Skip to content

Potential fix for code scanning alert no. 28: Incomplete URL substring sanitization#136

Merged
Dargon789 merged 2 commits intomainfrom
alert-autofix-28
Apr 18, 2026
Merged

Potential fix for code scanning alert no. 28: Incomplete URL substring sanitization#136
Dargon789 merged 2 commits intomainfrom
alert-autofix-28

Conversation

@Dargon789
Copy link
Copy Markdown
Owner

@Dargon789 Dargon789 commented Apr 17, 2026

Potential fix for https://github.com/Dargon789/interface/security/code-scanning/28

Use URL parsing and strict hostname comparison instead of substring matching.

Best fix in this file:

  • In packages/uniswap/src/utils/datadog.web.ts, replace:
    • event.type === 'resource' && event.resource.url.includes('gateway.uniswap.org')
  • With logic that:
    1. Verifies event.type === 'resource'
    2. Parses event.resource.url via new URL(...) in a try/catch
    3. Checks parsed.hostname === 'gateway.uniswap.org'
    4. Proceeds only when true

This preserves existing behavior (only enrich headers for gateway requests) while preventing false matches from path/query/other hostnames. No new imports are needed because URL is a global in browser environments.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@Dargon789 @github-advanced-security
Potential fix for code scanning alert no. 28: Incomplete URL substrin…
4e7ec19 
…g sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
@codesandbox
Copy link
Copy Markdown

codesandbox bot commented Apr 17, 2026

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@vercel
Copy link
Copy Markdown

vercel bot commented Apr 17, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
interface-web Ready Ready Preview, Comment Apr 17, 2026 11:17pm

sourcery-ai[bot]
sourcery-ai bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @Dargon789, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

@snyk-io
Copy link
Copy Markdown

snyk-io bot commented Apr 17, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@Dargon789 Dargon789 added bug Something isn't working documentation Improvements or additions to documentation duplicate This issue or pull request already exists enhancement New feature or request help wanted Extra attention is needed good first issue Good for newcomers invalid This doesn't seem right question Further information is requested wontfix This will not be worked on dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 17, 2026
@github-project-automation github-project-automation bot moved this to Backlog in Hardhat Apr 17, 2026
@Dargon789 Dargon789 self-assigned this Apr 17, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request improves the security of the Datadog RUM beforeSend hook by implementing strict hostname verification for Uniswap gateway requests using the URL API. Feedback was provided to optimize performance by re-introducing a string inclusion check as a guard to prevent unnecessary URL parsing for non-gateway resources.

Comment thread packages/uniswap/src/utils/datadog.web.ts Outdated
@Dargon789 @gemini-code-assist
Update packages/uniswap/src/utils/datadog.web.ts
a281d39 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
@vercel

This comment was marked as abuse.

Sign in to view
@Dargon789 Dargon789 marked this pull request as ready for review April 17, 2026 23:19
sourcery-ai[bot]
sourcery-ai bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @Dargon789, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

@Dargon789 Dargon789 merged commit 4946dc2 into main Apr 18, 2026
14 of 17 checks passed
@Dargon789 Dargon789 deleted the alert-autofix-28 branch April 18, 2026 01:11
@github-project-automation github-project-automation bot moved this from Todo to Done in web3-Defi-Gamefi Apr 18, 2026
@github-project-automation github-project-automation bot moved this from Backlog to Done in Hardhat Apr 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@Dargon789 Dargon789

Labels

bug Something isn't working dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation duplicate This issue or pull request already exists enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed invalid This doesn't seem right javascript Pull requests that update javascript code question Further information is requested wontfix This will not be worked on

Projects

Hardhat
Status: Done
web3-Defi-Gamefi
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Dargon789