fix: Hide other sensitive cfg values #194
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
samlaf
reviewed
Oct 26, 2024
| configJSON, err := json.MarshalIndent(cfg, "", " ") | ||
| if err != nil { | ||
| return fmt.Errorf("failed to marshal config: %w", err) | ||
| } | ||
| cfg.EigenDAConfig.EdaClientConfig.SignerPrivateKeyHex = "" // marshaling defined in client config |
There was a problem hiding this comment.
Why did you move this after the marshaling? Like this it doesn’t do anything
There was a problem hiding this comment.
it does actually - the SignerPrivateKey is stored as part of the EigenDAClientConfig which is defined within layr-labs/eigenda
There was a problem hiding this comment.
The log line below is
log.Info(fmt.Sprintf("Initializing EigenDA proxy server with config: %v", string(configJSON)))
which prints the already marshalled config. So changing the fields of cfg here above doesn't do anything.
samlaf
reviewed
Oct 26, 2024
| Eviction time.Duration | ||
| Profile bool | ||
| Endpoint string `json:"endpoint"` | ||
| Password string `json:"-"` |
There was a problem hiding this comment.
Thought about this approach some more and not sure I like it, for a few reasons:
- if some future developer ever wants to marshal AND unmarshal the config for whatever reason he will run into a bug (can fix this by defining a custom marshalJSONHideSecrets function instead)
- this will print empty string, so reader won’t know if password field was hidden or just never set (we can fix this by using omitempty json tag)
Could look something like this (Claude generated so beware):
package main
import (
"encoding/json"
"fmt"
"time"
)
type Config struct {
Endpoint string `json:"endpoint"`
Password string `json:"password,omitempty"`
DB int `json:"database"`
Eviction time.Duration `json:"eviction"`
}
// Custom MarshalJSON function to control what gets included in the JSON output
func (c Config) MarshalJSON() ([]byte, error) {
type Alias Config // Use an alias to avoid recursion with MarshalJSON
aux := struct {
Alias
Password string `json:"password,omitempty"`
}{
Alias: (Alias)(c),
Password: "",
}
// Conditionally include a masked password if it is set
if c.Password != "" {
aux.Password = "****" // Mask the password instead of excluding it
}
return json.Marshal(aux)
}
func main() {
cfg := Config{
Endpoint: "localhost:6379",
Password: "supersecret",
DB: 0,
Eviction: time.Hour,
}
jsonData, _ := json.MarshalIndent(cfg, "", " ")
fmt.Println(string(jsonData))
}
Maybe also use a separate Marshal function to not change the default marshaling behavior?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes Issue
Fixes #176
Changes proposed
Screenshots (Optional)
Note to reviewers