From d5077ae9662f54b6a8a399a1ecdfefa0115b8cf7 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Fri, 8 Aug 2025 23:54:20 -0400
Subject: [PATCH] Respond to 13.1.1.

Uses Zeroizing for username/password in monero-simple-request-rpc.
---
 Cargo.lock                                    |  1 +
 networks/monero/rpc/simple-request/Cargo.toml |  1 +
 networks/monero/rpc/simple-request/src/lib.rs | 15 ++++++++-------
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 3b55f7b3..9b41db79 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5008,6 +5008,7 @@ dependencies = [
  "monero-rpc",
  "simple-request",
  "tokio",
+ "zeroize",
 ]
 
 [[package]]
diff --git a/networks/monero/rpc/simple-request/Cargo.toml b/networks/monero/rpc/simple-request/Cargo.toml
index a31b14e3..9698c7d6 100644
--- a/networks/monero/rpc/simple-request/Cargo.toml
+++ b/networks/monero/rpc/simple-request/Cargo.toml
@@ -17,6 +17,7 @@ workspace = true
 
 [dependencies]
 hex = { version = "0.4", default-features = false, features = ["alloc"] }
+zeroize = { version = "^1.5", default-features = false, features = ["alloc", "std"] }
 digest_auth = { version = "0.3", default-features = false }
 simple-request = { path = "../../../../common/request", version = "0.1", default-features = false, features = ["tls"] }
 tokio = { version = "1", default-features = false }
diff --git a/networks/monero/rpc/simple-request/src/lib.rs b/networks/monero/rpc/simple-request/src/lib.rs
index c6a8ecf5..0b53e209 100644
--- a/networks/monero/rpc/simple-request/src/lib.rs
+++ b/networks/monero/rpc/simple-request/src/lib.rs
@@ -7,6 +7,7 @@ use std::{sync::Arc, io::Read, time::Duration};
 
 use tokio::sync::Mutex;
 
+use zeroize::Zeroizing;
 use digest_auth::{WwwAuthenticateHeader, AuthContext};
 use simple_request::{
   hyper::{StatusCode, header::HeaderValue, Request},
@@ -25,8 +26,8 @@ enum Authentication {
   // This ensures that if a nonce is requested, another caller doesn't make a request invalidating
   // it
   Authenticated {
-    username: String,
-    password: String,
+    username: Zeroizing<String>,
+    password: Zeroizing<String>,
     #[allow(clippy::type_complexity)]
     connection: Arc<Mutex<(Option<(WwwAuthenticateHeader, u64)>, Client)>>,
   },
@@ -77,7 +78,7 @@ impl SimpleRequestRpc {
   ) -> Result<SimpleRequestRpc, RpcError> {
     let authentication = if url.contains('@') {
       // Parse out the username and password
-      let url_clone = url;
+      let url_clone = Zeroizing::new(url);
       let split_url = url_clone.split('@').collect::<Vec<_>>();
       if split_url.len() != 2 {
         Err(RpcError::ConnectionError("invalid amount of login specifications".to_string()))?;
@@ -114,8 +115,8 @@ impl SimpleRequestRpc {
           .map_err(|e| RpcError::ConnectionError(format!("{e:?}")))?,
       )?;
       Authentication::Authenticated {
-        username: split_userpass[0].to_string(),
-        password: (*split_userpass.get(1).unwrap_or(&"")).to_string(),
+        username: Zeroizing::new(split_userpass[0].to_string()),
+        password: Zeroizing::new((*split_userpass.get(1).unwrap_or(&"")).to_string()),
         connection: Arc::new(Mutex::new((challenge, client))),
       }
     } else {
@@ -180,8 +181,8 @@ impl SimpleRequestRpc {
             *cnonce += 1;
 
             let mut context = AuthContext::new_post::<_, _, _, &[u8]>(
-              username,
-              password,
+              <_ as AsRef<str>>::as_ref(username),
+              <_ as AsRef<str>>::as_ref(password),
               "/".to_string() + route,
               None,
             );