From 1b23e969da315ab2e8738d32b5fd0e2068f99358 Mon Sep 17 00:00:00 2001 From: Charlie Chen Date: Tue, 17 Sep 2024 14:57:19 -0500 Subject: [PATCH] use go-mask to mask sensitive information in zetaclient config file --- cmd/zetaclientd/start.go | 2 +- cmd/zetaclientd/start_utils.go | 33 --------------------------------- go.mod | 1 + go.sum | 2 ++ zetaclient/config/types.go | 29 +++++++++++++++++++++-------- zetaclient/config/types_test.go | 16 ++++++++++++++++ 6 files changed, 41 insertions(+), 42 deletions(-) diff --git a/cmd/zetaclientd/start.go b/cmd/zetaclientd/start.go index e7d823c3bb..c46cfc4f3a 100644 --- a/cmd/zetaclientd/start.go +++ b/cmd/zetaclientd/start.go @@ -154,7 +154,7 @@ func start(_ *cobra.Command, _ []string) error { return err } - startLogger.Info().Msgf("Config is updated from zetacore %s", maskCfg(cfg)) + startLogger.Info().Msgf("Config is updated from zetacore\n %s", cfg.StringMasked()) go zetacoreClient.UpdateAppContextWorker(ctx, appContext) diff --git a/cmd/zetaclientd/start_utils.go b/cmd/zetaclientd/start_utils.go index 0a36ee25d4..df80814bb8 100644 --- a/cmd/zetaclientd/start_utils.go +++ b/cmd/zetaclientd/start_utils.go @@ -51,36 +51,3 @@ func validatePeer(seedPeer string) error { return nil } - -// maskCfg sensitive fields are masked, currently only the endpoints and bitcoin credentials, -// -// other fields can be added. -func maskCfg(cfg config.Config) string { - // Make a copy of the config - maskedCfg := cfg - - // Mask EVM endpoints - maskedCfg.EVMChainConfigs = map[int64]config.EVMConfig{} - for key, val := range cfg.EVMChainConfigs { - maskedCfg.EVMChainConfigs[key] = config.EVMConfig{ - Chain: val.Chain, - Endpoint: "", - } - } - - // Mask BTC endpoints and credentials - maskedCfg.BTCChainConfigs = map[int64]config.BTCConfig{} - for key, val := range cfg.BTCChainConfigs { - maskedCfg.BTCChainConfigs[key] = config.BTCConfig{ - RPCParams: val.RPCParams, - } - } - maskedCfg.BitcoinConfig = config.BTCConfig{ - RPCParams: cfg.BitcoinConfig.RPCParams, - } - - // Mask Solana endpoint - maskedCfg.SolanaConfig.Endpoint = "" - - return maskedCfg.String() -} diff --git a/go.mod b/go.mod index d237f56929..7dd5a40f3d 100644 --- a/go.mod +++ b/go.mod @@ -337,6 +337,7 @@ require ( require ( github.com/oasisprotocol/curve25519-voi v0.0.0-20220328075252-7dd334e3daae // indirect + github.com/showa-93/go-mask v0.6.2 // indirect github.com/snksoft/crc v1.1.0 // indirect github.com/tonkeeper/tongo v1.9.3 // indirect ) diff --git a/go.sum b/go.sum index 441cdb09db..b31bb3d573 100644 --- a/go.sum +++ b/go.sum @@ -1433,6 +1433,8 @@ github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible h1 github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/showa-93/go-mask v0.6.2 h1:sJEUQRpbxUoMTfBKey5K9hCg+eSx5KIAZFT7pa1LXbM= +github.com/showa-93/go-mask v0.6.2/go.mod h1:aswIj007gm0EPAzOGES9ACy1jDm3QT08/LPSClMp410= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= diff --git a/zetaclient/config/types.go b/zetaclient/config/types.go index a2df79dedd..b9a889272a 100644 --- a/zetaclient/config/types.go +++ b/zetaclient/config/types.go @@ -5,6 +5,8 @@ import ( "strings" "sync" + "github.com/showa-93/go-mask" + "github.com/zeta-chain/node/pkg/chains" ) @@ -38,23 +40,23 @@ type ClientConfiguration struct { // EVMConfig is the config for EVM chain type EVMConfig struct { Chain chains.Chain - Endpoint string + Endpoint string `mask:"filled"` RPCAlertLatency int64 } // BTCConfig is the config for Bitcoin chain type BTCConfig struct { // the following are rpcclient ConnConfig fields - RPCUsername string - RPCPassword string - RPCHost string + RPCUsername string `mask:"filled"` + RPCPassword string `mask:"filled"` + RPCHost string `mask:"filled"` RPCParams string // "regtest", "mainnet", "testnet3" , "signet" RPCAlertLatency int64 } // SolanaConfig is the config for Solana chain type SolanaConfig struct { - Endpoint string + Endpoint string `mask:"filled"` RPCAlertLatency int64 } @@ -147,9 +149,20 @@ func (c Config) GetSolanaConfig() (SolanaConfig, bool) { return c.SolanaConfig, c.SolanaConfig != (SolanaConfig{}) } -// String returns the string representation of the config -func (c Config) String() string { - s, err := json.MarshalIndent(c, "", "\t") +// StringMasked returns the string representation of the config with sensitive fields masked. +// Currently only the endpoints and bitcoin credentials are masked. +func (c Config) StringMasked() string { + // create a masker + masker := mask.NewMasker() + masker.RegisterMaskStringFunc(mask.MaskTypeFilled, masker.MaskFilledString) + + // mask the config + masked, err := masker.Mask(c) + if err != nil { + return "" + } + + s, err := json.MarshalIndent(masked, "", "\t") if err != nil { return "" } diff --git a/zetaclient/config/types_test.go b/zetaclient/config/types_test.go index 85ecb5842d..c57fd002e0 100644 --- a/zetaclient/config/types_test.go +++ b/zetaclient/config/types_test.go @@ -123,3 +123,19 @@ func Test_GetBTCConfig(t *testing.T) { }) } } + +func Test_StringMasked(t *testing.T) { + // create config with defaults + cfg := config.New(true) + + // mask the config JSON string + masked := cfg.StringMasked() + require.NotEmpty(t, masked) + + // should contain necessary fields + require.Contains(t, masked, "EVMChainConfigs") + require.Contains(t, masked, "BTCChainConfigs") + + // should not contain endpoint + require.NotContains(t, masked, "http") +}