PR: #31 (feat/06-chainprovider-ws)
File: crates/charon-scanner/src/provider.rs
Lines: 33, 38-40
Problem: config.ws_url interpolated verbatim at two sites:
- Line 33:
debug!(... url = %config.ws_url, ...) — emitted to log sink on every boot.
- Lines 38-40:
format!("... to {}", config.ws_url) — included in anyhow error chain, surfacing in logs + panic messages.
BSC endpoints from NodeReal / Ankr / QuickNode embed API key in URL path (e.g. wss://bsc-mainnet.nodereal.io/ws/v1/<API_KEY>). Both sites print raw key.
Impact: Any log aggregator (Loki / Grafana / CloudWatch) or crash report captures bearer token in plaintext.
Fix: Add redact helper, replace both sites:
fn redact_url(url: &str) -> String {
match url.rfind('/') {
Some(i) => format!("{}/<redacted>", &url[..i]),
None => "<redacted>".to_string(),
}
}
debug!(chain = %name, url = %redact_url(&config.ws_url), "connecting ws provider");
format!("chain '{name}': failed to connect over ws to {}", redact_url(&config.ws_url))
PR: #31 (feat/06-chainprovider-ws)
File: crates/charon-scanner/src/provider.rs
Lines: 33, 38-40
Problem:
config.ws_urlinterpolated verbatim at two sites:debug!(... url = %config.ws_url, ...)— emitted to log sink on every boot.format!("... to {}", config.ws_url)— included in anyhow error chain, surfacing in logs + panic messages.BSC endpoints from NodeReal / Ankr / QuickNode embed API key in URL path (e.g.
wss://bsc-mainnet.nodereal.io/ws/v1/<API_KEY>). Both sites print raw key.Impact: Any log aggregator (Loki / Grafana / CloudWatch) or crash report captures bearer token in plaintext.
Fix: Add redact helper, replace both sites: