ButterflyEffect/uniswap-interface-uncensored
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: filter out all unsafe-eval csp errors (#6409)

Browse Source 
* update match

* Update src/tracing/errors.ts

Co-authored-by: Zach Pomerantz <zzmp@uniswap.org>

* lint

* add test

---------
This commit is contained in:
Vignesh Mohankumar 2023-04-21 10:58:49 -04:00 committed by GitHub
parent 98841c783d
commit fcc6a2d560
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/tracing/errors.test.ts
View File

@ -8,6 +8,11 @@ describe('filterKnownErrors', () => {
expect(filterKnownErrors(ERROR, {})).toBe(ERROR)
})
it('propagates an error with generic text', () => {
const originalException = new Error('generic error copy')
expect(filterKnownErrors(ERROR, { originalException })).toBe(ERROR)
})
it('filters block number polling errors', () => {
const originalException = new (class extends Error {
requestBody = JSON.stringify({ method: 'eth_blockNumber' })
@ -30,10 +35,19 @@ describe('filterKnownErrors', () => {
expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
})
it('filters CSP unsafe-eval errors', () => {
describe('Content Security Policy', () => {
it('filters unsafe-eval evaluate errors', () => {
const originalException = new Error(
"Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inlin..."
)
expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
})
it('filters CSP unsafe-eval compile/instatiate errors', () => {
const originalException = new Error(
"Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-a..."
)
expect(filterKnownErrors(ERROR, { originalException })).toBe(null)
})
})
})

6
src/tracing/errors.ts
View File

@ -52,11 +52,7 @@ export const filterKnownErrors: Required<ClientOptions>['beforeSend'] = (event:
* For example, if a user runs an eval statement in console this error would still get thrown.
* TODO(INFRA-176): We should extend this to filter out any type of CSP error.
*/
if (
error.message.match(
/Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive/
)
) {
if (error.message.match(/'unsafe-eval'.*content security policy/i)) {
return null
}
}