Merge pull request #18 from mozilla-conduit/1623361

Author: dklawren

Dockerfile

@@ -2,6 +2,9 @@ FROM php:7.4.19-fpm-alpine AS base
 
 LABEL maintainer="dkl@mozilla.com"
 
+# From https://github.com/marco-c/risk-analysis-addon/releases
+ENV RISK_ANALYSIS_VERSION v0.6.0
+
 # These are unlikely to change from version to version of the container
 EXPOSE 9000
 EXPOSE 9003
@@ -125,6 +128,15 @@ COPY --chown=app nginx/ nginx/
 RUN chmod +x /app/update_version_json.py /app/entrypoint.sh /app/wait-for-mysql.php \
     && /app/update_version_json.py
 
+RUN { \
+        echo '/**'; \
+        echo '* @provides moz-risk-analysis-js'; \
+        echo '* @do-not-minify'; \
+        echo '*/'; \
+    } | tee /app/phabricator/webroot/rsrc/js/MozillaRiskAnalysis.js
+RUN curl -fsSL https://raw.githubusercontent.com/marco-c/risk-analysis-addon/${RISK_ANALYSIS_VERSION}/risk_analysis.js \
+    >> /app/phabricator/webroot/rsrc/js/MozillaRiskAnalysis.js
+
 FROM base AS production
 
 USER root

moz-extensions.conf.php

@@ -7,5 +7,6 @@
   'events.listeners' => array(
     'LandoLinkEventListener',
     'NewChangesLinkEventListener',
+    'RiskAnalyzerEventListener',
   )
 );

moz-extensions/src/__phutil_library_map__.php

@@ -57,6 +57,7 @@
     'FeedQueryIDConduitAPIMethod' => 'conduit/FeedQueryIDConduitAPIMethod.php',
     'GroupPhabricatorReviewer' => 'email/adapter/GroupPhabricatorReviewer.php',
     'LandoLinkEventListener' => 'lando/events/LandoLinkEventListener.php',
+    'RiskAnalyzerEventListener' => 'differential/events/RiskAnalyzerEventListener.php',
     'MinimalEmailContext' => 'email/model/MinimalEmailContext.php',
     'MinimalEmailRevision' => 'email/model/MinimalEmailRevision.php',
     'MozLogger' => 'logging/MozLogger.php',
@@ -146,6 +147,7 @@
     'FeedQueryIDConduitAPIMethod' => 'FeedQueryConduitAPIMethod',
     'GroupPhabricatorReviewer' => 'PhabricatorReviewer',
     'LandoLinkEventListener' => 'PhabricatorEventListener',
+    'RiskAnalyzerEventListener' => 'PhabricatorEventListener',
     'MozLogger' => 'Phobject',
     'MozillaExtraReviewerDataSearchEngineAttachment' => 'PhabricatorSearchEngineAttachment',
     'MozillaMOTD' => 'Phobject',

moz-extensions/src/differential/events/RiskAnalyzerEventListener.php

@@ -0,0 +1,26 @@
+<?php
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+/**
+ * Adds the "risk analyzer plugin" JS to the differential view
+ */
+
+final class RiskAnalyzerEventListener extends PhabricatorEventListener {
+
+  public function register() {
+    if (PhabricatorEnv::getEnvConfig('bugzilla.url') != "http://bmo.test") {
+      // Only enable this event listener if we're not running in the local development environment
+      $this->listen(PhabricatorEventType::TYPE_UI_WILLRENDERPROPERTIES);
+    }
+  }
+
+  public function handleEvent(PhutilEvent $event) {
+    if ($event->getType() == PhabricatorEventType::TYPE_UI_WILLRENDERPROPERTIES) {
+      $response = CelerityAPI::getStaticResourceResponse();
+      $response->requireResource('moz-risk-analysis-js', 'phabricator');
+      $response->addContentSecurityPolicyURI('connect-src', 'https://community-tc.services.mozilla.com');
+    }
+  }
+}

nginx/site.conf

@@ -6,7 +6,7 @@
 server {
   server_name phabricator.test;
   root /app/phabricator/webroot;
-  
+
   location = /contribute.json {
     root /app;
     default_type application/json;
@@ -30,14 +30,14 @@ server {
 
   location / {
     add_header X-XSS-Protection "1; mode=block";
-    add_header Content-Security-Policy "default-src 'self' https://*.cloudfront.net data: 'unsafe-inline'; script-src 'self' https://*.cloudfront.net 'unsafe-inline'; object-src 'self'";
+    add_header Content-Security-Policy "default-src 'self' https://*.cloudfront.net data: 'unsafe-inline'; script-src 'self' https://*.cloudfront.net 'unsafe-inline'; object-src 'self'; connect-src 'self' https://community-tc.services.mozilla.com";
     index index.php;
     rewrite ^/(.*)$ /index.php?__path__=/$1 last;
   }
 
   location ~ \.php$ {
     add_header X-XSS-Protection "1; mode=block";
-    add_header Content-Security-Policy "default-src 'self' https://*.cloudfront.net data: 'unsafe-inline'; script-src 'self' https://*.cloudfront.net 'unsafe-inline'; object-src 'self'";
+    add_header Content-Security-Policy "default-src 'self' https://*.cloudfront.net data: 'unsafe-inline'; script-src 'self' https://*.cloudfront.net 'unsafe-inline'; object-src 'self'; connect-src 'self' https://community-tc.services.mozilla.com";
     include fastcgi_params;
     fastcgi_pass phabricator:9000;
     fastcgi_index index.php;