Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: remove sensitive info from broadcast files #4730

Closed
1 of 2 tasks
mds1 opened this issue Apr 13, 2023 · 0 comments · Fixed by #4892
Closed
1 of 2 tasks

bug: remove sensitive info from broadcast files #4730

mds1 opened this issue Apr 13, 2023 · 0 comments · Fixed by #4892
Labels
C-forge Command: forge Cmd-forge-script Command: forge script T-bug Type: bug

Comments

@mds1
Copy link
Collaborator

mds1 commented Apr 13, 2023

Component

Forge

Have you ensured that all of these are up to date?

  • Foundry
  • Foundryup

What version of Foundry are you on?

No response

What command(s) is the bug in?

forge script

Operating System

None

Describe the bug

Broadcast artifacts are intended to be committed so that deployment history can live in a repo, but they currently contain two things that make committing them problematic:

  1. The full RPC URL, which exposes API keys, etc.
  2. The full, absolute path to the user's project / broadcast file

The RPC URL is required for --resume on multi-chain deployments, so we should consider moving it to a different dedicated file that gets written to e.g. the cache folder? (since it's gitignored by default). I'm guessing the full absolute path is there for a similar reason (maybe @joshieDo can confirm) in which case we can use the same solution there
@mds1 mds1 added T-bug Type: bug C-forge Command: forge Cmd-forge-script Command: forge script labels Apr 13, 2023
@mds1 mds1 mentioned this issue Apr 13, 2023
Closed
@gakonst gakonst added this to Foundry Apr 13, 2023
@github-project-automation github-project-automation bot moved this to Todo in Foundry Apr 13, 2023
This was referenced Apr 13, 2023
Closed
Open
devanoneth added a commit to devanoneth/foundry that referenced this issue May 7, 2023
@devanoneth
fix(foundry-rs#4730): remove sensitive info from broadcast files
41d5f93
@devanoneth devanoneth mentioned this issue May 7, 2023
Merged
mattsse pushed a commit that referenced this issue May 18, 2023
@devanoneth
fix(forge): sensitive broadcast logs (#4892)
b294694 
* fix(#4730): remove sensitive info from broadcast files

* fix check_broadcast_log test

* cargo fmt

* improve test for sensitive broadcast logs

* use iter_mut over map and check tx.hash is some value

* load paths back into ScriptSequence and store rpc based on index

* address comments - rename structs, add message for sensitive path
@github-project-automation github-project-automation bot moved this from Todo to Done in Foundry May 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-forge Command: forge Cmd-forge-script Command: forge script T-bug Type: bug
Projects
Foundry
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(forge): sensitive broadcast logs devanoneth/foundry
1 participant
@mds1