use go-mask to mask sensitive information in zetaclient config file

zeta-chain · Sep 17, 2024 · 1b23e96 · swift1337 · Sep 18, 2024 · ws4charlie
1 parent 19cbeea
commit 1b23e96
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 42 deletions.
diff --git a/cmd/zetaclientd/start.go b/cmd/zetaclientd/start.go
@@ -154,7 +154,7 @@ func start(_ *cobra.Command, _ []string) error {
 		return err
 	}
 
-	startLogger.Info().Msgf("Config is updated from zetacore %s", maskCfg(cfg))
+	startLogger.Info().Msgf("Config is updated from zetacore\n %s", cfg.StringMasked())
 
 	go zetacoreClient.UpdateAppContextWorker(ctx, appContext)
 

diff --git a/cmd/zetaclientd/start_utils.go b/cmd/zetaclientd/start_utils.go
@@ -51,36 +51,3 @@ func validatePeer(seedPeer string) error {
 
 	return nil
 }
-
-// maskCfg sensitive fields are masked, currently only the endpoints and bitcoin credentials,
-//
-//	other fields can be added.
-func maskCfg(cfg config.Config) string {
-	// Make a copy of the config
-	maskedCfg := cfg
-
-	// Mask EVM endpoints
-	maskedCfg.EVMChainConfigs = map[int64]config.EVMConfig{}
-	for key, val := range cfg.EVMChainConfigs {
-		maskedCfg.EVMChainConfigs[key] = config.EVMConfig{
-			Chain:    val.Chain,
-			Endpoint: "",
-		}
-	}
-
-	// Mask BTC endpoints and credentials
-	maskedCfg.BTCChainConfigs = map[int64]config.BTCConfig{}
-	for key, val := range cfg.BTCChainConfigs {
-		maskedCfg.BTCChainConfigs[key] = config.BTCConfig{
-			RPCParams: val.RPCParams,
-		}
-	}
-	maskedCfg.BitcoinConfig = config.BTCConfig{
-		RPCParams: cfg.BitcoinConfig.RPCParams,
-	}
-
-	// Mask Solana endpoint
-	maskedCfg.SolanaConfig.Endpoint = ""
-
-	return maskedCfg.String()
-}
diff --git a/go.mod b/go.mod
@@ -337,6 +337,7 @@ require (
 
 require (
 	github.com/oasisprotocol/curve25519-voi v0.0.0-20220328075252-7dd334e3daae // indirect
+	github.com/showa-93/go-mask v0.6.2 // indirect
 	github.com/snksoft/crc v1.1.0 // indirect
 	github.com/tonkeeper/tongo v1.9.3 // indirect
 )

diff --git a/go.sum b/go.sum
@@ -1433,6 +1433,8 @@ github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible h1
 github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/showa-93/go-mask v0.6.2 h1:sJEUQRpbxUoMTfBKey5K9hCg+eSx5KIAZFT7pa1LXbM=
+github.com/showa-93/go-mask v0.6.2/go.mod h1:aswIj007gm0EPAzOGES9ACy1jDm3QT08/LPSClMp410=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=

diff --git a/zetaclient/config/types.go b/zetaclient/config/types.go
@@ -5,6 +5,8 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/showa-93/go-mask"
+
 	"github.com/zeta-chain/node/pkg/chains"
 )
 
@@ -38,23 +40,23 @@ type ClientConfiguration struct {
 // EVMConfig is the config for EVM chain
 type EVMConfig struct {
 	Chain           chains.Chain
-	Endpoint        string
+	Endpoint        string `mask:"filled"`
 	RPCAlertLatency int64
 }
 
 // BTCConfig is the config for Bitcoin chain
 type BTCConfig struct {
 	// the following are rpcclient ConnConfig fields
-	RPCUsername     string
-	RPCPassword     string
-	RPCHost         string
+	RPCUsername     string `mask:"filled"`
+	RPCPassword     string `mask:"filled"`
+	RPCHost         string `mask:"filled"`
 	RPCParams       string // "regtest", "mainnet", "testnet3" , "signet"
 	RPCAlertLatency int64
 }
 
 // SolanaConfig is the config for Solana chain
 type SolanaConfig struct {
-	Endpoint        string
+	Endpoint        string `mask:"filled"`
 	RPCAlertLatency int64
 }
 
@@ -147,9 +149,20 @@ func (c Config) GetSolanaConfig() (SolanaConfig, bool) {
 	return c.SolanaConfig, c.SolanaConfig != (SolanaConfig{})
 }
 
-// String returns the string representation of the config
-func (c Config) String() string {
-	s, err := json.MarshalIndent(c, "", "\t")
+// StringMasked returns the string representation of the config with sensitive fields masked.
+// Currently only the endpoints and bitcoin credentials are masked.
+func (c Config) StringMasked() string {
+	// create a masker
+	masker := mask.NewMasker()
+	masker.RegisterMaskStringFunc(mask.MaskTypeFilled, masker.MaskFilledString)
+
+	// mask the config
+	masked, err := masker.Mask(c)
+	if err != nil {
+		return ""
+	}
+
+	s, err := json.MarshalIndent(masked, "", "\t")
 	if err != nil {
 		return ""
 	}

diff --git a/zetaclient/config/types_test.go b/zetaclient/config/types_test.go
@@ -123,3 +123,19 @@ func Test_GetBTCConfig(t *testing.T) {
 		})
 	}
 }
+
+func Test_StringMasked(t *testing.T) {
+	// create config with defaults
+	cfg := config.New(true)
+
+	// mask the config JSON string
+	masked := cfg.StringMasked()
+	require.NotEmpty(t, masked)
+
+	// should contain necessary fields
+	require.Contains(t, masked, "EVMChainConfigs")
+	require.Contains(t, masked, "BTCChainConfigs")
+
+	// should not contain endpoint
+	require.NotContains(t, masked, "http")
+}