feat_: use SensitiveString in WalletConfig

api/backend_test.go

@@ -43,6 +43,8 @@ import (
 	"github.com/status-im/status-go/t/helpers"
 	"github.com/status-im/status-go/t/utils"
 	"github.com/status-im/status-go/walletdatabase"
+	"github.com/status-im/status-go/internal/security"
+	"github.com/brianvoe/gofakeit/v6"
 )
 
 var (
@@ -1515,20 +1517,24 @@ func TestSetFleet(t *testing.T) {
 	require.NoError(t, b.Logout())
 }
 
+func fakeToken() security.SensitiveString {
+	return security.NewSensitiveString(gofakeit.LetterN(10))
+}
+
 func TestWalletConfigOnLoginAccount(t *testing.T) {
 	utils.Init()
 	password := "some-password2" // nolint: goconst
 	tmpdir := t.TempDir()
-	poktToken := "grove-token"    // nolint: goconst
-	infuraToken := "infura-token" // nolint: goconst
-	alchemyEthereumMainnetToken := "alchemy-ethereum-mainnet-token"
-	alchemyEthereumSepoliaToken := "alchemy-ethereum-sepolia-token"
-	alchemyArbitrumMainnetToken := "alchemy-arbitrum-mainnet-token"
-	alchemyArbitrumSepoliaToken := "alchemy-arbitrum-sepolia-token"
-	alchemyOptimismMainnetToken := "alchemy-optimism-mainnet-token"
-	alchemyOptimismSepoliaToken := "alchemy-optimism-sepolia-token"
-	raribleMainnetAPIKey := "rarible-mainnet-api-key" // nolint: gosec
-	raribleTestnetAPIKey := "rarible-testnet-api-key" // nolint: gosec
+	poktToken := "grove-token" // nolint: goconst
+	infuraToken := fakeToken()
+	alchemyEthereumMainnetToken := fakeToken()
+	alchemyEthereumSepoliaToken := fakeToken()
+	alchemyArbitrumMainnetToken := fakeToken()
+	alchemyArbitrumSepoliaToken := fakeToken()
+	alchemyOptimismMainnetToken := fakeToken()
+	alchemyOptimismSepoliaToken := fakeToken()
+	raribleMainnetAPIKey := fakeToken()
+	raribleTestnetAPIKey := fakeToken()
 
 	b := NewGethStatusBackend(tt.MustCreateTestLogger())
 	createAccountRequest := &requests.CreateAccount{

api/default_networks.go

@@ -7,6 +7,7 @@ import (
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/status-im/status-go/params"
 	"github.com/status-im/status-go/protocol/requests"
+	"github.com/status-im/status-go/internal/security"
 )
 
 const (
@@ -26,12 +27,12 @@ func mainnet(stageName string) params.Network {
 	return params.Network{
 		ChainID:                mainnetChainID,
 		ChainName:              "Mainnet",
-		DefaultRPCURL:          fmt.Sprintf("https://%s.api.status.im/nodefleet/ethereum/mainnet/", stageName),
-		DefaultFallbackURL:     fmt.Sprintf("https://%s.api.status.im/infura/ethereum/mainnet/", stageName),
-		DefaultFallbackURL2:    fmt.Sprintf("https://%s.api.status.im/grove/ethereum/mainnet/", stageName),
-		RPCURL:                 "https://mainnet.infura.io/v3/",
-		FallbackURL:            "https://eth-archival.rpc.grove.city/v1/",
-		BlockExplorerURL:       "https://etherscan.io/",
+		DefaultRPCURL:          security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/nodefleet/ethereum/mainnet/", stageName)),
+		DefaultFallbackURL:     security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/infura/ethereum/mainnet/", stageName)),
+		DefaultFallbackURL2:    security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/grove/ethereum/mainnet/", stageName)),
+		RPCURL:                 security.NewSensitiveString("https://mainnet.infura.io/v3/"),
+		FallbackURL:            security.NewSensitiveString("https://eth-archival.rpc.grove.city/v1/"),
+		BlockExplorerURL:       security.NewSensitiveString("https://etherscan.io/"),
 		IconURL:                "network/Network=Ethereum",
 		ChainColor:             "#627EEA",
 		ShortName:              "eth",
@@ -49,12 +50,12 @@ func sepolia(stageName string) params.Network {
 	return params.Network{
 		ChainID:                sepoliaChainID,
 		ChainName:              "Mainnet",
-		DefaultRPCURL:          fmt.Sprintf("https://%s.api.status.im/nodefleet/ethereum/sepolia/", stageName),
-		DefaultFallbackURL:     fmt.Sprintf("https://%s.api.status.im/infura/ethereum/sepolia/", stageName),
-		DefaultFallbackURL2:    fmt.Sprintf("https://%s.api.status.im/grove/ethereum/sepolia/", stageName),
-		RPCURL:                 "https://sepolia.infura.io/v3/",
-		FallbackURL:            "https://sepolia-archival.rpc.grove.city/v1/",
-		BlockExplorerURL:       "https://sepolia.etherscan.io/",
+		DefaultRPCURL:          security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/nodefleet/ethereum/sepolia/", stageName)),
+		DefaultFallbackURL:     security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/infura/ethereum/sepolia/", stageName)),
+		DefaultFallbackURL2:    security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/grove/ethereum/sepolia/", stageName)),
+		RPCURL:                 security.NewSensitiveString("https://sepolia.infura.io/v3/"),
+		FallbackURL:            security.NewSensitiveString("https://sepolia-archival.rpc.grove.city/v1/"),
+		BlockExplorerURL:       security.NewSensitiveString("https://sepolia.etherscan.io/"),
 		IconURL:                "network/Network=Ethereum",
 		ChainColor:             "#627EEA",
 		ShortName:              "eth",
@@ -72,12 +73,12 @@ func optimism(stageName string) params.Network {
 	return params.Network{
 		ChainID:                optimismChainID,
 		ChainName:              "Optimism",
-		DefaultRPCURL:          fmt.Sprintf("https://%s.api.status.im/nodefleet/optimism/mainnet/", stageName),
-		DefaultFallbackURL:     fmt.Sprintf("https://%s.api.status.im/infura/optimism/mainnet/", stageName),
-		DefaultFallbackURL2:    fmt.Sprintf("https://%s.api.status.im/grove/optimism/mainnet/", stageName),
-		RPCURL:                 "https://optimism-mainnet.infura.io/v3/",
-		FallbackURL:            "https://optimism-archival.rpc.grove.city/v1/",
-		BlockExplorerURL:       "https://optimistic.etherscan.io",
+		DefaultRPCURL:          security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/nodefleet/optimism/mainnet/", stageName)),
+		DefaultFallbackURL:     security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/infura/optimism/mainnet/", stageName)),
+		DefaultFallbackURL2:    security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/grove/optimism/mainnet/", stageName)),
+		RPCURL:                 security.NewSensitiveString("https://optimism-mainnet.infura.io/v3/"),
+		FallbackURL:            security.NewSensitiveString("https://optimism-archival.rpc.grove.city/v1/"),
+		BlockExplorerURL:       security.NewSensitiveString("https://optimistic.etherscan.io"),
 		IconURL:                "network/Network=Optimism",
 		ChainColor:             "#E90101",
 		ShortName:              "oeth",
@@ -95,12 +96,12 @@ func optimismSepolia(stageName string) params.Network {
 	return params.Network{
 		ChainID:                optimismSepoliaChainID,
 		ChainName:              "Optimism",
-		DefaultRPCURL:          fmt.Sprintf("https://%s.api.status.im/nodefleet/optimism/sepolia/", stageName),
-		DefaultFallbackURL:     fmt.Sprintf("https://%s.api.status.im/infura/optimism/sepolia/", stageName),
-		DefaultFallbackURL2:    fmt.Sprintf("https://%s.api.status.im/grove/optimism/sepolia/", stageName),
-		RPCURL:                 "https://optimism-sepolia.infura.io/v3/",
-		FallbackURL:            "https://optimism-sepolia-archival.rpc.grove.city/v1/",
-		BlockExplorerURL:       "https://sepolia-optimism.etherscan.io/",
+		DefaultRPCURL:          security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/nodefleet/optimism/sepolia/", stageName)),
+		DefaultFallbackURL:     security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/infura/optimism/sepolia/", stageName)),
+		DefaultFallbackURL2:    security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/grove/optimism/sepolia/", stageName)),
+		RPCURL:                 security.NewSensitiveString("https://optimism-sepolia.infura.io/v3/"),
+		FallbackURL:            security.NewSensitiveString("https://optimism-sepolia-archival.rpc.grove.city/v1/"),
+		BlockExplorerURL:       security.NewSensitiveString("https://sepolia-optimism.etherscan.io/"),
 		IconURL:                "network/Network=Optimism",
 		ChainColor:             "#E90101",
 		ShortName:              "oeth",
@@ -118,12 +119,12 @@ func arbitrum(stageName string) params.Network {
 	return params.Network{
 		ChainID:                arbitrumChainID,
 		ChainName:              "Arbitrum",
-		DefaultRPCURL:          fmt.Sprintf("https://%s.api.status.im/nodefleet/arbitrum/mainnet/", stageName),
-		DefaultFallbackURL:     fmt.Sprintf("https://%s.api.status.im/infura/arbitrum/mainnet/", stageName),
-		DefaultFallbackURL2:    fmt.Sprintf("https://%s.api.status.im/grove/arbitrum/mainnet/", stageName),
-		RPCURL:                 "https://arbitrum-mainnet.infura.io/v3/",
-		FallbackURL:            "https://arbitrum-one.rpc.grove.city/v1/",
-		BlockExplorerURL:       "https://arbiscan.io/",
+		DefaultRPCURL:          security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/nodefleet/arbitrum/mainnet/", stageName)),
+		DefaultFallbackURL:     security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/infura/arbitrum/mainnet/", stageName)),
+		DefaultFallbackURL2:    security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/grove/arbitrum/mainnet/", stageName)),
+		RPCURL:                 security.NewSensitiveString("https://arbitrum-mainnet.infura.io/v3/"),
+		FallbackURL:            security.NewSensitiveString("https://arbitrum-one.rpc.grove.city/v1/"),
+		BlockExplorerURL:       security.NewSensitiveString("https://arbiscan.io/"),
 		IconURL:                "network/Network=Arbitrum",
 		ChainColor:             "#51D0F0",
 		ShortName:              "arb1",
@@ -141,12 +142,12 @@ func arbitrumSepolia(stageName string) params.Network {
 	return params.Network{
 		ChainID:                arbitrumSepoliaChainID,
 		ChainName:              "Arbitrum",
-		DefaultRPCURL:          fmt.Sprintf("https://%s.api.status.im/nodefleet/arbitrum/sepolia/", stageName),
-		DefaultFallbackURL:     fmt.Sprintf("https://%s.api.status.im/infura/arbitrum/sepolia/", stageName),
-		DefaultFallbackURL2:    fmt.Sprintf("https://%s.api.status.im/grove/arbitrum/sepolia/", stageName),
-		RPCURL:                 "https://arbitrum-sepolia.infura.io/v3/",
-		FallbackURL:            "https://arbitrum-sepolia-archival.rpc.grove.city/v1/",
-		BlockExplorerURL:       "https://sepolia-explorer.arbitrum.io/",
+		DefaultRPCURL:          security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/nodefleet/arbitrum/sepolia/", stageName)),
+		DefaultFallbackURL:     security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/infura/arbitrum/sepolia/", stageName)),
+		DefaultFallbackURL2:    security.NewSensitiveString(fmt.Sprintf("https://%s.api.status.im/grove/arbitrum/sepolia/", stageName)),
+		RPCURL:                 security.NewSensitiveString("https://arbitrum-sepolia.infura.io/v3/"),
+		FallbackURL:            security.NewSensitiveString("https://arbitrum-sepolia-archival.rpc.grove.city/v1/"),
+		BlockExplorerURL:       security.NewSensitiveString("https://sepolia-explorer.arbitrum.io/"),
 		IconURL:                "network/Network=Arbitrum",
 		ChainColor:             "#51D0F0",
 		ShortName:              "arb1",
@@ -185,13 +186,15 @@ func setRPCs(networks []params.Network, request *requests.WalletSecretsConfig) [
 		grove  = "grove.city/"
 	)
 
-	appendToken := func(url string) string {
-		if strings.Contains(url, infura) && request.InfuraToken != "" {
-			return url + request.InfuraToken
-		} else if strings.Contains(url, grove) && request.PoktToken != "" {
-			return url + request.PoktToken
+	appendToken := func(url security.SensitiveString) security.SensitiveString {
+		urlRevealed := url.Reveal()
+		switch {
+		case strings.Contains(urlRevealed, infura) && !request.InfuraToken.Empty():
+			urlRevealed += request.InfuraToken.Reveal()
+		case strings.Contains(urlRevealed, grove) && !request.PoktToken.Empty():
+			urlRevealed += request.PoktToken.Reveal()
 		}
-		return url
+		return security.NewSensitiveString(urlRevealed)
 	}
 
 	for _, n := range networks {
@@ -201,7 +204,7 @@ func setRPCs(networks []params.Network, request *requests.WalletSecretsConfig) [
 		n.RPCURL = appendToken(n.RPCURL)
 		n.FallbackURL = appendToken(n.FallbackURL)
 
-		if request.GanacheURL != "" {
+		if !request.GanacheURL.Empty() {
 			n.RPCURL = request.GanacheURL
 			n.FallbackURL = request.GanacheURL
 			if n.ChainID == mainnetChainID {

api/defaults.go

@@ -15,6 +15,7 @@ import (
 	"github.com/status-im/status-go/protocol/identity/alias"
 	"github.com/status-im/status-go/protocol/protobuf"
 	"github.com/status-im/status-go/protocol/requests"
+	"github.com/status-im/status-go/internal/security"
 )
 
 const (
@@ -170,61 +171,61 @@ func SetFleet(fleet string, nodeConfig *params.NodeConfig) error {
 func buildWalletConfig(request *requests.WalletSecretsConfig, statusProxyEnabled bool) params.WalletConfig {
 	walletConfig := params.WalletConfig{
 		Enabled:        true,
-		AlchemyAPIKeys: make(map[uint64]string),
+		AlchemyAPIKeys: make(map[uint64]security.SensitiveString),
 	}
 
 	if request.StatusProxyStageName != "" {
 		walletConfig.StatusProxyStageName = request.StatusProxyStageName
 	}
 
-	if request.OpenseaAPIKey != "" {
+	if !request.OpenseaAPIKey.Empty() {
 		walletConfig.OpenseaAPIKey = request.OpenseaAPIKey
 	}
 
-	if request.RaribleMainnetAPIKey != "" {
+	if !request.RaribleMainnetAPIKey.Empty() {
 		walletConfig.RaribleMainnetAPIKey = request.RaribleMainnetAPIKey
 	}
 
-	if request.RaribleTestnetAPIKey != "" {
+	if !request.RaribleTestnetAPIKey.Empty() {
 		walletConfig.RaribleTestnetAPIKey = request.RaribleTestnetAPIKey
 	}
 
-	if request.InfuraToken != "" {
+	if !request.InfuraToken.Empty() {
 		walletConfig.InfuraAPIKey = request.InfuraToken
 	}
 
-	if request.InfuraSecret != "" {
+	if !request.InfuraSecret.Empty() {
 		walletConfig.InfuraAPIKeySecret = request.InfuraSecret
 	}
 
-	if request.AlchemyEthereumMainnetToken != "" {
+	if !request.AlchemyEthereumMainnetToken.Empty() {
 		walletConfig.AlchemyAPIKeys[mainnetChainID] = request.AlchemyEthereumMainnetToken
 	}
-	if request.AlchemyEthereumSepoliaToken != "" {
+	if !request.AlchemyEthereumSepoliaToken.Empty() {
 		walletConfig.AlchemyAPIKeys[sepoliaChainID] = request.AlchemyEthereumSepoliaToken
 	}
-	if request.AlchemyArbitrumMainnetToken != "" {
+	if !request.AlchemyArbitrumMainnetToken.Empty() {
 		walletConfig.AlchemyAPIKeys[arbitrumChainID] = request.AlchemyArbitrumMainnetToken
 	}
-	if request.AlchemyArbitrumSepoliaToken != "" {
+	if !request.AlchemyArbitrumSepoliaToken.Empty() {
 		walletConfig.AlchemyAPIKeys[arbitrumSepoliaChainID] = request.AlchemyArbitrumSepoliaToken
 	}
-	if request.AlchemyOptimismMainnetToken != "" {
+	if !request.AlchemyOptimismMainnetToken.Empty() {
 		walletConfig.AlchemyAPIKeys[optimismChainID] = request.AlchemyOptimismMainnetToken
 	}
-	if request.AlchemyOptimismSepoliaToken != "" {
+	if !request.AlchemyOptimismSepoliaToken.Empty() {
 		walletConfig.AlchemyAPIKeys[optimismSepoliaChainID] = request.AlchemyOptimismSepoliaToken
 	}
-	if request.StatusProxyMarketUser != "" {
+	if !request.StatusProxyMarketUser.Empty() {
 		walletConfig.StatusProxyMarketUser = request.StatusProxyMarketUser
 	}
-	if request.StatusProxyMarketPassword != "" {
+	if !request.StatusProxyMarketPassword.Empty() {
 		walletConfig.StatusProxyMarketPassword = request.StatusProxyMarketPassword
 	}
-	if request.StatusProxyBlockchainUser != "" {
+	if !request.StatusProxyBlockchainUser.Empty() {
 		walletConfig.StatusProxyBlockchainUser = request.StatusProxyBlockchainUser
 	}
-	if request.StatusProxyBlockchainPassword != "" {
+	if !request.StatusProxyBlockchainPassword.Empty() {
 		walletConfig.StatusProxyBlockchainPassword = request.StatusProxyBlockchainPassword
 	}
 

internal/security/sensitive_string.go

@@ -2,6 +2,7 @@ package security
 
 import (
 	"encoding/json"
+	"fmt"
 )
 
 const RedactionPlaceholder = "***"
@@ -20,6 +21,11 @@ func NewSensitiveString(value string) SensitiveString {
 	return SensitiveString{value: value}
 }
 
+func NewSensitiveStringPrintf(format string, args ...interface{}) SensitiveString {
+	str := fmt.Sprintf(format, args...)
+	return NewSensitiveString(str)
+}
+
 // String provides a redacted version of the sensitive string
 func (s SensitiveString) String() string {
 	if s.value == "" {

internal/security/sensitive_string_test.go

@@ -64,3 +64,10 @@ func TestCopySensitiveString(t *testing.T) {
 	sCopy := s
 	require.Equal(t, secretValue, sCopy.Reveal())
 }
+
+func TestCopySensitiveString(t *testing.T) {
+	secretValue := gofakeit.LetterN(10)
+	s := NewSensitiveString(secretValue)
+	sCopy := s
+	require.Equal(t, secretValue, sCopy.Reveal())
+}