean operations
You can match if and only if all of a number of conditions are true, one of a number of conditions are true, or one and only one of all conditions are true.


 * <tvar|1> &mdash; OR</> – returns true if one or more of the conditions is true.


 * <tvar|1> &mdash; AND</> – returns true if both of the conditions are true.


 * <tvar|1> &mdash; XOR</> – returns true if one, and only one of the two conditions is true.


 * <tvar|1> &mdash; NOT</> – returns true if the condition is not true.

 Examples 

Simple comparisons
You can compare variables with other variables and literals with the following syntax:


 * <tvar|1> </> &mdash; Return true if the left-hand operand is less than/greater than the right-hand operand respectively.  Watch out: operands are casted to strings and, like it happens in PHP,   and.


 * <tvar|1> </> &mdash; Return true if the left-hand operand is less than or equal to/greater than or equal to the right-hand operand respectively.  Watch out: operands are casted to strings and, like it happens in PHP,   and.


 * <tvar|1> </> (or <tvar|2> </>), <tvar|3> </> &mdash; Return true if the left-hand operand is equal to/not equal to the right-hand operand respectively.


 * <tvar|1> </> &mdash; Return true if the left-hand operand is equal to/not equal to the right-hand operand AND the left-hand operand is the same/not the same data type to the right-hand operand respectively.

Built-in variables
The abuse filter passes various variables by name into the parser.

These variables can be accessed by typing their name in, in a place where a literal would work.

You can view the variables associated with each request in the abuse log.

Performance
As noted in the table above, some of these variables can be very slow.

While writing filters, remember that the condition limit is not a good metric of how heavy filters are.

For instance, variables like <tvar|1> </> or <tvar|2> </> always need a DB query to be computed, while <tvar|3> </> variables will have to perform parsing of the text, which again is a heavy operation; all these variables should be used very, very carefully.

For instance, on Italian Wikipedia it's been observed that, with 135 active filters and an average of 450 used conditions, filters execution time was around 500ms, with peaks reaching 15 seconds.

Removing the <tvar|1> </> variable from a single filter, and halving the cases when another filter would use <tvar|2> </> brought the average execution time to 50ms.

More specifically:


 * Use <tvar|1> </> variables when you need high accuracy and checking for "<tvar|2>http://...</>" in other variables (for instance, <tvar|3> </>) could lead to heavy malfunctioning;


 * Use <tvar|1> </> variables when you're really sure that non-PST variables aren't enough. You may also conditionally decide which one to check: if, for instance, you want to examine a signature, check first if <tvar|1> </> contains <tvar|2> </>;

Last but not least, note that whenever a variable is computed for a given filter, it'll be saved and any other filter will immediately retrieve it. This means that one single filter computing this variable counts more or less as dozens of filters using it.
 * In general, when dealing with these variables, it's always much better to consume further conditions but avoid computing heavy stuff. In order to achieve this, always put heavy variables as last conditions.

Keywords
The following special keywords are included for often-used functionality:


 * <tvar|1> </> (or <tvar|2> </>) returns true if the left-hand operand matches the glob pattern in the right-hand operand.
 * <tvar|1> </> returns true if the right-hand operand (a string) contains the left-hand operand.  Note:  empty strings are not contained in, nor contain, any other string (not even the empty string itself).
 * <tvar|1> </> works like <tvar|2> </>, but with the left and right-hand operands switched.  Note:  empty strings are not contained in, nor contain, any other string (not even the empty string itself).
 * <tvar|1> </> (or <tvar|2> </>) and <tvar|3> </> return true if the left-hand operand matches (contains) the regex pattern in the right-hand operand (<tvar|4> </> is case insensitive).

The system uses PCRE.

The only PCRE option enabled is <tvar|1> </> (modifier <tvar|2> </> [<tvar|3>https://secure.php.net/reference.pcre.pattern.modifiers</> in PHP]); for <tvar|4> </> both <tvar|5> </> and <tvar|6> </> are enabled (modifier <tvar|7> </>).



 Examples 

Functions
A number of built-in functions are included to ease some common issues.

They are executed in the general format <tvar|1> </>, and can be used in place of any literal or variable.

Its arguments can be given as literals, variables, or even other functions.

Order of operations
Operations are generally done left-to-right, but there is an order to which they are resolved.

As soon as the filter fails one of the conditions, it will stop checking the rest of them (due to short-circuit evaluation) and move on to the next filter (except for <tvar|1>T43693</>).

The evaluation order is:


 * 1) Anything surrounded by parentheses (<tvar|1> </> and <tvar|2> </>) is evaluated as a single unit.
 * 2) Turning variables/literals into their respective data. (i.e., <tvar|1> </> to 0)
 * 3) Function calls (<tvar|1> </>, <tvar|2> </>, etc.)
 * 4) Unary <tvar|1> </> and <tvar|2> </> (defining positive or negative value, e.g. <tvar|3> </>, <tvar|4> </>)
 * 5) Keywords
 * 6) Boolean inversion
 * 7) Exponentiation
 * 8) Multiplication-related (multiplication, division, modulo)
 * 9) Addition and subtraction
 * 10) Comparisons.
 * 11) Boolean operations.

Examples

 * <tvar|1> </> is equivalent to <tvar|2> </>, not to <tvar|3> </>. In particular, both <tvar|1> </> and <tvar|2> </> evaluates to <tvar|3> </>.
 * <tvar|1> </> is equivalent to <tvar|2> </>, not to <tvar|3> </>. In particular, both <tvar|1> </> and <tvar|2> </> evaluates to <tvar|3> </>.

Condition counting
The condition limit is (more or less) tracking the number of comparison operators + number of function calls entered.

Further explanation on how to reduce conditions used can be found at.

Exclusions
Although the AbuseFilter examine function will identify "rollback" actions as edits, the AbuseFilter will not evaluate rollback actions for matching.

Useful links

 * PCRE pattern syntax
 * Edit filters benefiting to various local Wikiprojects