Skip to content

Commit

Permalink
fix: redact RPC URLs in traces if URL is passed in directly (#9077)
Browse files Browse the repository at this point in the history 
redact RPC urls if string is a URL, not an alias
  • Loading branch information
@zerosnacks
zerosnacks authored Oct 9, 2024
1 parent 97ce8c3 commit 1465e39
Showing 1 changed file with 293 additions and 1 deletion.
294 changes: 293 additions & 1 deletion crates/evm/traces/src/decoder/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -516,6 +516,24 @@ impl CallTraceDecoder {
Some(decoded.iter().map(format_token).collect())
}
}
"createFork" |
"createSelectFork" |
"rpc" => {
let mut decoded = func.abi_decode_input(&data[SELECTOR_LEN..], false).ok()?;

// Redact RPC URL except if referenced by an alias
if !decoded.is_empty() && func.inputs[0].ty == "string" {
let url_or_alias = decoded[0].as_str().unwrap_or_default();

if url_or_alias.starts_with("http") || url_or_alias.starts_with("ws") {
decoded[0] = DynSolValue::String("<rpc url>".to_string());
}
} else {
return None;
}

Some(decoded.iter().map(format_token).collect())
}
_ => None,
}
}
Expand Down Expand Up @@ -558,6 +576,7 @@ impl CallTraceDecoder {
"promptSecret" | "promptSecretUint" => Some("<secret>"),
"parseJson" if self.verbosity < 5 => Some("<encoded JSON value>"),
"readFile" if self.verbosity < 5 => Some("<file>"),
"rpcUrl" | "rpcUrls" | "rpcUrlStructs" => Some("<rpc url>"),
_ => None,
}
.map(Into::into)
Expand Down Expand Up @@ -670,7 +689,7 @@ mod tests {
use alloy_primitives::hex;

#[test]
fn test_should_redact_pk() {
fn test_should_redact() {
let decoder = CallTraceDecoder::new();

// [function_signature, data, expected]
Expand Down Expand Up @@ -726,13 +745,286 @@ mod tests {
.to_string(),
]),
),
(
// cast calldata "createFork(string)" "https://eth-mainnet.g.alchemy.com/v2/api_key"
"createFork(string)",
hex!(
"
31ba3498
0000000000000000000000000000000000000000000000000000000000000020
000000000000000000000000000000000000000000000000000000000000002c
68747470733a2f2f6574682d6d61696e6e65742e672e616c6368656d792e636f
6d2f76322f6170695f6b65790000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec!["\"<rpc url>\"".to_string()]),
),
(
// cast calldata "createFork(string)" "wss://eth-mainnet.g.alchemy.com/v2/api_key"
"createFork(string)",
hex!(
"
31ba3498
0000000000000000000000000000000000000000000000000000000000000020
000000000000000000000000000000000000000000000000000000000000002a
7773733a2f2f6574682d6d61696e6e65742e672e616c6368656d792e636f6d2f
76322f6170695f6b657900000000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec!["\"<rpc url>\"".to_string()]),
),
(
// cast calldata "createFork(string)" "mainnet"
"createFork(string)",
hex!(
"
31ba3498
0000000000000000000000000000000000000000000000000000000000000020
0000000000000000000000000000000000000000000000000000000000000007
6d61696e6e657400000000000000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec!["\"mainnet\"".to_string()]),
),
(
// cast calldata "createFork(string,uint256)" "https://eth-mainnet.g.alchemy.com/v2/api_key" 1
"createFork(string,uint256)",
hex!(
"
6ba3ba2b
0000000000000000000000000000000000000000000000000000000000000040
0000000000000000000000000000000000000000000000000000000000000001
000000000000000000000000000000000000000000000000000000000000002c
68747470733a2f2f6574682d6d61696e6e65742e672e616c6368656d792e636f
6d2f76322f6170695f6b65790000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec!["\"<rpc url>\"".to_string(), "1".to_string()]),
),
(
// cast calldata "createFork(string,uint256)" "mainnet" 1
"createFork(string,uint256)",
hex!(
"
6ba3ba2b
0000000000000000000000000000000000000000000000000000000000000040
0000000000000000000000000000000000000000000000000000000000000001
0000000000000000000000000000000000000000000000000000000000000007
6d61696e6e657400000000000000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec!["\"mainnet\"".to_string(), "1".to_string()]),
),
(
// cast calldata "createFork(string,bytes32)" "https://eth-mainnet.g.alchemy.com/v2/api_key" 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
"createFork(string,bytes32)",
hex!(
"
7ca29682
0000000000000000000000000000000000000000000000000000000000000040
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
000000000000000000000000000000000000000000000000000000000000002c
68747470733a2f2f6574682d6d61696e6e65742e672e616c6368656d792e636f
6d2f76322f6170695f6b65790000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec![
"\"<rpc url>\"".to_string(),
"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
.to_string(),
]),
),
(
// cast calldata "createFork(string,bytes32)" "mainnet"
// 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
"createFork(string,bytes32)",
hex!(
"
7ca29682
0000000000000000000000000000000000000000000000000000000000000040
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
0000000000000000000000000000000000000000000000000000000000000007
6d61696e6e657400000000000000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec![
"\"mainnet\"".to_string(),
"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
.to_string(),
]),
),
(
// cast calldata "createSelectFork(string)" "https://eth-mainnet.g.alchemy.com/v2/api_key"
"createSelectFork(string)",
hex!(
"
98680034
0000000000000000000000000000000000000000000000000000000000000020
000000000000000000000000000000000000000000000000000000000000002c
68747470733a2f2f6574682d6d61696e6e65742e672e616c6368656d792e636f
6d2f76322f6170695f6b65790000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec!["\"<rpc url>\"".to_string()]),
),
(
// cast calldata "createSelectFork(string)" "mainnet"
"createSelectFork(string)",
hex!(
"
98680034
0000000000000000000000000000000000000000000000000000000000000020
0000000000000000000000000000000000000000000000000000000000000007
6d61696e6e657400000000000000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec!["\"mainnet\"".to_string()]),
),
(
// cast calldata "createSelectFork(string,uint256)" "https://eth-mainnet.g.alchemy.com/v2/api_key" 1
"createSelectFork(string,uint256)",
hex!(
"
71ee464d
0000000000000000000000000000000000000000000000000000000000000040
0000000000000000000000000000000000000000000000000000000000000001
000000000000000000000000000000000000000000000000000000000000002c
68747470733a2f2f6574682d6d61696e6e65742e672e616c6368656d792e636f
6d2f76322f6170695f6b65790000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec!["\"<rpc url>\"".to_string(), "1".to_string()]),
),
(
// cast calldata "createSelectFork(string,uint256)" "mainnet" 1
"createSelectFork(string,uint256)",
hex!(
"
71ee464d
0000000000000000000000000000000000000000000000000000000000000040
0000000000000000000000000000000000000000000000000000000000000001
0000000000000000000000000000000000000000000000000000000000000007
6d61696e6e657400000000000000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec!["\"mainnet\"".to_string(), "1".to_string()]),
),
(
// cast calldata "createSelectFork(string,bytes32)" "https://eth-mainnet.g.alchemy.com/v2/api_key" 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
"createSelectFork(string,bytes32)",
hex!(
"
84d52b7a
0000000000000000000000000000000000000000000000000000000000000040
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
000000000000000000000000000000000000000000000000000000000000002c
68747470733a2f2f6574682d6d61696e6e65742e672e616c6368656d792e636f
6d2f76322f6170695f6b65790000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec![
"\"<rpc url>\"".to_string(),
"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
.to_string(),
]),
),
(
// cast calldata "createSelectFork(string,bytes32)" "mainnet"
// 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
"createSelectFork(string,bytes32)",
hex!(
"
84d52b7a
0000000000000000000000000000000000000000000000000000000000000040
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
0000000000000000000000000000000000000000000000000000000000000007
6d61696e6e657400000000000000000000000000000000000000000000000000
"
)
.to_vec(),
Some(vec![
"\"mainnet\"".to_string(),
"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
.to_string(),
]),
),
(
// cast calldata "rpc(string,string,string)" "https://eth-mainnet.g.alchemy.com/v2/api_key" "eth_getBalance" "[\"0x551e7784778ef8e048e495df49f2614f84a4f1dc\",\"0x0\"]"
"rpc(string,string,string)",
hex!(
"
0199a220
0000000000000000000000000000000000000000000000000000000000000060
00000000000000000000000000000000000000000000000000000000000000c0
0000000000000000000000000000000000000000000000000000000000000100
000000000000000000000000000000000000000000000000000000000000002c
68747470733a2f2f6574682d6d61696e6e65742e672e616c6368656d792e636f
6d2f76322f6170695f6b65790000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000e
6574685f67657442616c616e6365000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000034
5b22307835353165373738343737386566386530343865343935646634396632
363134663834613466316463222c22307830225d000000000000000000000000
"
)
.to_vec(),
Some(vec![
"\"<rpc url>\"".to_string(),
"\"eth_getBalance\"".to_string(),
"\"[\\\"0x551e7784778ef8e048e495df49f2614f84a4f1dc\\\",\\\"0x0\\\"]\""
.to_string(),
]),
),
(
// cast calldata "rpc(string,string,string)" "mainnet" "eth_getBalance"
// "[\"0x551e7784778ef8e048e495df49f2614f84a4f1dc\",\"0x0\"]"
"rpc(string,string,string)",
hex!(
"
0199a220
0000000000000000000000000000000000000000000000000000000000000060
00000000000000000000000000000000000000000000000000000000000000a0
00000000000000000000000000000000000000000000000000000000000000e0
0000000000000000000000000000000000000000000000000000000000000007
6d61696e6e657400000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000e
6574685f67657442616c616e6365000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000034
5b22307835353165373738343737386566386530343865343935646634396632
363134663834613466316463222c22307830225d000000000000000000000000
"
)
.to_vec(),
Some(vec![
"\"mainnet\"".to_string(),
"\"eth_getBalance\"".to_string(),
"\"[\\\"0x551e7784778ef8e048e495df49f2614f84a4f1dc\\\",\\\"0x0\\\"]\""
.to_string(),
]),
),
];

// [function_signature, expected]
let cheatcode_output_test_cases = vec![
// Should redact private key on output in all cases:
("createWallet(string)", Some("<pk>".to_string())),
("deriveKey(string,uint32)", Some("<pk>".to_string())),
// Should redact RPC URL if defined, except if referenced by an alias:
("rpcUrl(string)", Some("<rpc url>".to_string())),
("rpcUrls()", Some("<rpc url>".to_string())),
("rpcUrlStructs()", Some("<rpc url>".to_string())),
];

for (function_signature, data, expected) in cheatcode_input_test_cases {
Expand Down

0 comments on commit 1465e39

Please sign in to comment.