From 315910f9457f129a083b51e2c3f6d0ff1b81fdc1 Mon Sep 17 00:00:00 2001 From: Ethen Date: Wed, 20 Nov 2024 16:55:09 +0700 Subject: [PATCH] fix: Hide other sensitive cfg values (#194) * fix: Hide other sensitive cfg values * fix: prettyPrintConfig hide values before marshalling * docs: add comment for why we are hiding password when marshalling * fix(makefile): run-memstore-server command missing new mandatory flags * fix: prettyPrintConfig was hiding wrong field. Change RPC->EthRpcUrl * refactor: way redis/s3 hides config details (use custom marshalling function) --------- Co-authored-by: Samuel Laferriere --- Makefile | 2 +- cmd/server/entrypoint.go | 11 +++++++---- e2e/setup.go | 1 - store/precomputed_key/redis/redis.go | 15 ++++++++++++++- store/precomputed_key/s3/s3.go | 14 ++++++++++++++ verify/verifier.go | 12 ++++++++++++ 6 files changed, 48 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 39648a68..2de9c461 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ docker-build: @docker build -t ghcr.io/layr-labs/eigenda-proxy:dev . run-memstore-server: - ./bin/eigenda-proxy --memstore.enabled + ./bin/eigenda-proxy --memstore.enabled --eigenda.cert-verification-disabled --eigenda.eth-rpc http://localhost:8545 --eigenda.svc-manager-addr 0x123 disperse-test-blob: curl -X POST -d my-blob-content http://127.0.0.1:3100/put/ diff --git a/cmd/server/entrypoint.go b/cmd/server/entrypoint.go index d269faa6..09bfdf6f 100644 --- a/cmd/server/entrypoint.go +++ b/cmd/server/entrypoint.go @@ -73,17 +73,20 @@ func StartProxySvr(cliCtx *cli.Context) error { } // TODO: we should probably just change EdaClientConfig struct definition in eigenda-client -// to have a `json:"-"` tag on the SignerPrivateKeyHex field, to prevent the privateKey from being marshaled at all func prettyPrintConfig(cliCtx *cli.Context, log log.Logger) error { // we read a new config which we modify to hide private info in order to log the rest cfg := server.ReadCLIConfig(cliCtx) - cfg.EigenDAConfig.EdaClientConfig.SignerPrivateKeyHex = "HIDDEN" - cfg.EigenDAConfig.VerifierConfig.RPCURL = "HIDDEN" + if cfg.EigenDAConfig.EdaClientConfig.SignerPrivateKeyHex != "" { + cfg.EigenDAConfig.EdaClientConfig.SignerPrivateKeyHex = "*****" // marshaling defined in client config + } + if cfg.EigenDAConfig.EdaClientConfig.EthRpcUrl != "" { + cfg.EigenDAConfig.EdaClientConfig.EthRpcUrl = "*****" // hiding as RPC providers typically use sensitive API keys within + } configJSON, err := json.MarshalIndent(cfg, "", " ") if err != nil { return fmt.Errorf("failed to marshal config: %w", err) } - log.Info(fmt.Sprintf("Initializing EigenDA proxy server with config: %v", string(configJSON))) + log.Info(fmt.Sprintf("Initializing EigenDA proxy server with config (\"*****\" fields are hidden): %v", string(configJSON))) return nil } diff --git a/e2e/setup.go b/e2e/setup.go index ecd4fb2d..7ddd5041 100644 --- a/e2e/setup.go +++ b/e2e/setup.go @@ -133,7 +133,6 @@ func createRedisConfig(eigendaCfg server.Config) server.CLIConfig { Password: "", DB: 0, Eviction: 10 * time.Minute, - Profile: true, } return server.CLIConfig{ EigenDAConfig: eigendaCfg, diff --git a/store/precomputed_key/redis/redis.go b/store/precomputed_key/redis/redis.go index 2888e776..4b30853e 100644 --- a/store/precomputed_key/redis/redis.go +++ b/store/precomputed_key/redis/redis.go @@ -2,6 +2,7 @@ package redis import ( "context" + "encoding/json" "errors" "fmt" "time" @@ -16,7 +17,19 @@ type Config struct { Password string DB int Eviction time.Duration - Profile bool +} + +// Custom MarshalJSON function to control what gets included in the JSON output. +// TODO: Probably best would be to separate config from secrets everywhere. +// Then we could just log the config and not worry about secrets. +func (c Config) MarshalJSON() ([]byte, error) { + type Alias Config // Use an alias to avoid recursion with MarshalJSON + aux := (Alias)(c) + // Conditionally include a masked password if it is set + if aux.Password != "" { + aux.Password = "*****" + } + return json.Marshal(aux) } // Store ... Redis storage backend implementation diff --git a/store/precomputed_key/s3/s3.go b/store/precomputed_key/s3/s3.go index 54a438c0..fc468192 100644 --- a/store/precomputed_key/s3/s3.go +++ b/store/precomputed_key/s3/s3.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "encoding/hex" + "encoding/json" "errors" "fmt" "io" @@ -47,6 +48,19 @@ type Config struct { Path string } +// Custom MarshalJSON function to control what gets included in the JSON output +// TODO: Probably best would be to separate config from secrets everywhere. +// Then we could just log the config and not worry about secrets. +func (c Config) MarshalJSON() ([]byte, error) { + type Alias Config // Use an alias to avoid recursion with MarshalJSON + aux := (Alias)(c) + // Conditionally include a masked password if it is set + if aux.AccessKeySecret != "" { + aux.AccessKeySecret = "*****" + } + return json.Marshal(aux) +} + // Store ... S3 store // client safe for concurrent use: https://github.com/minio/minio-go/issues/598#issuecomment-569457863 type Store struct { diff --git a/verify/verifier.go b/verify/verifier.go index b825194d..a79c9f84 100644 --- a/verify/verifier.go +++ b/verify/verifier.go @@ -2,6 +2,7 @@ package verify import ( "context" + "encoding/json" "fmt" "math/big" @@ -28,6 +29,17 @@ type Config struct { WaitForFinalization bool } +// Custom MarshalJSON function to control what gets included in the JSON output +func (c Config) MarshalJSON() ([]byte, error) { + type Alias Config // Use an alias to avoid recursion with MarshalJSON + aux := (Alias)(c) + // Conditionally include a masked password if it is set + if aux.RPCURL != "" { + aux.RPCURL = "*****" + } + return json.Marshal(aux) +} + // TODO: right now verification and confirmation depth are tightly coupled. we should decouple them type Verifier struct { // kzgVerifier is needed to commit blobs to the memstore