From 0276a775957fc359e64816f3fe35d3f132c862d0 Mon Sep 17 00:00:00 2001
From: Vasilica Olariu <olariu.vasilica@gmail.com>
Date: Thu, 12 Dec 2024 10:44:19 +0200
Subject: [PATCH 1/3] PM-222 - tackle SAST/open-redirect: remove deprecated
 segment integration

---
 src/config/constants.js |  1 -
 src/index.js            | 11 +----------
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/src/config/constants.js b/src/config/constants.js
index 8542258a..b8917e2a 100644
--- a/src/config/constants.js
+++ b/src/config/constants.js
@@ -19,7 +19,6 @@ export const {
   CP_TRACK_ID,
   CHALLENGE_TYPE_ID,
   MARATHON_TYPE_ID,
-  SEGMENT_API_KEY,
   MULTI_ROUND_CHALLENGE_TEMPLATE_ID,
   UNIVERSAL_NAV_URL,
   HEADER_AUTH_URLS_HREF,
diff --git a/src/index.js b/src/index.js
index 82fb6376..180e6126 100644
--- a/src/index.js
+++ b/src/index.js
@@ -6,19 +6,10 @@ import ReactDOM from 'react-dom'
 import './styles/main.scss'
 import 'react-redux-toastr/lib/css/react-redux-toastr.min.css'
 import App from './App'
-import { SEGMENT_API_KEY, UNIVERSAL_NAV_URL } from './config/constants'
+import { UNIVERSAL_NAV_URL } from './config/constants'
 
 ReactDOM.render(<App />, document.getElementById('root'))
 
-/* eslint-disable */
-if (!_.isEmpty(SEGMENT_API_KEY)) {
-    !function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on","addSourceMiddleware","addIntegrationMiddleware","setAnonymousId","addDestinationMiddleware"];analytics.factory=function(e){return function(){var t=Array.prototype.slice.call(arguments);t.unshift(e);analytics.push(t);return analytics}};for(var e=0;e<analytics.methods.length;e++){var t=analytics.methods[e];analytics[t]=analytics.factory(t)}analytics.load=function(e,t){var n=document.createElement("script");n.type="text/javascript";n.async=!0;n.src="https://cdn.segment.com/analytics.js/v1/"+e+"/analytics.min.js";var a=document.getElementsByTagName("script")[0];a.parentNode.insertBefore(n,a);analytics._loadOptions=t};analytics.SNIPPET_VERSION="4.1.0";
-    analytics.load(SEGMENT_API_KEY);
-    analytics.page();
-    }}();
-}
-/* eslint-enable */
-
 // <!-- Start of topcoder Topcoder Universal Navigation script -->
 // eslint-disable-next-line no-unused-expressions
 !(function (n, t, e, a, c, i, o) {

From bbe2de2d89dc04ee67b81af67c53a0d6b03e9399 Mon Sep 17 00:00:00 2001
From: Vasilica Olariu <olariu.vasilica@gmail.com>
Date: Thu, 12 Dec 2024 10:55:11 +0200
Subject: [PATCH 2/3] PM-222 - tackle SAST/open-redirect: ensure uninav domain
 is as expected

---
 src/index.js | 47 +++++++++++++++++++++++++----------------------
 1 file changed, 25 insertions(+), 22 deletions(-)

diff --git a/src/index.js b/src/index.js
index 180e6126..f822b9ba 100644
--- a/src/index.js
+++ b/src/index.js
@@ -11,27 +11,30 @@ import { UNIVERSAL_NAV_URL } from './config/constants'
 ReactDOM.render(<App />, document.getElementById('root'))
 
 // <!-- Start of topcoder Topcoder Universal Navigation script -->
-// eslint-disable-next-line no-unused-expressions
-!(function (n, t, e, a, c, i, o) {
-// eslint-disable-next-line no-unused-expressions, no-sequences
-  ;(n['TcUnivNavConfig'] = c),
-  (n[c] =
-    n[c] ||
-    function () {
-      ;(n[c].q = n[c].q || []).push(arguments)
-    }),
-  (n[c].l = 1 * new Date())
+// SAST/open-redirect handling: make sure script hostname matches what we expect
+if ((new URL(UNIVERSAL_NAV_URL)).hostname.match(/uni-nav.topcoder(-dev)?.com$/i)) {
+  // eslint-disable-next-line no-unused-expressions
+  !(function (n, t, e, a, c, i, o) {
   // eslint-disable-next-line no-unused-expressions, no-sequences
-  ;(i = t.createElement(e)), (o = t.getElementsByTagName(e)[0])
-  i.async = 1
-  i.type = 'module'
-  i.src = a
-  o.parentNode.insertBefore(i, o)
-})(
-  window,
-  document,
-  'script',
-  UNIVERSAL_NAV_URL,
-  'tcUniNav'
-)
+    ;(n['TcUnivNavConfig'] = c),
+    (n[c] =
+      n[c] ||
+      function () {
+        ;(n[c].q = n[c].q || []).push(arguments)
+      }),
+    (n[c].l = 1 * new Date())
+    // eslint-disable-next-line no-unused-expressions, no-sequences
+    ;(i = t.createElement(e)), (o = t.getElementsByTagName(e)[0])
+    i.async = 1
+    i.type = 'module'
+    i.src = a
+    o.parentNode.insertBefore(i, o)
+  })(
+    window,
+    document,
+    'script',
+    UNIVERSAL_NAV_URL,
+    'tcUniNav'
+  )
+}
 // <!-- End of topcoder Topcoder Universal Navigation script -->

From 04a3e2290db629d4ec81b565beff60bbf4cbfb79 Mon Sep 17 00:00:00 2001
From: Justin Gasper <jmgasper@gmail.com>
Date: Fri, 13 Dec 2024 05:54:10 +1100
Subject: [PATCH 3/3] Fix code scanning alert no. 19: Incomplete regular
 expression for hostnames

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/index.js b/src/index.js
index f822b9ba..26460c85 100644
--- a/src/index.js
+++ b/src/index.js
@@ -12,7 +12,7 @@ ReactDOM.render(<App />, document.getElementById('root'))
 
 // <!-- Start of topcoder Topcoder Universal Navigation script -->
 // SAST/open-redirect handling: make sure script hostname matches what we expect
-if ((new URL(UNIVERSAL_NAV_URL)).hostname.match(/uni-nav.topcoder(-dev)?.com$/i)) {
+if ((new URL(UNIVERSAL_NAV_URL)).hostname.match(/uni-nav\.topcoder(-dev)?\.com$/i)) {
   // eslint-disable-next-line no-unused-expressions
   !(function (n, t, e, a, c, i, o) {
   // eslint-disable-next-line no-unused-expressions, no-sequences