Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: track new landing_v2 features (wip) #1212

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+12 −4
Open

feat: track new landing_v2 features (wip) #1212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions src/app/core/services/integration/tracking.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
}

get tracking() {
console.log('got', (window as any).mixpanel);

Check failure on line 58 in src/app/core/services/integration/tracking.service.ts

View workflow job for this annotation

GitHub Actions / lint 

Unexpected console statement
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fix all linting issues

return (window as any).mixpanel;
}
Comment on lines 57 to 60
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Remove console log statement

This debug console log should be removed before merging to production as it violates the ESLint no-console rule and has caused pipeline failures.

get tracking() {
-  console.log('got', (window as any).mixpanel);
  return (window as any).mixpanel;
}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
get tracking() {
console.log('got', (window as any).mixpanel);
return (window as any).mixpanel;
}
get tracking() {
return (window as any).mixpanel;
}
🧰 Tools
🪛 ESLint

[error] 58-58: Unexpected console statement.

(no-console)

🪛 GitHub Check: lint

[failure] 58-58:
Unexpected console statement

🪛 GitHub Actions: TypeScript Lint Check

[error] 58-58: ESLint: Unexpected console statement (no-console)


Expand All @@ -64,9 +65,11 @@
...flattenedObject,
Asset: 'Integration Settings Web'
};
console.log('attempting:', action, properties);

Check failure on line 68 in src/app/core/services/integration/tracking.service.ts

View workflow job for this annotation

GitHub Actions / lint 

Unexpected console statement
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Remove console log statements

These debugging statements should be removed before merging to production. They violate the ESLint no-console rule and have caused pipeline failures.

-  console.log('attempting:', action, properties);
  try {
    if (this.tracking) {
      this.tracking.track(`${trackingApp ? trackingApp : 'Integration Settings Web'}: ${action}`, properties);
-      console.log(`tracked: ${trackingApp ? trackingApp : 'Integration Settings Web'}: ${action}`, properties);
    }
  } catch (e) {

Also applies to: 72-72

🧰 Tools
🪛 ESLint

[error] 68-68: Unexpected console statement.

(no-console)

🪛 GitHub Check: lint

[failure] 68-68:
Unexpected console statement

try {
if (this.tracking) {
this.tracking.track(`${trackingApp ? trackingApp : 'Integration Settings Web'}: ${action}`, properties);
console.log(`tracked: ${trackingApp ? trackingApp : 'Integration Settings Web'}: ${action}`, properties);

Check failure on line 72 in src/app/core/services/integration/tracking.service.ts

View workflow job for this annotation

GitHub Actions / lint 

Unexpected console statement
}
} catch (e) {
console.error('Tracking error:', e);
Expand Down Expand Up @@ -124,4 +127,8 @@
onErrorResolve(trackingApp: TrackingApp, properties: ResolveMappingErrorProperty): void {
this.eventTrack('Resolve Mapping Error', trackingApp, properties);
}

onDropDownOpen(trackingApp: TrackingApp): void {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any caller to this

this.eventTrack('Dropdown Open', trackingApp);
}
}
9 changes: 5 additions & 4 deletions src/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,13 @@

<!-- Mixpanel -->
<script type="text/javascript">
if (window.location.hostname !== "localhost") {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pls revert all these file changes

if (true) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Enable tracking only in production environments

Using if (true) enables Mixpanel tracking in all environments including localhost, which can pollute analytics with development data. Consider using environment-specific conditions instead.

- if (true) {
+ if (window.location.hostname !== "localhost") {
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if (true) {
if (window.location.hostname !== "localhost") {

try {
const MIXPANEL_PROJECT_TOKEN = '{{MIXPANEL_PROJECT_TOKEN}}';

const MIXPANEL_PROJECT_TOKEN = 'dce787f3a74f5ede8264af230a4b4652';
const MIXPANEL_CUSTOM_LIB_URL = 'https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js';
Comment on lines +13 to +14
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Avoid hardcoding Mixpanel token in source code

Hardcoding API tokens in the source code is a security risk and could potentially be misused. The static analysis has flagged this as a generic API key leak.

Consider using environment variables or a secure configuration approach instead:

- const MIXPANEL_PROJECT_TOKEN = 'dce787f3a74f5ede8264af230a4b4652';
+ const MIXPANEL_PROJECT_TOKEN = '{{MIXPANEL_PROJECT_TOKEN}}';

🏁 Script executed:

#!/bin/bash
# Check if this Mixpanel token is referenced elsewhere in a more secure way
rg -g "!node_modules" -g "!dist" -g "!*.js.map" "dce787f3a74f5ede8264af230a4b4652" --no-ignore-vcs

# Check if there's an environment-based token loading pattern elsewhere in the codebase
rg -g "!node_modules" -g "!dist" -g "!*.js.map" "MIXPANEL_PROJECT_TOKEN" --no-ignore-vcs

Length of output: 527

Action: Secure Mixpanel Token Configuration

  • In src/index.html (lines 13-14), the Mixpanel project token is hardcoded, exposing a sensitive value.
  • The substitution in run.sh expects a placeholder ({{MIXPANEL_PROJECT_TOKEN}}) to inject the secure token at build time.
  • Please update the code so that the token is defined as a placeholder, as shown below:
- const MIXPANEL_PROJECT_TOKEN = 'dce787f3a74f5ede8264af230a4b4652';
+ const MIXPANEL_PROJECT_TOKEN = '{{MIXPANEL_PROJECT_TOKEN}}';

Implementing this change mitigates the security risk of a hardcoded API key.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
const MIXPANEL_PROJECT_TOKEN = 'dce787f3a74f5ede8264af230a4b4652';
const MIXPANEL_CUSTOM_LIB_URL = 'https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js';
const MIXPANEL_PROJECT_TOKEN = '{{MIXPANEL_PROJECT_TOKEN}}';
const MIXPANEL_CUSTOM_LIB_URL = 'https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js';
🧰 Tools
🪛 Gitleaks (8.21.2)

13-13: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


(function (f, b) { if (!b.__SV) { var e, g, i, h; window.mixpanel = b; b._i = []; b.init = function (e, f, c) { function g(a, d) { var b = d.split("."); 2 == b.length && ((a = a[b[0]]), (d = b[1])); a[d] = function () { a.push([d].concat(Array.prototype.slice.call(arguments, 0))); }; } var a = b; "undefined" !== typeof c ? (a = b[c] = []) : (c = "mixpanel"); a.people = a.people || []; a.toString = function (a) { var d = "mixpanel"; "mixpanel" !== c && (d += "." + c); a || (d += " (stub)"); return d; }; a.people.toString = function () { return a.toString(1) + ".people (stub)"; }; i = "disable time_event track track_pageview track_links track_forms track_with_groups add_group set_group remove_group register register_once alias unregister identify name_tag set_config reset opt_in_tracking opt_out_tracking has_opted_in_tracking has_opted_out_tracking clear_opt_in_out_tracking start_batch_senders people.set people.set_once people.unset people.increment people.append people.union people.track_charge people.clear_charges people.delete_user people.remove".split( " "); for (h = 0; h < i.length; h++) g(a, i[h]); var j = "set set_once union unset remove delete".split(" "); a.get_group = function () { function b(c) { d[c] = function () { call2_args = arguments; call2 = [c].concat(Array.prototype.slice.call(call2_args, 0)); a.push([e, call2]); }; } for ( var d = {}, e = ["get_group"].concat( Array.prototype.slice.call(arguments, 0)), c = 0; c < j.length; c++) b(j[c]); return d; }; b._i.push([e, f, c]); }; b.__SV = 1.2; e = f.createElement("script"); e.type = "text/javascript"; e.async = !0; e.src = "undefined" !== typeof MIXPANEL_CUSTOM_LIB_URL ? MIXPANEL_CUSTOM_LIB_URL : "file:" === f.location.protocol && "//cdn.mxpnl.com/libs/mixpanel-2-latest.min.js".match(/^\/\//) ? "https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js" : "//cdn.mxpnl.com/libs/mixpanel-2-latest.min.js"; g = f.getElementsByTagName("script")[0]; g.parentNode.insertBefore(e, g); } })(document, window.mixpanel || []);

mixpanel.init(MIXPANEL_PROJECT_TOKEN, {
debug: false,
track_pageview: false,
Expand Down
Loading