Add SensitiveUrl to redact user secrets from endpoints (#2326)

## Issue Addressed #2276 ## Proposed Changes Add the `SensitiveUrl` struct which wraps `Url` and implements custom `Display` and `Debug` traits to redact user secrets from being logged in eth1 endpoints, beacon node endpoints and metrics. ## Additional Info This also includes a small rewrite of the eth1 crate to make requests using `Url` instead of `&str`. Some error messages have also been changed to remove `Url` data.
2026-03-02 16:21:42 +00:00 · 2021-05-04 01:59:51 +00:00
parent 2ccb358d87
commit 4cc613d644
38 changed files with 362 additions and 143 deletions
--- a/validator_client/Cargo.toml
+++ b/validator_client/Cargo.toml
@@ -63,3 +63,4 @@ scrypt = { version = "0.5.0", default-features = false }
 lighthouse_metrics = { path = "../common/lighthouse_metrics" }
 lazy_static = "1.4.0"
 fallback = { path = "../common/fallback" }
+sensitive_url = { path = "../common/sensitive_url" }
--- a/validator_client/src/config.rs
+++ b/validator_client/src/config.rs
@@ -7,6 +7,7 @@ use directory::{
    DEFAULT_VALIDATOR_DIR,
 };
 use eth2::types::Graffiti;
+use sensitive_url::SensitiveUrl;
 use serde_derive::{Deserialize, Serialize};
 use slog::{info, warn, Logger};
 use std::fs;
@@ -26,7 +27,7 @@ pub struct Config {
    /// The http endpoints of the beacon node APIs.
    ///
    /// Should be similar to `["http://localhost:8080"]`
-    pub beacon_nodes: Vec<String>,
+    pub beacon_nodes: Vec<SensitiveUrl>,
    /// If true, the validator client will still poll for duties and produce blocks even if the
    /// beacon node is not synced at startup.
    pub allow_unsynced_beacon_node: bool,
@@ -55,10 +56,13 @@ impl Default for Config {
            .join(DEFAULT_HARDCODED_NETWORK);
        let validator_dir = base_dir.join(DEFAULT_VALIDATOR_DIR);
        let secrets_dir = base_dir.join(DEFAULT_SECRET_DIR);
+
+        let beacon_nodes = vec![SensitiveUrl::parse(DEFAULT_BEACON_NODE)
+            .expect("beacon_nodes must always be a valid url.")];
        Self {
            validator_dir,
            secrets_dir,
-            beacon_nodes: vec![DEFAULT_BEACON_NODE.to_string()],
+            beacon_nodes,
            allow_unsynced_beacon_node: false,
            disable_auto_discover: false,
            init_slashing_protection: false,
@@ -111,25 +115,31 @@ impl Config {
        }

        if let Some(beacon_nodes) = parse_optional::<String>(cli_args, "beacon-nodes")? {
-            config.beacon_nodes = beacon_nodes.as_str().split(',').map(String::from).collect()
+            config.beacon_nodes = beacon_nodes
+                .split(',')
+                .map(|s| SensitiveUrl::parse(s))
+                .collect::<Result<_, _>>()
+                .map_err(|e| format!("Unable to parse beacon node URL: {:?}", e))?;
        }
        // To be deprecated.
-        else if let Some(beacon_node) = parse_optional(cli_args, "beacon-node")? {
+        else if let Some(beacon_node) = parse_optional::<String>(cli_args, "beacon-node")? {
            warn!(
                log,
                "The --beacon-node flag is deprecated";
                "msg" => "please use --beacon-nodes instead"
            );
-            config.beacon_nodes = vec![beacon_node];
+            config.beacon_nodes = vec![SensitiveUrl::parse(&beacon_node)
+                .map_err(|e| format!("Unable to parse beacon node URL: {:?}", e))?];
        }
        // To be deprecated.
-        else if let Some(server) = parse_optional(cli_args, "server")? {
+        else if let Some(server) = parse_optional::<String>(cli_args, "server")? {
            warn!(
                log,
                "The --server flag is deprecated";
                "msg" => "please use --beacon-nodes instead"
            );
-            config.beacon_nodes = vec![server];
+            config.beacon_nodes = vec![SensitiveUrl::parse(&server)
+                .map_err(|e| format!("Unable to parse beacon node URL: {:?}", e))?];
        }

        if cli_args.is_present("delete-lockfiles") {
@@ -227,3 +237,14 @@ impl Config {
        Ok(config)
    }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    // Ensures the default config does not panic.
+    fn default_config() {
+        Config::default();
+    }
+}
--- a/validator_client/src/fork_service.rs
+++ b/validator_client/src/fork_service.rs
@@ -84,7 +84,7 @@ impl<E: EthSpec> ForkServiceBuilder<slot_clock::TestingSlotClock, E> {
            std::time::Duration::from_secs(42),
        );
        let candidates = vec![CandidateBeaconNode::new(eth2::BeaconNodeHttpClient::new(
-            eth2::Url::parse("http://127.0.0.1").unwrap(),
+            sensitive_url::SensitiveUrl::parse("http://127.0.0.1").unwrap(),
        ))];
        let mut beacon_nodes = BeaconNodeFallback::new(candidates, spec, log.clone());
        beacon_nodes.set_slot_clock(slot_clock);
--- a/validator_client/src/http_api/tests.rs
+++ b/validator_client/src/http_api/tests.rs
@@ -11,12 +11,10 @@ use account_utils::{
 };
 use deposit_contract::decode_eth1_tx_data;
 use environment::null_logger;
-use eth2::{
-    lighthouse_vc::{http_client::ValidatorClientHttpClient, types::*},
-    Url,
-};
+use eth2::lighthouse_vc::{http_client::ValidatorClientHttpClient, types::*};
 use eth2_keystore::KeystoreBuilder;
 use parking_lot::RwLock;
+use sensitive_url::SensitiveUrl;
 use slashing_protection::{SlashingDatabase, SLASHING_PROTECTION_FILENAME};
 use slot_clock::TestingSlotClock;
 use std::marker::PhantomData;
@@ -33,7 +31,7 @@ type E = MainnetEthSpec;
 struct ApiTester {
    client: ValidatorClientHttpClient,
    initialized_validators: Arc<RwLock<InitializedValidators>>,
-    url: Url,
+    url: SensitiveUrl,
    _server_shutdown: oneshot::Sender<()>,
    _validator_dir: TempDir,
 }
@@ -117,7 +115,7 @@ impl ApiTester {

        tokio::spawn(async { server.await });

-        let url = Url::parse(&format!(
+        let url = SensitiveUrl::parse(&format!(
            "http://{}:{}",
            listening_socket.ip(),
            listening_socket.port()
--- a/validator_client/src/lib.rs
+++ b/validator_client/src/lib.rs
@@ -28,7 +28,7 @@ use clap::ArgMatches;
 use duties_service::DutiesService;
 use environment::RuntimeContext;
 use eth2::types::StateId;
-use eth2::{reqwest::ClientBuilder, BeaconNodeHttpClient, StatusCode, Url};
+use eth2::{reqwest::ClientBuilder, BeaconNodeHttpClient, StatusCode};
 use fork_service::{ForkService, ForkServiceBuilder};
 use http_api::ApiSecret;
 use initialized_validators::InitializedValidators;
@@ -209,13 +209,9 @@ impl<T: EthSpec> ProductionValidatorClient<T> {
                })?;
        }

-        let beacon_node_urls: Vec<Url> = config
+        let beacon_nodes: Vec<BeaconNodeHttpClient> = config
            .beacon_nodes
-            .iter()
-            .map(|s| s.parse())
-            .collect::<Result<_, _>>()
-            .map_err(|e| format!("Unable to parse beacon node URL: {:?}", e))?;
-        let beacon_nodes: Vec<BeaconNodeHttpClient> = beacon_node_urls
+            .clone()
            .into_iter()
            .map(|url| {
                let beacon_node_http_client = ClientBuilder::new()