Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| setTimeout(async () => { | ||
| const { registerInstrumentations } = await import('@opentelemetry/instrumentation') | ||
|
|
||
| // Load instrumentations one by one with delays | ||
| const instrumentations = [] | ||
|
|
||
| // Load fetch instrumentation | ||
| try { | ||
| const fetchModule = await this.loadInstrumentation('fetch') | ||
| instrumentations.push(new fetchModule.FetchInstrumentation()) | ||
| } catch (e) { |
Check notice
Code scanning / devskim
If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code. Note
| setTimeout(async () => { | ||
| try { | ||
| const xhrModule = await this.loadInstrumentation('xhr') | ||
| instrumentations.push(new xhrModule.XMLHttpRequestInstrumentation()) | ||
| } catch (e) { |
Check notice
Code scanning / devskim
If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code. Note
| setTimeout(async () => { | ||
| try { | ||
| const docModule = await this.loadInstrumentation('document') | ||
| instrumentations.push(new docModule.DocumentLoadInstrumentation()) | ||
| } catch (e) { |
Check notice
Code scanning / devskim
If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code. Note
| setTimeout(() => { | ||
| const nav = performance.getEntriesByType('navigation')[0] as PerformanceNavigationTiming | ||
| if (nav) { |
Check notice
Code scanning / devskim
If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code. Note
1 participant
Summary
How did you test this change?
Are there any deployment considerations?