Strip RPC URLs from generated dotrain to prevent API token leak (#2165)

[thedavidmeister]

Fixes #2165

Problem

generate_dotrain_for_deployment() (crates/common/src/dotrain_order.rs) copied the deployment network's networks section verbatim into the dotrain it produces. That generated dotrain is shared with others and embedded into on-chain order metadata (via AddOrderArgs::new_from_deployment), so any private API token baked into a user's RPC URL — whether in a path segment (/v2/<key>) or a query string (?apikey=<token>) — leaked to everyone who could read the order.

Fix

Following the existing vault-id stripping pattern in the same function, a new strip_rpcs_from_network helper replaces every RPC URL in the emitted network entry with a non-secret placeholder (https://rpc.example.com) before the dotrain is returned.

The placeholder is a parseable URL, so the required, non-empty rpcs array stays structurally valid and the generated dotrain still parses end-to-end. Consumers (the webapp / local settings) inject their own RPCs at use time, which is exactly what the issue asks for ("remove/strip the rpc urls and put local/webapp settings in place of those if needed").

Test

Adds test_generate_dotrain_for_deployment_strips_rpc_api_tokens, a discriminating test that:

• embeds two distinct secrets in the network's RPC URLs (a path-style API key and a query-string token);
• asserts neither secret string, nor either full secret-bearing URL, appears anywhere in the generated dotrain (the core security assertion);
• asserts each of the two rpc entries is replaced by the placeholder;
• asserts the generated dotrain still parses via DotrainOrder::create.

Verified the test FAILS against the unpatched function (panics with "path API key leaked into generated dotrain") and PASSES with the fix.

Verification

• cargo test -p raindex_common --lib dotrain_order:: — 18 passed, 0 failed.
• cargo test -p raindex_common --lib raindex_order_builder:: — 92 passed, 0 failed (these consume generate_dotrain_for_deployment and recompute their expected hashes, so they self-consistently track the content change).
• cargo fmt applied.

🤖 Generated with Claude Code

[coderabbitai]

Warning

Review limit reached

@thedavidmeister, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 1 hour. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ead837a5-d34c-45e8-bd25-c00141196ca1

📥 Commits

Reviewing files that changed from the base of the PR and between 2f1df97 and b761111.

📒 Files selected for processing (1)

• crates/common/src/dotrain_order.rs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 2026-06-13-issue-2165

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}