Skip to content

Commit 4946dc2

Browse files
Dargon789github-advanced-security[bot]gemini-code-assist[bot]
authored
Potential fix for code scanning alert no. 28: Incomplete URL substring sanitization (#136)
* Potential fix for code scanning alert no. 28: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update packages/uniswap/src/utils/datadog.web.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
1 parent 5d32d97 commit 4946dc2

1 file changed

Lines changed: 27 additions & 18 deletions

File tree

packages/uniswap/src/utils/datadog.web.ts

Lines changed: 27 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -67,25 +67,34 @@ function beforeSend(event: RumEvent, context: RumEventDomainContext): boolean {
6767
}
6868

6969
if (event.type === 'resource' && event.resource.url.includes('gateway.uniswap.org')) {
70-
const requestHeaders = (context as RumFetchResourceEventDomainContext).requestInit?.headers
71-
if (requestHeaders) {
72-
const headersRecord =
73-
requestHeaders instanceof Headers
74-
? Object.fromEntries(requestHeaders.entries())
75-
: Array.isArray(requestHeaders)
76-
? Object.fromEntries(requestHeaders)
77-
: requestHeaders
78-
const tradingApiHeaderValues = new Set<string>(Object.values(TradingApiHeaders))
79-
const featureFlagHeaders: Record<string, string> = {}
80-
for (const [key, value] of Object.entries(headersRecord)) {
81-
if (tradingApiHeaderValues.has(key)) {
82-
featureFlagHeaders[key] = String(value)
70+
let isGatewayUniswapRequest = false
71+
try {
72+
isGatewayUniswapRequest = new URL(event.resource.url).hostname === 'gateway.uniswap.org'
73+
} catch {
74+
// ignore invalid URLs
75+
}
76+
77+
if (isGatewayUniswapRequest) {
78+
const requestHeaders = (context as RumFetchResourceEventDomainContext).requestInit?.headers
79+
if (requestHeaders) {
80+
const headersRecord =
81+
requestHeaders instanceof Headers
82+
? Object.fromEntries(requestHeaders.entries())
83+
: Array.isArray(requestHeaders)
84+
? Object.fromEntries(requestHeaders)
85+
: requestHeaders
86+
const tradingApiHeaderValues = new Set<string>(Object.values(TradingApiHeaders))
87+
const featureFlagHeaders: Record<string, string> = {}
88+
for (const [key, value] of Object.entries(headersRecord)) {
89+
if (tradingApiHeaderValues.has(key)) {
90+
featureFlagHeaders[key] = String(value)
91+
}
8392
}
84-
}
85-
if (Object.keys(featureFlagHeaders).length > 0) {
86-
event.context = {
87-
...event.context,
88-
tradingApiHeaders: featureFlagHeaders,
93+
if (Object.keys(featureFlagHeaders).length > 0) {
94+
event.context = {
95+
...event.context,
96+
tradingApiHeaders: featureFlagHeaders,
97+
}
8998
}
9099
}
91100
}

0 commit comments

Comments
 (0)