Skip to content

feat: add superstruct.sensitive#577

Open
ccharly wants to merge 5 commits into
mainfrom
cc/feat/superstruct-sensitive
Open

feat: add superstruct.sensitive#577
ccharly wants to merge 5 commits into
mainfrom
cc/feat/superstruct-sensitive

Conversation

@ccharly

@ccharly ccharly commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Adding a new superstruct "decorator" to mark a field as "sensitive" this way, it never gets logged by mistake in superstruct error messages.

Requires:


Note

Medium Risk
Touches private-key export validation and error reporting; the change reduces leakage risk but depends on superstruct redaction behaving correctly everywhere errors are logged.

Overview
Adopts @metamask/superstruct 3.4.0 and its new sensitive() decorator across the keyring packages so marked fields are redacted in StructError output.

In keyring-api, PrivateKeyExportedAccountStruct.privateKey is changed from string() to sensitive(string()), so failed validation no longer leaks the raw key in error.value, error.message, or failure.branch. New unit tests in private-key.test.ts lock in that behavior for invalid privateKey values and when a sibling field (e.g. encoding) fails.

Reviewed by Cursor Bugbot for commit 69d4cd8. Bugbot is set up for automated code reviews on this repo. Configure here.

@ccharly ccharly marked this pull request as ready for review June 25, 2026 13:19
@ccharly ccharly requested a review from a team as a code owner June 25, 2026 13:19
Comment thread eslint.config.mjs Outdated
Comment thread eslint.config.mjs Outdated
* The private key of the exported account.
*/
privateKey: string(),
privateKey: sensitive(string()),

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since it's marked as sensitive AND that we use our object struct, this field will never be display in validation/error messages from superstruct.

@ccharly ccharly force-pushed the cc/feat/superstruct-sensitive branch from 8cc422c to fffcf37 Compare July 15, 2026 14:12
@socket-security

socket-security Bot commented Jul 15, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​metamask/​superstruct@​3.3.0 ⏵ 3.4.0100 +110010093 +4100

View full report

@ccharly ccharly enabled auto-merge July 15, 2026 15:56
@ccharly ccharly disabled auto-merge July 15, 2026 17:31
Comment thread packages/keyring-api/CHANGELOG.md Outdated
@hmalik88

Copy link
Copy Markdown
Contributor

Can we also add sensitive to the privateKey field in CreateAccountPrivateKeyOptionsStruct:

Co-authored-by: Hassan Malik <41640681+hmalik88@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants