diff --git a/api/default_networks_test.go b/api/default_networks_test.go index aff947ce301..5000df2664b 100644 --- a/api/default_networks_test.go +++ b/api/default_networks_test.go @@ -60,16 +60,16 @@ func TestBuildDefaultNetworks(t *testing.T) { // check fallback options if strings.Contains(n.RPCURL, "infura.io") { - require.True(t, strings.Contains(n.RPCURL, infuraToken.Reveal())) + require.True(t, infuraToken.ContainedIn(n.RPCURL)) } if strings.Contains(n.FallbackURL, "grove.city") { - require.True(t, strings.Contains(n.FallbackURL, poktToken.Reveal())) + require.True(t, poktToken.ContainedIn(n.FallbackURL)) } // Check proxy providers for stageName for _, provider := range n.RpcProviders { if provider.Type == params.EmbeddedProxyProviderType { - require.Contains(t, provider.URL.Reveal(), stageName, "Proxy provider URL should contain stageName") + require.True(t, provider.URL.Contains(stageName), "Proxy provider URL should contain stageName") } } diff --git a/api/defaults.go b/api/defaults.go index 7edf6729a29..fd5792ad145 100644 --- a/api/defaults.go +++ b/api/defaults.go @@ -224,10 +224,10 @@ func buildWalletConfig(walletRequest *requests.WalletConfig, request *requests.W if !request.StatusProxyMarketPassword.Empty() { walletConfig.StatusProxyMarketPassword = request.StatusProxyMarketPassword } - if request.MarketDataProxyUser != "" { + if !request.MarketDataProxyUser.Empty() { walletConfig.MarketDataProxyConfig.User = request.MarketDataProxyUser } - if request.MarketDataProxyPassword != "" { + if !request.MarketDataProxyPassword.Empty() { walletConfig.MarketDataProxyConfig.Password = request.MarketDataProxyPassword } if request.MarketDataProxyUrl != "" { diff --git a/internal/security/sensitive_string.go b/internal/security/sensitive_string.go index 16f6c995d8e..7649580361e 100644 --- a/internal/security/sensitive_string.go +++ b/internal/security/sensitive_string.go @@ -73,6 +73,10 @@ func (s SensitiveString) Contains(substr any) bool { return strings.Contains(s.value, getValue(substr)) } +func (s SensitiveString) ContainedIn(str any) bool { + return strings.Contains(getValue(str), s.value) +} + func (s SensitiveString) Append(others ...any) SensitiveString { result := s.value for _, other := range others { @@ -112,3 +116,15 @@ func (s *SensitiveString) Scan(value interface{}) error { } return nil } + +// Equal compares a SensitiveString with another value +func (s SensitiveString) Equal(other any) bool { + switch v := other.(type) { + case string: + return s.value == v + case SensitiveString: + return s.value == v.value + default: + return false + } +} diff --git a/params/config.go b/params/config.go index 975e6e5fa10..f78c6fa3ba4 100644 --- a/params/config.go +++ b/params/config.go @@ -446,11 +446,11 @@ type WalletConfig struct { } type MarketDataProxyConfig struct { - Url string `json:"Url"` - User string `json:"User"` - Password string `json:"Password"` - FullDataRefreshInterval int `json:"FullDataRefreshInterval"` - PriceRefreshInterval int `json:"PriceRefreshInterval"` + Url string `json:"Url"` + User security.SensitiveString `json:"User"` + Password security.SensitiveString `json:"Password"` + FullDataRefreshInterval int `json:"FullDataRefreshInterval"` + PriceRefreshInterval int `json:"PriceRefreshInterval"` } // MarshalJSON custom marshalling to avoid exposing sensitive data in log, diff --git a/params/config_test.go b/params/config_test.go index af3de9108f9..87137b5ed51 100644 --- a/params/config_test.go +++ b/params/config_test.go @@ -324,5 +324,5 @@ func TestMarshalWalletConfigJSON(t *testing.T) { walletConfig = params.WalletConfig{} err = json.Unmarshal([]byte(`{"OpenseaAPIKey":"some-key"}`), &walletConfig) require.NoError(t, err) - require.Equal(t, "some-key", walletConfig.OpenseaAPIKey.Reveal()) + require.True(t, walletConfig.OpenseaAPIKey.Equal("some-key")) } diff --git a/params/network_config_test.go b/params/network_config_test.go index 1f29ebb5177..0923a314257 100644 --- a/params/network_config_test.go +++ b/params/network_config_test.go @@ -22,9 +22,9 @@ func TestRpcProvider_GetFullURL(t *testing.T) { AuthToken: security.NewSensitiveString("mytoken"), } expectedFullURL := "https://api.example.com/mytoken" - assert.Equal(t, expectedFullURL, provider.GetFullURL().Reveal()) + assert.True(t, provider.GetFullURL().Equal(expectedFullURL)) provider.AuthType = params.NoAuth expectedFullURL = "https://api.example.com" - assert.Equal(t, expectedFullURL, provider.GetFullURL().Reveal()) + assert.True(t, provider.GetFullURL().Equal(expectedFullURL)) } diff --git a/protocol/requests/create_account.go b/protocol/requests/create_account.go index 9b669c56af5..1d3f00d2162 100644 --- a/protocol/requests/create_account.go +++ b/protocol/requests/create_account.go @@ -117,9 +117,9 @@ type WalletSecretsConfig struct { StatusProxyMarketUser security.SensitiveString `json:"statusProxyMarketUser"` StatusProxyMarketPassword security.SensitiveString `json:"statusProxyMarketPassword"` - MarketDataProxyUrl string `json:"marketDataProxyUrl"` - MarketDataProxyUser string `json:"marketDataProxyUser"` - MarketDataProxyPassword string `json:"marketDataProxyPassword"` + MarketDataProxyUrl string `json:"marketDataProxyUrl"` + MarketDataProxyUser security.SensitiveString `json:"marketDataProxyUser"` + MarketDataProxyPassword security.SensitiveString `json:"marketDataProxyPassword"` // FIXME: remove when EthRpcProxy* is integrated StatusProxyBlockchainUser security.SensitiveString `json:"statusProxyBlockchainUser"` StatusProxyBlockchainPassword security.SensitiveString `json:"statusProxyBlockchainPassword"` diff --git a/services/wallet/leaderboard/config.go b/services/wallet/leaderboard/config.go index 56581ced6f3..572074a2019 100644 --- a/services/wallet/leaderboard/config.go +++ b/services/wallet/leaderboard/config.go @@ -3,6 +3,8 @@ package leaderboard import ( "time" + "github.com/status-im/status-go/internal/security" + "github.com/status-im/status-go/params" ) @@ -15,8 +17,8 @@ const ( type ServiceConfig struct { // API connection settings ProxyURL string - User string - Password string + User security.SensitiveString + Password security.SensitiveString // Refresh intervals (in seconds) FullDataInterval time.Duration diff --git a/services/wallet/leaderboard/config_test.go b/services/wallet/leaderboard/config_test.go index 450fdf41860..3f9ad5e2f26 100644 --- a/services/wallet/leaderboard/config_test.go +++ b/services/wallet/leaderboard/config_test.go @@ -4,6 +4,8 @@ import ( "testing" "time" + "github.com/status-im/status-go/internal/security" + "github.com/stretchr/testify/require" "github.com/status-im/status-go/params" @@ -14,8 +16,8 @@ func TestServiceConfigValidate(t *testing.T) { // Zero intervals config := NewLeaderbordConfig(params.MarketDataProxyConfig{ Url: "https://example.com", - User: "user", - Password: "pass", + User: security.NewSensitiveString("user"), + Password: security.NewSensitiveString("pass"), FullDataRefreshInterval: 0, PriceRefreshInterval: 0, }) @@ -23,8 +25,8 @@ func TestServiceConfigValidate(t *testing.T) { require.Equal(t, defaultFullDataInterval, config.FullDataInterval) require.Equal(t, defaultPriceUpdateInterval, config.PriceUpdateInterval) require.Equal(t, "https://example.com", config.ProxyURL) - require.Equal(t, "user", config.User) - require.Equal(t, "pass", config.Password) + require.True(t, config.User.Equal("user")) + require.True(t, config.Password.Equal("pass")) require.Equal(t, true, config.AllowGzip) require.Equal(t, true, config.AllowETag) } @@ -33,8 +35,8 @@ func TestServiceConfigValidate(t *testing.T) { // Negative intervals config := NewLeaderbordConfig(params.MarketDataProxyConfig{ Url: "https://example.com", - User: "user", - Password: "pass", + User: security.NewSensitiveString("user"), + Password: security.NewSensitiveString("pass"), FullDataRefreshInterval: -5, PriceRefreshInterval: -5, }) @@ -42,8 +44,8 @@ func TestServiceConfigValidate(t *testing.T) { require.Equal(t, defaultFullDataInterval, config.FullDataInterval) require.Equal(t, defaultPriceUpdateInterval, config.PriceUpdateInterval) require.Equal(t, "https://example.com", config.ProxyURL) - require.Equal(t, "user", config.User) - require.Equal(t, "pass", config.Password) + require.True(t, config.User.Equal("user")) + require.True(t, config.Password.Equal("pass")) require.Equal(t, true, config.AllowGzip) require.Equal(t, true, config.AllowETag) } @@ -52,8 +54,8 @@ func TestServiceConfigValidate(t *testing.T) { // Custom intervals config := NewLeaderbordConfig(params.MarketDataProxyConfig{ Url: "https://example.com", - User: "user", - Password: "pass", + User: security.NewSensitiveString("user"), + Password: security.NewSensitiveString("pass"), FullDataRefreshInterval: 50, PriceRefreshInterval: 65, }) @@ -61,8 +63,8 @@ func TestServiceConfigValidate(t *testing.T) { require.Equal(t, 50*time.Second, config.FullDataInterval) require.Equal(t, 65*time.Second, config.PriceUpdateInterval) require.Equal(t, "https://example.com", config.ProxyURL) - require.Equal(t, "user", config.User) - require.Equal(t, "pass", config.Password) + require.True(t, config.User.Equal("user")) + require.True(t, config.Password.Equal("pass")) require.Equal(t, true, config.AllowGzip) require.Equal(t, true, config.AllowETag) } diff --git a/services/wallet/leaderboard/fetcher.go b/services/wallet/leaderboard/fetcher.go index 50098f6d2e1..3dd7eac1ef5 100644 --- a/services/wallet/leaderboard/fetcher.go +++ b/services/wallet/leaderboard/fetcher.go @@ -6,8 +6,6 @@ import ( "sync" "time" - "github.com/status-im/status-go/internal/security" - "go.uber.org/zap" "github.com/status-im/status-go/common" @@ -217,8 +215,8 @@ func (f *ProxyFetcher) fetchData(ctx context.Context, endpoint string, etag stri } options = append(options, thirdparty.WithCredentials(&thirdparty.BasicCreds{ - User: security.NewSensitiveString(f.config.User), - Password: security.NewSensitiveString(f.config.Password), + User: f.config.User, + Password: f.config.Password, })) body, newEtag, err := f.client.DoGetRequestWithEtag(ctx, url, nil, etag, options...)