Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve: Suppress RPC provider key from error messages #1037

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

improve: Suppress RPC provider key from error messages #1037

wants to merge 6 commits into from
+19 −8

Conversation

pxrl
Copy link
Contributor

@pxrl pxrl commented Oct 24, 2023

No description provided.

pxrl
pxrl commented Oct 24, 2023
View reviewed changes
src/utils/ProviderUtils.ts
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fwiw I am surprised how many instances we had of this in the code 🤔

nicholaspai
nicholaspai approved these changes Oct 24, 2023
View reviewed changes
Copy link
Member

@nicholaspai nicholaspai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

damn nice catch...

@nicholaspai
Copy link
Member

damn nice catch...

Wish we could add a linting rule to prevent this somehow

@james-a-morris any ideas?

@pxrl pxrl force-pushed the pxrl/rpcKey branch 2 times, most recently from dcad519 to b50a0ba Compare October 24, 2023 15:50
@mrice32
Copy link
Contributor

mrice32 commented Oct 24, 2023

damn nice catch...

Wish we could add a linting rule to prevent this somehow

@james-a-morris any ideas?

Good idea on linting this!

james-a-morris
james-a-morris reviewed Oct 25, 2023
View reviewed changes
src/utils/ProviderUtils.ts
Comment on lines +77 to +79
function getProviderHostname(provider: ethers.providers.StaticJsonRpcProvider): string {
return new URL(provider.connection.url).hostname;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have getOriginFromUrl( ) - should we introduce this second one? We can probably overload or make a similar function called getOriginFromProvider(provider: ...)

james-a-morris
james-a-morris reviewed Oct 25, 2023
View reviewed changes
src/utils/ProviderUtils.ts
// @dev To avoid accidentally leaking RPC keys in log messages, resolve the RPC provider hostname
// centrally. There should be no instances of `provider.connection.url` in log messages or errors.
function getProviderHostname(provider: ethers.providers.StaticJsonRpcProvider): string {
return new URL(provider.connection.url).hostname;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The hostname will clip away the network protocol & potential port. Using origin will futureproof us if we ever want to intermingle differing protocols or separate ports on the same host.

@james-a-morris
Copy link
Contributor

james-a-morris commented Oct 25, 2023
edited
Loading

damn nice catch...

Wish we could add a linting rule to prevent this somehow
@james-a-morris any ideas?

Good idea on linting this!

cc @mrice32 @pxrl RE: #1038

I think we should put all usages to connection.url in one file that's separated from ProviderUtils.ts - a file where we accept the usage of referencing provider.connection.url. I've created a CI check so that we can isolate these calls and fail if they are referenced.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@james-a-morris james-a-morris james-a-morris left review comments

@nicholaspai nicholaspai nicholaspai approved these changes

@mrice32 mrice32 mrice32 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pxrl @nicholaspai @mrice32 @james-a-morris