feat: Implement request logging functionality

[qfrank]

Key changes:

1. In requestlog/request_log.go:

   • Introduces functions to create, enable/disable, and manage request logging
   • Adds atomic operations for thread-safe logging control

2. In mobile/init_logging_test.go:

   • Adds a test suite for the new logging functionality
   • Verifies the creation and enabling of log files
   • Tests the request logging in conjunction with account creation and settings retrieval

The main features added are:

• Request logger creation and management
• Atomic operations for thread-safe logging control
• File-based logging with rotation
• Integration with existing logging systems
• Test coverage for the new functionality

These changes enhance the project's logging capabilities, particularly for request operations, which can be crucial for debugging and monitoring in Ethereum-based applications.

relate mobile issue
relate mobile PR
relate go-ethereum PR

[status-im-auto]

Jenkins Builds

Click to see older builds (159)

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✖️	f0c58d0	#1	2024-09-09 07:54:14	~1 min	tests	📄log
✔️	f0c58d0	#1	2024-09-09 07:55:31	~2 min	tests-rpc	📄log
✔️	f0c58d0	#1	2024-09-09 07:57:03	~3 min	linux	📦zip
✔️	f0c58d0	#1	2024-09-09 07:58:21	~5 min	android	📦aar
✔️	f0c58d0	#1	2024-09-09 08:00:23	~7 min	ios	📦zip
✔️	5303f36	#2	2024-09-09 07:58:53	~1 min	tests-rpc	📄log
✖️	5303f36	#2	2024-09-09 07:58:53	~1 min	tests	📄log
✔️	5303f36	#2	2024-09-09 07:59:43	~1 min	linux	📦zip
✔️	5303f36	#2	2024-09-09 08:00:18	~1 min	android	📦aar
✔️	5303f36	#2	2024-09-09 08:06:27	~5 min	ios	📦zip
✔️	81abc0d	#3	2024-09-09 08:23:58	~2 min	linux	📦zip
✖️	81abc0d	#3	2024-09-09 08:24:15	~2 min	tests	📄log
✔️	81abc0d	#3	2024-09-09 08:24:24	~2 min	tests-rpc	📄log
✔️	81abc0d	#3	2024-09-09 08:27:15	~5 min	android	📦aar
✔️	81abc0d	#3	2024-09-09 08:27:33	~5 min	ios	📦zip
✔️	e2b6b17	#4	2024-09-09 08:47:18	~1 min	android	📦aar
✔️	e2b6b17	#4	2024-09-09 08:47:48	~1 min	linux	📦zip
✔️	e2b6b17	#4	2024-09-09 08:48:08	~2 min	tests-rpc	📄log
✔️	e2b6b17	#4	2024-09-09 08:51:02	~5 min	ios	📦zip
✔️	e2b6b17	#4	2024-09-09 09:17:20	~31 min	tests	📄log
✔️	dc057c3	#5	2024-09-10 09:15:05	~2 min	tests-rpc	📄log
✔️	dc057c3	#5	2024-09-10 09:15:11	~2 min	android	📦aar
✖️	dc057c3	#5	2024-09-10 09:15:17	~2 min	tests	📄log
✔️	dc057c3	#5	2024-09-10 09:16:35	~3 min	ios	📦zip
✔️	dc057c3	#5	2024-09-10 09:16:52	~3 min	linux	📦zip
✔️	f813e55	#6	2024-09-10 09:37:52	~2 min	tests-rpc	📄log
✔️	f813e55	#6	2024-09-10 09:39:32	~4 min	linux	📦zip
✔️	f813e55	#6	2024-09-10 09:40:26	~5 min	android	📦aar
✔️	f813e55	#6	2024-09-10 09:41:43	~6 min	ios	📦zip
✔️	f813e55	#6	2024-09-10 10:08:35	~33 min	tests	📄log
✔️	b1016dd	#7	2024-09-10 10:44:51	~2 min	tests-rpc	📄log
✔️	b1016dd	#7	2024-09-10 10:45:04	~2 min	android	📦aar
✔️	b1016dd	#7	2024-09-10 10:46:18	~3 min	linux	📦zip
✔️	b1016dd	#7	2024-09-10 10:46:41	~4 min	ios	📦zip
✔️	b1016dd	#7	2024-09-10 11:14:17	~31 min	tests	📄log
✔️	e09099f	#8	2024-09-10 12:39:16	~1 min	android	📦aar
✔️	e09099f	#8	2024-09-10 12:39:52	~2 min	tests-rpc	📄log
✔️	e09099f	#8	2024-09-10 12:40:10	~2 min	linux	📦zip
✔️	e09099f	#8	2024-09-10 12:41:23	~3 min	ios	📦zip
✔️	e09099f	#8	2024-09-10 13:09:41	~31 min	tests	📄log
✔️	a73ba7b	#9	2024-09-10 12:48:46	~1 min	android	📦aar
✔️	a73ba7b	#9	2024-09-10 12:49:33	~2 min	tests-rpc	📄log
✔️	a73ba7b	#9	2024-09-10 12:51:01	~3 min	ios	📦zip
✔️	a73ba7b	#9	2024-09-10 13:43:18	~32 min	tests	📄log
✔️	54be013	#10	2024-09-10 13:31:21	~2 min	android	📦aar
✔️	54be013	#10	2024-09-10 13:32:34	~3 min	tests-rpc	📄log
✔️	54be013	#10	2024-09-10 13:32:53	~3 min	linux	📦zip
✔️	54be013	#10	2024-09-10 14:15:33	~32 min	tests	📄log
✔️	54be013	#11	2024-09-11 00:20:45	~5 min	ios	📦zip
✔️	b8ee586	#11	2024-09-11 05:29:33	~2 min	android	📦aar
✔️	b8ee586	#11	2024-09-11 05:29:42	~2 min	linux	📦zip
✔️	b8ee586	#11	2024-09-11 05:29:45	~2 min	tests-rpc	📄log
✔️	b8ee586	#12	2024-09-11 05:34:59	~7 min	ios	📦zip
✔️	b8ee586	#11	2024-09-11 05:58:43	~31 min	tests	📄log
✔️	2b30174	#12	2024-09-11 05:32:59	~1 min	android	📦aar
✔️	2b30174	#12	2024-09-11 05:33:23	~1 min	linux	📦zip
✔️	2b30174	#12	2024-09-11 05:33:40	~2 min	tests-rpc	📄log
✔️	e0eb057	#13	2024-09-11 05:34:46	~1 min	android	📦aar
✔️	e0eb057	#13	2024-09-11 05:35:33	~1 min	linux	📦zip
✔️	e0eb057	#13	2024-09-11 05:35:54	~2 min	tests-rpc	📄log
✔️	e0eb057	#13	2024-09-11 05:39:44	~4 min	ios	📦zip
✔️	ac5e133	#14	2024-09-11 05:43:14	~1 min	android	📦aar
✔️	ac5e133	#14	2024-09-11 05:43:38	~1 min	linux	📦zip
✔️	ac5e133	#14	2024-09-11 05:44:06	~2 min	tests-rpc	📄log
✔️	ac5e133	#14	2024-09-11 05:44:33	~2 min	ios	📦zip
✔️	8affc0e	#15	2024-09-11 05:46:41	~1 min	linux	📦zip
✔️	8affc0e	#15	2024-09-11 05:46:50	~2 min	tests-rpc	📄log
✔️	8affc0e	#15	2024-09-11 05:47:00	~2 min	android	📦aar
✔️	8affc0e	#15	2024-09-11 05:48:08	~3 min	ios	📦zip
✔️	8fc1f8e	#16	2024-09-11 05:52:12	~1 min	android	📦aar
✔️	8fc1f8e	#16	2024-09-11 05:52:40	~1 min	linux	📦zip
✔️	8fc1f8e	#16	2024-09-11 05:52:46	~2 min	tests-rpc	📄log
✔️	8fc1f8e	#16	2024-09-11 05:53:45	~3 min	ios	📦zip
✔️	8fc1f8e	#12	2024-09-11 06:30:16	~31 min	tests	📄log
✔️	121b78a	#17	2024-09-11 06:47:22	~1 min	android	📦aar
✔️	121b78a	#17	2024-09-11 06:47:46	~1 min	linux	📦zip
✔️	121b78a	#17	2024-09-11 06:48:04	~2 min	tests-rpc	📄log
✔️	121b78a	#17	2024-09-11 06:50:31	~4 min	ios	📦zip
✔️	121b78a	#13	2024-09-11 07:16:46	~30 min	tests	📄log
✔️	3367502	#18	2024-09-12 01:00:53	~2 min	android	📦aar
✔️	3367502	#18	2024-09-12 01:01:00	~2 min	tests-rpc	📄log
✔️	3367502	#18	2024-09-12 01:01:15	~2 min	linux	📦zip
✔️	3367502	#18	2024-09-12 01:03:03	~4 min	ios	📦zip
✔️	3367502	#14	2024-09-12 01:30:01	~31 min	tests	📄log
✔️	7a007ed	#19	2024-09-12 01:34:33	~2 min	android	📦aar
✔️	7a007ed	#19	2024-09-12 01:34:34	~2 min	tests-rpc	📄log
✔️	7a007ed	#19	2024-09-12 01:34:41	~2 min	linux	📦zip
✔️	7a007ed	#19	2024-09-12 01:36:06	~3 min	ios	📦zip
✔️	7a007ed	#15	2024-09-12 02:03:26	~30 min	tests	📄log
✔️	78ccaf5	#20	2024-09-12 01:50:58	~2 min	tests-rpc	📄log
✔️	78ccaf5	#20	2024-09-12 01:51:07	~2 min	android	📦aar
✔️	78ccaf5	#20	2024-09-12 01:51:11	~2 min	linux	📦zip
✔️	78ccaf5	#20	2024-09-12 01:52:38	~3 min	ios	📦zip
✔️	78ccaf5	#16	2024-09-12 02:34:54	~31 min	tests	📄log
✔️	9b536b2	#21	2024-09-12 03:35:17	~2 min	tests-rpc	📄log
✔️	9b536b2	#21	2024-09-12 03:35:23	~2 min	android	📦aar
✔️	9b536b2	#21	2024-09-12 03:35:27	~2 min	linux	📦zip
✔️	9b536b2	#21	2024-09-12 03:37:04	~4 min	ios	📦zip
✔️	9b536b2	#17	2024-09-12 04:04:18	~31 min	tests	📄log
✖️	81931ba	#18	2024-09-12 13:42:20	~1 min	tests	📄log
✔️	81931ba	#22	2024-09-12 13:42:59	~2 min	tests-rpc	📄log
✔️	81931ba	#22	2024-09-12 13:43:07	~2 min	linux	📦zip
✔️	81931ba	#22	2024-09-12 13:43:07	~2 min	android	📦aar
✔️	81931ba	#22	2024-09-12 13:43:49	~3 min	ios	📦zip
✖️	ea63be2	#19	2024-09-12 13:46:15	~1 min	tests	📄log
✔️	ea63be2	#23	2024-09-12 13:46:44	~1 min	android	📦aar
✔️	ea63be2	#23	2024-09-12 13:47:11	~2 min	linux	📦zip
✔️	ea63be2	#23	2024-09-12 13:47:18	~2 min	tests-rpc	📄log
✔️	ea63be2	#23	2024-09-12 13:48:07	~3 min	ios	📦zip
✖️	d31e857	#20	2024-09-12 13:48:59	~1 min	tests	📄log
✔️	d31e857	#24	2024-09-12 13:49:07	~1 min	android	📦aar
✔️	d31e857	#24	2024-09-12 13:49:40	~2 min	tests-rpc	📄log
✔️	d31e857	#24	2024-09-12 13:49:48	~2 min	linux	📦zip
✔️	d31e857	#24	2024-09-12 13:51:34	~2 min	ios	📦zip
✖️	ef3dda2	#21	2024-09-12 13:59:28	~1 min	tests	📄log
✔️	ef3dda2	#25	2024-09-12 13:59:48	~1 min	android	📦aar
✔️	ef3dda2	#25	2024-09-12 14:00:08	~1 min	linux	📦zip
✔️	ef3dda2	#25	2024-09-12 14:00:22	~2 min	tests-rpc	📄log
✔️	ef3dda2	#25	2024-09-12 14:01:07	~2 min	ios	📦zip
✖️	f556f91	#22	2024-09-12 14:04:44	~1 min	tests	📄log
✔️	f556f91	#26	2024-09-12 14:05:09	~1 min	android	📦aar
✔️	f556f91	#26	2024-09-12 14:05:25	~1 min	linux	📦zip
✔️	f556f91	#26	2024-09-12 14:05:45	~2 min	tests-rpc	📄log
✔️	f556f91	#26	2024-09-12 14:06:39	~3 min	ios	📦zip
✖️	d35a47e	#23	2024-09-12 14:09:15	~1 min	tests	📄log
✔️	d35a47e	#27	2024-09-12 14:09:19	~1 min	android	📦aar
✔️	d35a47e	#27	2024-09-12 14:09:52	~2 min	linux	📦zip
✔️	d35a47e	#27	2024-09-12 14:10:01	~2 min	tests-rpc	📄log
✔️	d35a47e	#27	2024-09-12 14:10:47	~3 min	ios	📦zip
✖️	d2148da	#24	2024-09-13 02:24:07	~1 min	tests	📄log
✔️	d2148da	#28	2024-09-13 02:24:31	~1 min	android	📦aar
✔️	d2148da	#28	2024-09-13 02:25:01	~2 min	tests-rpc	📄log
✔️	d2148da	#28	2024-09-13 02:25:09	~2 min	linux	📦zip
✔️	d2148da	#28	2024-09-13 02:26:31	~3 min	ios	📦zip
✖️	a7f208f	#25	2024-09-13 02:52:34	~49 sec	tests	📄log
✔️	a7f208f	#29	2024-09-13 02:53:32	~1 min	linux	📦zip
✔️	a7f208f	#29	2024-09-13 02:54:09	~2 min	tests-rpc	📄log
✔️	a7f208f	#29	2024-09-13 02:55:30	~3 min	ios	📦zip
✔️	a7f208f	#29	2024-09-13 02:57:09	~5 min	android	📦aar
✖️	0b02aca	#26	2024-09-13 04:23:15	~1 min	tests	📄log
✔️	0b02aca	#30	2024-09-13 04:23:25	~1 min	android	📦aar
✔️	0b02aca	#30	2024-09-13 04:23:54	~2 min	linux	📦zip
✔️	0b02aca	#30	2024-09-13 04:24:03	~2 min	tests-rpc	📄log
✔️	0b02aca	#30	2024-09-13 04:25:01	~3 min	ios	📦zip
✖️	70540da	#27	2024-09-13 05:56:43	~1 min	tests	📄log
✔️	70540da	#31	2024-09-13 05:56:58	~1 min	android	📦aar
✔️	70540da	#31	2024-09-13 05:57:22	~2 min	linux	📦zip
✔️	70540da	#31	2024-09-13 05:57:29	~2 min	tests-rpc	📄log
✔️	70540da	#31	2024-09-13 05:58:37	~3 min	ios	📦zip
✔️	7d47f3a	#32	2024-09-13 07:58:38	~1 min	android	📦aar
✔️	7d47f3a	#32	2024-09-13 07:58:57	~1 min	linux	📦zip
✔️	7d47f3a	#32	2024-09-13 07:59:06	~2 min	tests-rpc	📄log
✔️	7d47f3a	#32	2024-09-13 08:00:41	~3 min	ios	📦zip
✔️	7d47f3a	#28	2024-09-13 08:27:41	~30 min	tests	📄log
✔️	940f430	#33	2024-09-13 11:58:50	~2 min	tests-rpc	📄log
✔️	940f430	#33	2024-09-13 11:59:01	~2 min	linux	📦zip
✔️	940f430	#33	2024-09-13 12:00:09	~3 min	ios	📦zip
✔️	940f430	#33	2024-09-13 12:02:02	~5 min	android	📦aar
✔️	940f430	#29	2024-09-13 12:27:40	~31 min	tests	📄log

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✔️	41c20f6	#34	2024-09-13 12:45:16	~1 min	android	📦aar
✔️	41c20f6	#34	2024-09-13 12:45:42	~2 min	linux	📦zip
✔️	41c20f6	#34	2024-09-13 12:45:50	~2 min	tests-rpc	📄log
✔️	41c20f6	#34	2024-09-13 12:47:08	~3 min	ios	📦zip
✔️	41c20f6	#30	2024-09-13 13:14:56	~31 min	tests	📄log
✔️	caadacb	#35	2024-09-13 14:04:13	~2 min	android	📦aar
✔️	caadacb	#35	2024-09-13 14:04:19	~2 min	tests-rpc	📄log
✔️	caadacb	#35	2024-09-13 14:04:33	~2 min	linux	📦zip
✔️	caadacb	#35	2024-09-13 14:05:23	~3 min	ios	📦zip
✔️	caadacb	#31	2024-09-13 14:32:55	~30 min	tests	📄log

[status-im-auto]

✔️ status-go/prs/linux/PR-5812#9 🔹 ~2 min 18 sec 🔹 a73ba7b 🔹 📦 linux package

[ilmotta]

@qfrank, logging the input/output of CallRPC or CallPrivateRPC looks okay in test environments, but many non-RPC functions in mobile/status.go receive passwords. I understand most receive hashed passwords, but I think it's better practice to redact/remove password arguments from the logs.

There's even a tiny chance that the client will mistakenly send the plain text password to some of these functions. I know this happened in PRs while the dev was working on them, but it's exactly in PR builds where logging in/out will be enabled, so it's better if we don't take this risk and redact all password args.

The Sha3 function is particularly important because clients call it by passing plain text passwords, so this one we should not log the input in any environment.

[qfrank]

@qfrank, logging the input/output of CallRPC or CallPrivateRPC looks okay in test environments, but many non-RPC functions in mobile/status.go receive passwords. I understand most receive hashed passwords, but I think it's better practice to redact/remove password arguments from the logs.

There's even a tiny chance that the client will mistakenly send the plain text password to some of these functions. I know this happened in PRs while the dev was working on them, but it's exactly in PR builds where logging in/out will be enabled, so it's better if we don't take this risk and redact all password args.

The Sha3 function is particularly important because clients call it by passing plain text passwords, so this one we should not log the input in any environment.

if you look closely, I didn't pass the password/mnemonic related param to logAndCall... 😉

[ilmotta]

if you look closely, I didn't pass the password/mnemonic related param to logAndCall... 😉

Indeed 👍🏼

The call to Sha3 is passing the edit: password str, this is the problematic one because it receives plain text passwords from clients.

[qfrank]

Actually, I'm not sure if we should remove password like stuff from log as it only applies in test env. There's a hidden password passed like sync feature, and many other APIs like this special case, e.g. login @ilmotta

[ilmotta]

Actually, I'm not sure if we should remove password like stuff from log as it only applies in test env. There's a hidden password passed like sync feature, and many other APIs like this special case, e.g. login @ilmotta

Please help me understand @qfrank, how will logging plain text passwords help us diagnose bugs? status-mobile does call this function multiple times to hash passwords, for example while creating a profile. It's just not worth the trouble IMO to log Sha3 input.

As I mentioned in my review comment #5812 (review), PR builds can be used for various purposes and somebody could forget and use real/good passwords while testing and they will be logged, and possibly shared somewhere. PR builds can be used by all kinds of consumers, not just well informed devs & QAs (think designers or a Product Owner, or a less informed external contributor).

The other serious risk with logging the plain text password for test env is that the logic deciding if req/res are logged relies on enabling a single environment variable. One thing I've seen more than once in pipelines is that they can mess up env vars quite easily. That's why I made this other comment in Tetiana's issue status-im/status-mobile#21176 (comment) about considering a hard check to turn full req/res logging a no-op in release builds, that is, this would take precedence over any environment variable due to the risks of exposing private data in production.

I'm curious to hear what other reviewers think. Maybe I'm being too paranoid 🤷🏼

[qfrank]

I removed logAndCall for sha3 before your comment as we should also not log the response, maybe I'm just struggling with things between the time need to be spent and security. The word paranoid made me laugh, nice paranoid which persuaded me😁

[qfrank]

Thank you for the nice and detailed trick! I mean really nice that it achieved the goal(no need to touch existing code!). But now I'm struggling with implementing this if apply your trick ... I'll need to add recover to each exposed endpoints again ... It will need few lines based on my current implementation. I'm not a fan of OOP, it's not that easy to read, it reminds me of this post. @igor-sirotin

[igor-sirotin]

Thank you @qfrank for all changes.

Please don't take this 12 comments as sign of something bad. I appreciate your PR, I'm very happy to see tests, you've done a great job here 👍 I only left some many comments because I know you are a good dev that will actually learn from this.

And I'm sure you will love OOP some day 👿 😄

[igor-sirotin]

🚀

[qfrank]

all your feedback addressed, pls help force merge, thank you ❤️ @igor-sirotin

[igor-sirotin]

Force-merging, as most lack of diff-coverage is coming from mobile/status.go, which didn't formally didn't chaange.

[osmaczko]

Cool!

[osmaczko]

logAndCall expects fn to return at max 1 value. I am wondering whether we should add extra check for that:

	if fnType.NumOut() > 1 {
		panic("fn must return at max 1 value")
	}

or maybe be more flexible and return []any instead.

[qfrank]

logAndCall is implemented based on the situation of mobile/status.go. The front-end and back-end mainly interact through json strings, so there is at most one return type. Such a definition should be sufficient. If additional verification is to be added, what I can think of may be that the num of function return type is 1 and the return type must be a string. As for []any, I currently can't think of its application scenario ：）

[igor-sirotin]

@qfrank alarm 😄

VerifyDatabasePassword logs the password:

msg=verifyDatabasePassword 
params="[0x2a95c22f1b80ba16fd4fd87600cb7ddae69f8b454078ecc35f4d8db642950afe 0xBAF4C353A3DC6A9F6B539020E2EA08490F8C7CA63D3AD1277DA307F6BC25199C]"

It's not caught by removeSensitiveInfo, because it's not part of JSON, but a separate argument:

status-go/mobile/status.go

Lines 285 to 287 in 6696e6f

	func VerifyDatabasePassword(keyUID, password string) string {
	return logAndCallString(verifyDatabasePassword, keyUID, password)
	}

[igor-sirotin]

In general, we replace this with a single JSON argument for better compatibility. So probably VerifyDatabasePasswordV2 is the solution here. I wouldn't bother with trying to avoid logging password in this specific case. Just rewrite the func, which is a good idea anyway.

[churik]

@qfrank please, let me know when when this is fixed and how I can call the method and I'll verify it, thanks you!

[qfrank]

@qfrank please, let me know when when this is fixed and how I can call the method and I'll verify it, thanks you!

I'll fix it after dinner 🙂