Skip to content

feat: add superstruct.sensitive#577

Open
ccharly wants to merge 4 commits into
mainfrom
cc/feat/superstruct-sensitive
Open

feat: add superstruct.sensitive#577
ccharly wants to merge 4 commits into
mainfrom
cc/feat/superstruct-sensitive

Conversation

@ccharly

@ccharly ccharly commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Adding a new superstruct "decorator" to mark a field as "sensitive" this way, it never gets logged by mistake in superstruct error messages.

Requires:


Note

Medium Risk
Changes how private-key material appears in validation errors (security-sensitive), but behavior is narrowly scoped to struct validation/redaction with explicit tests and no export signing logic changes.

Overview
Adopts @metamask/superstruct 3.4.0 and wraps privateKey in PrivateKeyExportedAccountStruct with sensitive(string()), so failed assert / validation on export-account payloads redacts the key (e.g. ***) in error messages and failure branches instead of echoing the raw value.

The same superstruct bump is applied across keyring workspace packages (lockfile included). New unit tests in private-key.test.ts cover valid payloads, invalid privateKey, and sibling-field failures where the key must not appear in StructError output.

Reviewed by Cursor Bugbot for commit 2ddcfbc. Bugbot is set up for automated code reviews on this repo. Configure here.

@ccharly ccharly marked this pull request as ready for review June 25, 2026 13:19
@ccharly ccharly requested a review from a team as a code owner June 25, 2026 13:19
Comment thread eslint.config.mjs Outdated
Comment thread eslint.config.mjs Outdated
* The private key of the exported account.
*/
privateKey: string(),
privateKey: sensitive(string()),

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since it's marked as sensitive AND that we use our object struct, this field will never be display in validation/error messages from superstruct.

@ccharly ccharly force-pushed the cc/feat/superstruct-sensitive branch from 8cc422c to fffcf37 Compare July 15, 2026 14:12
@socket-security

socket-security Bot commented Jul 15, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​metamask/​superstruct@​3.3.0 ⏵ 3.4.0100 +110010093 +4100

View full report

@ccharly ccharly enabled auto-merge July 15, 2026 15:56
@ccharly ccharly disabled auto-merge July 15, 2026 17:31
### Changed

- Use `sensitive` struct for `privateKey` in `PrivateKeyExportedAccountStruct` ([#577](https://github.com/MetaMask/accounts/pull/577))
- This make sure the private key value is always redacted in case of validation errors.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- This make sure the private key value is always redacted in case of validation errors.
- This ensures the private key value is always redacted in case of validation errors.

@hmalik88

Copy link
Copy Markdown
Contributor

Can we also add sensitive to the privateKey field in CreateAccountPrivateKeyOptionsStruct:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants