Skip to content

chore_: use sensitive string in MarketDataProxyConfig #6592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

chore_: use sensitive string in MarketDataProxyConfig #6592

wants to merge 3 commits into from
+52 −34

Conversation

@qfrank
Copy link
Contributor

@qfrank qfrank commented May 20, 2025
edited
Loading

Pls review by commit :)

@qfrank qfrank requested a review from igor-sirotin May 20, 2025 07:46
@qfrank qfrank self-assigned this May 20, 2025
@qfrank qfrank requested review from Cuteivist and friofry as code owners May 20, 2025 07:46
@status-im-auto
Copy link
Member

status-im-auto commented May 20, 2025
edited
Loading

Jenkins Builds

Click to see older builds (9)
Commit #️⃣ Finished (UTC) Duration Platform Result
✔️ 6421acb #1 2025-05-20 07:50:17 ~3 min android 📦aar
✔️ 6421acb #1 2025-05-20 07:50:39 ~3 min ios 📦zip
✔️ 6421acb #1 2025-05-20 07:52:39 ~5 min macos 📦zip
✔️ 6421acb #1 2025-05-20 07:52:51 ~5 min windows 📦zip
✔️ 6421acb #1 2025-05-20 07:53:09 ~6 min macos 📦zip
✔️ 6421acb #1 2025-05-20 07:53:10 ~6 min linux 📦zip
✖️ 6421acb #1 2025-05-20 07:57:54 ~10 min tests-rpc 📄log
✔️ 6421acb #2 2025-05-20 08:18:04 ~11 min tests-rpc 📄log
✖️ 6421acb #1 2025-05-20 08:23:17 ~36 min tests 📄log
Commit #️⃣ Finished (UTC) Duration Platform Result
✔️ 9699ee8 #2 2025-05-20 08:12:23 ~2 min android 📦aar
✔️ 9699ee8 #2 2025-05-20 08:12:39 ~3 min ios 📦zip
✔️ 9699ee8 #2 2025-05-20 08:14:10 ~4 min windows 📦zip
✔️ 9699ee8 #2 2025-05-20 08:14:16 ~4 min macos 📦zip
✔️ 9699ee8 #2 2025-05-20 08:14:49 ~5 min linux 📦zip
✔️ 9699ee8 #2 2025-05-20 08:15:00 ~5 min macos 📦zip
✖️ 9699ee8 #3 2025-05-20 08:28:56 ~10 min tests-rpc 📄log
✖️ 9699ee8 #2 2025-05-20 08:58:44 ~35 min tests 📄log
✔️ 92e25bc #3 2025-05-20 08:30:03 ~2 min ios 📦zip
✔️ 92e25bc #3 2025-05-20 08:30:20 ~3 min android 📦aar
✔️ 92e25bc #3 2025-05-20 08:31:30 ~4 min windows 📦zip
✔️ 92e25bc #3 2025-05-20 08:31:42 ~4 min macos 📦zip
✔️ 92e25bc #3 2025-05-20 08:32:21 ~5 min linux 📦zip
✔️ 92e25bc #3 2025-05-20 08:32:33 ~5 min macos 📦zip
✔️ 92e25bc #4 2025-05-20 08:39:26 ~10 min tests-rpc 📄log
✖️ 92e25bc #3 2025-05-20 09:09:59 ~10 min tests 📄log

igor-sirotin
igor-sirotin requested changes May 20, 2025
View reviewed changes
Copy link
Collaborator

@igor-sirotin igor-sirotin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The MarketDataProxyConfig changes look good to me 👍

But I'm against bloating SensitiveString type with lots of sugar methods. Please keep it slim and simple 🙏 Or convince me that I'm wrong 😄

internal/security/sensitive_string.go
Comment on lines +76 to +79
func (s SensitiveString) ContainedIn(str any) bool {
return strings.Contains(getValue(str), s.value)
}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is exactly why I was against adding TrimRight method. We will automatically start adding a ton of other methods, which are implemented in strings and other standard libraries.

It is absolutely fine to use strings.Contains("text", secret.Reveal()).

Think of single responsibility. SensitiveString should not implement each and every method for all use cases. It should remain as slim as possible, providing just 1 feature: keep strings secret until explicitly revealed.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same about Equal method.
And especially if they're only used in tests!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@igor-sirotin igor-sirotin igor-sirotin requested changes

@Cuteivist Cuteivist Awaiting requested review from Cuteivist

@friofry friofry Awaiting requested review from friofry friofry is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

@qfrank qfrank

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@qfrank @status-im-auto @igor-sirotin