status-im · qfrank · May 20, 2025 · May 20, 2025 · May 20, 2025 · igor-sirotin
diff --git a/api/default_networks_test.go b/api/default_networks_test.go
@@ -60,16 +60,16 @@ func TestBuildDefaultNetworks(t *testing.T) {
 
 		// check fallback options
 		if strings.Contains(n.RPCURL, "infura.io") {
-			require.True(t, strings.Contains(n.RPCURL, infuraToken.Reveal()))
+			require.True(t, infuraToken.ContainedIn(n.RPCURL))
 		}
 		if strings.Contains(n.FallbackURL, "grove.city") {
-			require.True(t, strings.Contains(n.FallbackURL, poktToken.Reveal()))
+			require.True(t, poktToken.ContainedIn(n.FallbackURL))
 		}
 
 		// Check proxy providers for stageName
 		for _, provider := range n.RpcProviders {
 			if provider.Type == params.EmbeddedProxyProviderType {
-				require.Contains(t, provider.URL.Reveal(), stageName, "Proxy provider URL should contain stageName")
+				require.True(t, provider.URL.Contains(stageName), "Proxy provider URL should contain stageName")
 			}
 		}
 

diff --git a/api/defaults.go b/api/defaults.go
@@ -224,10 +224,10 @@ func buildWalletConfig(walletRequest *requests.WalletConfig, request *requests.W
 	if !request.StatusProxyMarketPassword.Empty() {
 		walletConfig.StatusProxyMarketPassword = request.StatusProxyMarketPassword
 	}
-	if request.MarketDataProxyUser != "" {
+	if !request.MarketDataProxyUser.Empty() {
 		walletConfig.MarketDataProxyConfig.User = request.MarketDataProxyUser
 	}
-	if request.MarketDataProxyPassword != "" {
+	if !request.MarketDataProxyPassword.Empty() {
 		walletConfig.MarketDataProxyConfig.Password = request.MarketDataProxyPassword
 	}
 	if request.MarketDataProxyUrl != "" {

diff --git a/internal/security/sensitive_string.go b/internal/security/sensitive_string.go
@@ -73,6 +73,10 @@ func (s SensitiveString) Contains(substr any) bool {
 	return strings.Contains(s.value, getValue(substr))
 }
 
+func (s SensitiveString) ContainedIn(str any) bool {
+	return strings.Contains(getValue(str), s.value)
+}
+
 func (s SensitiveString) Append(others ...any) SensitiveString {
 	result := s.value
 	for _, other := range others {
@@ -112,3 +116,15 @@ func (s *SensitiveString) Scan(value interface{}) error {
 	}
 	return nil
 }
+
+// Equal compares a SensitiveString with another value
+func (s SensitiveString) Equal(other any) bool {
+	switch v := other.(type) {
+	case string:
+		return s.value == v
+	case SensitiveString:
+		return s.value == v.value
+	default:
+		return false
+	}
+}
diff --git a/params/config.go b/params/config.go
@@ -446,11 +446,11 @@ type WalletConfig struct {
 }
 
 type MarketDataProxyConfig struct {
-	Url                     string `json:"Url"`
-	User                    string `json:"User"`
-	Password                string `json:"Password"`
-	FullDataRefreshInterval int    `json:"FullDataRefreshInterval"`
-	PriceRefreshInterval    int    `json:"PriceRefreshInterval"`
+	Url                     string                   `json:"Url"`
+	User                    security.SensitiveString `json:"User"`
+	Password                security.SensitiveString `json:"Password"`
+	FullDataRefreshInterval int                      `json:"FullDataRefreshInterval"`
+	PriceRefreshInterval    int                      `json:"PriceRefreshInterval"`
 }
 
 // MarshalJSON custom marshalling to avoid exposing sensitive data in log,

diff --git a/params/config_test.go b/params/config_test.go
@@ -324,5 +324,5 @@ func TestMarshalWalletConfigJSON(t *testing.T) {
 	walletConfig = params.WalletConfig{}
 	err = json.Unmarshal([]byte(`{"OpenseaAPIKey":"some-key"}`), &walletConfig)
 	require.NoError(t, err)
-	require.Equal(t, "some-key", walletConfig.OpenseaAPIKey.Reveal())
+	require.True(t, walletConfig.OpenseaAPIKey.Equal("some-key"))
 }
diff --git a/params/network_config_test.go b/params/network_config_test.go
@@ -22,9 +22,9 @@ func TestRpcProvider_GetFullURL(t *testing.T) {
 		AuthToken: security.NewSensitiveString("mytoken"),
 	}
 	expectedFullURL := "https://api.example.com/mytoken"
-	assert.Equal(t, expectedFullURL, provider.GetFullURL().Reveal())
+	assert.True(t, provider.GetFullURL().Equal(expectedFullURL))
 
 	provider.AuthType = params.NoAuth
 	expectedFullURL = "https://api.example.com"
-	assert.Equal(t, expectedFullURL, provider.GetFullURL().Reveal())
+	assert.True(t, provider.GetFullURL().Equal(expectedFullURL))
 }
diff --git a/protocol/requests/create_account.go b/protocol/requests/create_account.go
@@ -117,9 +117,9 @@ type WalletSecretsConfig struct {
 	StatusProxyMarketUser     security.SensitiveString `json:"statusProxyMarketUser"`
 	StatusProxyMarketPassword security.SensitiveString `json:"statusProxyMarketPassword"`
 
-	MarketDataProxyUrl      string `json:"marketDataProxyUrl"`
-	MarketDataProxyUser     string `json:"marketDataProxyUser"`
-	MarketDataProxyPassword string `json:"marketDataProxyPassword"`
+	MarketDataProxyUrl      string                   `json:"marketDataProxyUrl"`
+	MarketDataProxyUser     security.SensitiveString `json:"marketDataProxyUser"`
+	MarketDataProxyPassword security.SensitiveString `json:"marketDataProxyPassword"`
 	// FIXME: remove when EthRpcProxy* is integrated
 	StatusProxyBlockchainUser     security.SensitiveString `json:"statusProxyBlockchainUser"`
 	StatusProxyBlockchainPassword security.SensitiveString `json:"statusProxyBlockchainPassword"`

@@ -3,6 +3,8 @@ package leaderboard
 import (
 	"time"
 
+	"github.com/status-im/status-go/internal/security"
+
 	"github.com/status-im/status-go/params"
 )
 
@@ -15,8 +17,8 @@ const (
 type ServiceConfig struct {
 	// API connection settings
 	ProxyURL string
-	User     string
-	Password string
+	User     security.SensitiveString
+	Password security.SensitiveString
 
 	// Refresh intervals (in seconds)
 	FullDataInterval    time.Duration

@@ -4,6 +4,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/status-im/status-go/internal/security"
+
 	"github.com/stretchr/testify/require"
 
 	"github.com/status-im/status-go/params"
@@ -14,17 +16,17 @@ func TestServiceConfigValidate(t *testing.T) {
 		// Zero intervals
 		config := NewLeaderbordConfig(params.MarketDataProxyConfig{
 			Url:                     "https://example.com",
-			User:                    "user",
-			Password:                "pass",
+			User:                    security.NewSensitiveString("user"),
+			Password:                security.NewSensitiveString("pass"),
 			FullDataRefreshInterval: 0,
 			PriceRefreshInterval:    0,
 		})
 
 		require.Equal(t, defaultFullDataInterval, config.FullDataInterval)
 		require.Equal(t, defaultPriceUpdateInterval, config.PriceUpdateInterval)
 		require.Equal(t, "https://example.com", config.ProxyURL)
-		require.Equal(t, "user", config.User)
-		require.Equal(t, "pass", config.Password)
+		require.True(t, config.User.Equal("user"))
+		require.True(t, config.Password.Equal("pass"))
 		require.Equal(t, true, config.AllowGzip)
 		require.Equal(t, true, config.AllowETag)
 	}
@@ -33,17 +35,17 @@ func TestServiceConfigValidate(t *testing.T) {
 		// Negative intervals
 		config := NewLeaderbordConfig(params.MarketDataProxyConfig{
 			Url:                     "https://example.com",
-			User:                    "user",
-			Password:                "pass",
+			User:                    security.NewSensitiveString("user"),
+			Password:                security.NewSensitiveString("pass"),
 			FullDataRefreshInterval: -5,
 			PriceRefreshInterval:    -5,
 		})
 
 		require.Equal(t, defaultFullDataInterval, config.FullDataInterval)
 		require.Equal(t, defaultPriceUpdateInterval, config.PriceUpdateInterval)
 		require.Equal(t, "https://example.com", config.ProxyURL)
-		require.Equal(t, "user", config.User)
-		require.Equal(t, "pass", config.Password)
+		require.True(t, config.User.Equal("user"))
+		require.True(t, config.Password.Equal("pass"))
 		require.Equal(t, true, config.AllowGzip)
 		require.Equal(t, true, config.AllowETag)
 	}
@@ -52,17 +54,17 @@ func TestServiceConfigValidate(t *testing.T) {
 		// Custom intervals
 		config := NewLeaderbordConfig(params.MarketDataProxyConfig{
 			Url:                     "https://example.com",
-			User:                    "user",
-			Password:                "pass",
+			User:                    security.NewSensitiveString("user"),
+			Password:                security.NewSensitiveString("pass"),
 			FullDataRefreshInterval: 50,
 			PriceRefreshInterval:    65,
 		})
 
 		require.Equal(t, 50*time.Second, config.FullDataInterval)
 		require.Equal(t, 65*time.Second, config.PriceUpdateInterval)
 		require.Equal(t, "https://example.com", config.ProxyURL)
-		require.Equal(t, "user", config.User)
-		require.Equal(t, "pass", config.Password)
+		require.True(t, config.User.Equal("user"))
+		require.True(t, config.Password.Equal("pass"))
 		require.Equal(t, true, config.AllowGzip)
 		require.Equal(t, true, config.AllowETag)
 	}

@@ -6,8 +6,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/status-im/status-go/internal/security"
-
 	"go.uber.org/zap"
 
 	"github.com/status-im/status-go/common"
@@ -217,8 +215,8 @@ func (f *ProxyFetcher) fetchData(ctx context.Context, endpoint string, etag stri
 	}
 
 	options = append(options, thirdparty.WithCredentials(&thirdparty.BasicCreds{
-		User:     security.NewSensitiveString(f.config.User),
-		Password: security.NewSensitiveString(f.config.Password),
+		User:     f.config.User,
+		Password: f.config.Password,
 	}))
 
 	body, newEtag, err := f.client.DoGetRequestWithEtag(ctx, url, nil, etag, options...)