From 809fd7ceb00d440976ba500d2d36dd6752c34dac Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Tue, 15 Mar 2022 13:11:19 -0400
Subject: [PATCH 1/2] Bug 1623361 - Integrate "Risk Analysis" feature without
 plugin

---
 Dockerfile                                    | 12 +++++++++
 moz-extensions.conf.php                       |  1 +
 moz-extensions/src/__phutil_library_map__.php |  2 ++
 .../events/RiskAnalyzerEventListener.php      | 26 +++++++++++++++++++
 nginx/site.conf                               |  6 ++---
 5 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 moz-extensions/src/differential/events/RiskAnalyzerEventListener.php

diff --git a/Dockerfile b/Dockerfile
index c744057487..9b97e9f921 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,6 +2,9 @@ FROM php:7.4.19-fpm-alpine AS base
 
 LABEL maintainer="dkl@mozilla.com"
 
+# From https://github.com/marco-c/risk-analysis-addon/releases
+ENV RISK_ANALYSIS_VERSION v0.6.0
+
 # These are unlikely to change from version to version of the container
 EXPOSE 9000
 EXPOSE 9003
@@ -125,6 +128,15 @@ COPY --chown=app nginx/ nginx/
 RUN chmod +x /app/update_version_json.py /app/entrypoint.sh /app/wait-for-mysql.php \
     && /app/update_version_json.py
 
+RUN { \
+        echo '/**'; \
+        echo '* @provides moz-risk-analysis-js'; \
+        echo '* @do-not-minify'; \
+        echo '*/'; \
+    } | tee /app/phabricator/webroot/rsrc/js/MozillaRiskAnalysis.js
+RUN curl -fsSL https://raw.githubusercontent.com/marco-c/risk-analysis-addon/${RISK_ANALYSIS_VERSION}/risk_analysis.js \
+    >> /app/phabricator/webroot/rsrc/js/MozillaRiskAnalysis.js
+
 FROM base AS production
 
 USER root
diff --git a/moz-extensions.conf.php b/moz-extensions.conf.php
index b9bb4dfd88..16aef7bf91 100644
--- a/moz-extensions.conf.php
+++ b/moz-extensions.conf.php
@@ -7,5 +7,6 @@
   'events.listeners' => array(
     'LandoLinkEventListener',
     'NewChangesLinkEventListener',
+    'RiskAnalyzerEventListener',
   )
 );
diff --git a/moz-extensions/src/__phutil_library_map__.php b/moz-extensions/src/__phutil_library_map__.php
index 600953cfb5..382bd02d9b 100644
--- a/moz-extensions/src/__phutil_library_map__.php
+++ b/moz-extensions/src/__phutil_library_map__.php
@@ -57,6 +57,7 @@
     'FeedQueryIDConduitAPIMethod' => 'conduit/FeedQueryIDConduitAPIMethod.php',
     'GroupPhabricatorReviewer' => 'email/adapter/GroupPhabricatorReviewer.php',
     'LandoLinkEventListener' => 'lando/events/LandoLinkEventListener.php',
+    'RiskAnalyzerEventListener' => 'differential/events/RiskAnalyzerEventListener.php',
     'MinimalEmailContext' => 'email/model/MinimalEmailContext.php',
     'MinimalEmailRevision' => 'email/model/MinimalEmailRevision.php',
     'MozLogger' => 'logging/MozLogger.php',
@@ -146,6 +147,7 @@
     'FeedQueryIDConduitAPIMethod' => 'FeedQueryConduitAPIMethod',
     'GroupPhabricatorReviewer' => 'PhabricatorReviewer',
     'LandoLinkEventListener' => 'PhabricatorEventListener',
+    'RiskAnalyzerEventListener' => 'PhabricatorEventListener',
     'MozLogger' => 'Phobject',
     'MozillaExtraReviewerDataSearchEngineAttachment' => 'PhabricatorSearchEngineAttachment',
     'MozillaMOTD' => 'Phobject',
diff --git a/moz-extensions/src/differential/events/RiskAnalyzerEventListener.php b/moz-extensions/src/differential/events/RiskAnalyzerEventListener.php
new file mode 100644
index 0000000000..3ec2b0010f
--- /dev/null
+++ b/moz-extensions/src/differential/events/RiskAnalyzerEventListener.php
@@ -0,0 +1,26 @@
+<?php
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+/**
+ * Adds the "risk analyzer plugin" JS to the differential view
+ */
+
+final class RiskAnalyzerEventListener extends PhabricatorEventListener {
+
+  public function register() {
+    //if (PhabricatorEnv::getEnvConfig('bugzilla.url') != "http://bmo.test") {
+      // Only enable this event listener if we're not running in the local development environment
+      $this->listen(PhabricatorEventType::TYPE_UI_WILLRENDERPROPERTIES);
+    //}
+  }
+
+  public function handleEvent(PhutilEvent $event) {
+    if ($event->getType() == PhabricatorEventType::TYPE_UI_WILLRENDERPROPERTIES) {
+      $response = CelerityAPI::getStaticResourceResponse();
+      $response->requireResource('moz-risk-analysis-js', 'phabricator');
+      $response->addContentSecurityPolicyURI('connect-src', 'https://community-tc.services.mozilla.com');
+    }
+  }
+}
diff --git a/nginx/site.conf b/nginx/site.conf
index e69f2f16df..8600389707 100644
--- a/nginx/site.conf
+++ b/nginx/site.conf
@@ -6,7 +6,7 @@
 server {
   server_name phabricator.test;
   root /app/phabricator/webroot;
-  
+
   location = /contribute.json {
     root /app;
     default_type application/json;
@@ -30,14 +30,14 @@ server {
 
   location / {
     add_header X-XSS-Protection "1; mode=block";
-    add_header Content-Security-Policy "default-src 'self' https://*.cloudfront.net data: 'unsafe-inline'; script-src 'self' https://*.cloudfront.net 'unsafe-inline'; object-src 'self'";
+    add_header Content-Security-Policy "default-src 'self' https://*.cloudfront.net data: 'unsafe-inline'; script-src 'self' https://*.cloudfront.net 'unsafe-inline'; object-src 'self'; connect-src 'self' https://community-tc.services.mozilla.com";
     index index.php;
     rewrite ^/(.*)$ /index.php?__path__=/$1 last;
   }
 
   location ~ \.php$ {
     add_header X-XSS-Protection "1; mode=block";
-    add_header Content-Security-Policy "default-src 'self' https://*.cloudfront.net data: 'unsafe-inline'; script-src 'self' https://*.cloudfront.net 'unsafe-inline'; object-src 'self'";
+    add_header Content-Security-Policy "default-src 'self' https://*.cloudfront.net data: 'unsafe-inline'; script-src 'self' https://*.cloudfront.net 'unsafe-inline'; object-src 'self'; connect-src 'self' https://community-tc.services.mozilla.com";
     include fastcgi_params;
     fastcgi_pass phabricator:9000;
     fastcgi_index index.php;

From 2ec77c8a223b63ae1de6e7510a9de05665fbc0b3 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Tue, 15 Mar 2022 13:15:25 -0400
Subject: [PATCH 2/2] Removed debugging stuff.

---
 .../src/differential/events/RiskAnalyzerEventListener.php     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/moz-extensions/src/differential/events/RiskAnalyzerEventListener.php b/moz-extensions/src/differential/events/RiskAnalyzerEventListener.php
index 3ec2b0010f..93dbb683bd 100644
--- a/moz-extensions/src/differential/events/RiskAnalyzerEventListener.php
+++ b/moz-extensions/src/differential/events/RiskAnalyzerEventListener.php
@@ -10,10 +10,10 @@
 final class RiskAnalyzerEventListener extends PhabricatorEventListener {
 
   public function register() {
-    //if (PhabricatorEnv::getEnvConfig('bugzilla.url') != "http://bmo.test") {
+    if (PhabricatorEnv::getEnvConfig('bugzilla.url') != "http://bmo.test") {
       // Only enable this event listener if we're not running in the local development environment
       $this->listen(PhabricatorEventType::TYPE_UI_WILLRENDERPROPERTIES);
-    //}
+    }
   }
 
   public function handleEvent(PhutilEvent $event) {