Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(scan): Stop logging viewing keys in the config #8064

Merged
merged 1 commit into from
Dec 6, 2023
Merged

fix(scan): Stop logging viewing keys in the config #8064

merged 1 commit into from
Dec 6, 2023

Conversation

teor2345
Copy link
Contributor

@teor2345 teor2345 commented Dec 6, 2023

Motivation

The default Debug impl will log viewing keys when Zebra starts up, but we don't want private keys in the log.

PR Author Checklist

Check before marking the PR as ready for review:

  • Will the PR name make sense to users?
  • Does the PR have a priority label?
  • Have you added or updated tests?
  • Is the documentation up to date?

If a checkbox isn't relevant to the PR, mark it as done.

Solution

Just log the number of keys instead.

Testing

I tested this manually by running zebrad with the shielded-scan feature and the zecpages key in the config.

Review

This is a lower priority security fix, but it should still be done before the release.

Reviewer Checklist

Check before approving the PR:

  • Does the PR scope match the ticket?
  • Are there enough tests to make sure it works? Do the tests cover the PR motivation?
  • Are all the PR blockers dealt with?
    PR blockers can be dealt with in new tickets or PRs.

And check the PR Author checklist is complete.

@teor2345 teor2345 added P-Medium ⚡ C-security Category: Security issues I-privacy Zebra discloses private information A-blockchain-scanner Area: Blockchain scanner of shielded transactions labels Dec 6, 2023
@teor2345 teor2345 self-assigned this Dec 6, 2023
@teor2345 teor2345 requested a review from a team as a code owner December 6, 2023 01:44
@teor2345 teor2345 requested review from upbqdn and removed request for a team December 6, 2023 01:44
@teor2345
Copy link
Contributor Author

teor2345 commented Dec 6, 2023

The startup log now looks like:

2023-12-06T01:44:55.270477Z INFO zebrad::application: loaded zebrad config config_path=Some("/Users/hyper/Library/Preferences/zebrad.toml") config=ZebradConfig { consensus: Config { checkpoint_sync: true }, metrics: Config { endpoint_addr: None }, network: Config { listen_addr: 0.0.0.0:8233, network: Mainnet, initial_mainnet_peers: {"dnsseed.z.cash:8233", "dnsseed.str4d.xyz:8233", "mainnet.seeder.zfnd.org:8233", "mainnet.is.yolo.money:8233"}, initial_testnet_peers: {"dnsseed.testnet.z.cash:18233", "testnet.seeder.zfnd.org:18233", "testnet.is.yolo.money:18233"}, cache_dir: IsEnabled(true), peerset_initial_target_size: 25, crawl_new_peer_interval: 61s, max_connections_per_ip: 1 }, state: Config { cache_dir: "/Users/hyper/Library/Caches/zebra", ephemeral: false, delete_old_database: true, debug_stop_at_height: None, debug_validity_check_interval: None }, tracing: Config { inner: InnerConfig { use_color: true, force_use_color: false, filter: None, buffer_limit: 128000, endpoint_addr: None, flamegraph: None, progress_bar: None, log_file: None, use_journald: false } }, sync: Config { download_concurrency_limit: 50, checkpoint_verify_concurrency_limit: 1000, full_verify_concurrency_limit: 20, parallel_cpu_threads: 0 }, mempool: Config { tx_cost_limit: 80000000, eviction_memory_time: 3600s, debug_enable_at_height: None }, rpc: Config { listen_addr: None, parallel_cpu_threads: 1, debug_force_finished_sync: false }, mining: Config { miner_address: None, extra_coinbase_data: None, debug_like_zcashd: true }, shielded_scan: Config { sapling_keys_to_scan: 1, db_config: Config { cache_dir: "/Users/hyper/Library/Caches/zebra", ephemeral: false, delete_old_database: true, debug_stop_at_height: None, debug_validity_check_interval: None } } }

The fixed part is:

shielded_scan: Config { sapling_keys_to_scan: 1, db_config: Config { cache_dir: "/Users/hyper/Library/Caches/zebra", ephemeral: false, delete_old_database: true, debug_stop_at_height: None, debug_validity_check_interval: None } }

mergify bot added a commit that referenced this pull request Dec 6, 2023
@mergify
Merge of #8064
449df54
@mergify mergify bot mentioned this pull request Dec 6, 2023
Closed
@teor2345
Copy link
Contributor Author

teor2345 commented Dec 6, 2023

Failed in the merge queue due to #7898

@teor2345
Copy link
Contributor Author

teor2345 commented Dec 6, 2023

@Mergifyio refresh

@mergify Mergify
Copy link
Contributor

mergify bot commented Dec 6, 2023

refresh

✅ Pull request refreshed

mergify bot added a commit that referenced this pull request Dec 6, 2023
@mergify
Merge of #8064
65b5dd7
@mergify mergify bot mentioned this pull request Dec 6, 2023
Closed
@mergify mergify bot merged commit e692b94 into main Dec 6, 2023
128 checks passed
@mergify mergify bot deleted the dont-log-vks branch December 6, 2023 21:58
@mpguerra mpguerra linked an issue Dec 11, 2023 that may be closed by this pull request
Check if any of the security issues are blockers for the MVP, and document the remaining security issues #8049
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@upbqdn upbqdn upbqdn approved these changes

Assignees

@teor2345 teor2345

Labels
A-blockchain-scanner Area: Blockchain scanner of shielded transactions C-security Category: Security issues I-privacy Zebra discloses private information
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check if any of the security issues are blockers for the MVP, and document the remaining security issues
2 participants
@teor2345 @upbqdn