From 4e7ec1934b11e2cb32d6462aba54b733dec97d45 Mon Sep 17 00:00:00 2001 From: Dargon789 <64915515+Dargon789@users.noreply.github.com> Date: Sat, 18 Apr 2026 06:17:01 +0700 Subject: [PATCH 1/2] Potential fix for code scanning alert no. 28: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --- packages/uniswap/src/utils/datadog.web.ts | 47 ++++++++++++++--------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/packages/uniswap/src/utils/datadog.web.ts b/packages/uniswap/src/utils/datadog.web.ts index 41b3ec4f9e0..27eabac0fe7 100644 --- a/packages/uniswap/src/utils/datadog.web.ts +++ b/packages/uniswap/src/utils/datadog.web.ts @@ -66,26 +66,35 @@ function beforeSend(event: RumEvent, context: RumEventDomainContext): boolean { } } - if (event.type === 'resource' && event.resource.url.includes('gateway.uniswap.org')) { - const requestHeaders = (context as RumFetchResourceEventDomainContext).requestInit?.headers - if (requestHeaders) { - const headersRecord = - requestHeaders instanceof Headers - ? Object.fromEntries(requestHeaders.entries()) - : Array.isArray(requestHeaders) - ? Object.fromEntries(requestHeaders) - : requestHeaders - const tradingApiHeaderValues = new Set(Object.values(TradingApiHeaders)) - const featureFlagHeaders: Record = {} - for (const [key, value] of Object.entries(headersRecord)) { - if (tradingApiHeaderValues.has(key)) { - featureFlagHeaders[key] = String(value) + if (event.type === 'resource') { + let isGatewayUniswapRequest = false + try { + isGatewayUniswapRequest = new URL(event.resource.url).hostname === 'gateway.uniswap.org' + } catch { + isGatewayUniswapRequest = false + } + + if (isGatewayUniswapRequest) { + const requestHeaders = (context as RumFetchResourceEventDomainContext).requestInit?.headers + if (requestHeaders) { + const headersRecord = + requestHeaders instanceof Headers + ? Object.fromEntries(requestHeaders.entries()) + : Array.isArray(requestHeaders) + ? Object.fromEntries(requestHeaders) + : requestHeaders + const tradingApiHeaderValues = new Set(Object.values(TradingApiHeaders)) + const featureFlagHeaders: Record = {} + for (const [key, value] of Object.entries(headersRecord)) { + if (tradingApiHeaderValues.has(key)) { + featureFlagHeaders[key] = String(value) + } } - } - if (Object.keys(featureFlagHeaders).length > 0) { - event.context = { - ...event.context, - tradingApiHeaders: featureFlagHeaders, + if (Object.keys(featureFlagHeaders).length > 0) { + event.context = { + ...event.context, + tradingApiHeaders: featureFlagHeaders, + } } } } From a281d394cdc34effd151e9f705f79347f44d938b Mon Sep 17 00:00:00 2001 From: Dargon789 <64915515+Dargon789@users.noreply.github.com> Date: Sat, 18 Apr 2026 06:19:03 +0700 Subject: [PATCH 2/2] Update packages/uniswap/src/utils/datadog.web.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --- packages/uniswap/src/utils/datadog.web.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/uniswap/src/utils/datadog.web.ts b/packages/uniswap/src/utils/datadog.web.ts index 27eabac0fe7..100e9ac3513 100644 --- a/packages/uniswap/src/utils/datadog.web.ts +++ b/packages/uniswap/src/utils/datadog.web.ts @@ -66,12 +66,12 @@ function beforeSend(event: RumEvent, context: RumEventDomainContext): boolean { } } - if (event.type === 'resource') { + if (event.type === 'resource' && event.resource.url.includes('gateway.uniswap.org')) { let isGatewayUniswapRequest = false try { isGatewayUniswapRequest = new URL(event.resource.url).hostname === 'gateway.uniswap.org' } catch { - isGatewayUniswapRequest = false + // ignore invalid URLs } if (isGatewayUniswapRequest) {