simplified salt file path validation

Now, only an absolute path to the salt file or a string value is permitted.

Author: dem1fo

src/config/Config.ts

@@ -30,16 +30,8 @@ export namespace Config {
     static: string[];
     reference: string[];
   }
-  type StringBasedSalt = { source: 'STRING'; value: string };
-  type FileBasedSalt = {
-    source: 'FILE';
-    validator_regex?: string;
-    value: {
-      win32?: string;
-      darwin?: string;
-      linux?: string;
-    };
-  };
+  export type StringBasedSalt = { source: 'STRING'; value: string };
+  export type FileBasedSalt =   { source: 'FILE'; value: string; validator_regex?: string };
   export interface CoreConfiguration {
     meta: { id: string }
     source: ColumnMap;

src/config/configStore.ts

@@ -47,6 +47,7 @@ interface ConfigStorePaths {
   config: string;
   appConfig: string;
   backupConfig: string;
+  salt?: string;
 }
 
 export class ConfigStore {

src/config/loadConfig.ts

@@ -20,7 +20,7 @@ import { validateConfigFile } from './validateConfig';
 import { loadSaltFile } from './loadSaltFile';
 import { generateConfigHash } from './utils';
 
-import { getSaltFilePath, attemptToReadTOMLData } from './utils';
+import { attemptToReadTOMLData } from './utils';
 import type { Config } from './Config';
 import Debug from 'debug';
 const log = Debug('CID:loadConfig');
@@ -35,10 +35,10 @@ type LoadConfigResult =
 
 
 type LoadConfigInput = {
-  configPath: string,
-  algorithmId: string,
-  usingUI?: boolean,
-  validateConfig?: boolean
+  configPath: string;
+  algorithmId: string;
+  usingUI?: boolean;
+  validateConfig?: boolean;
 }
 // Main entry point for loading a config file.
 // returns:
@@ -96,6 +96,8 @@ export function loadConfig({ configPath, algorithmId, usingUI=false, validateCon
   configData.algorithm.columns.reference = configData.algorithm.columns.reference.sort();
   configData.algorithm.columns.static = configData.algorithm.columns.static.sort();
 
+  // TODO: check whether embedded salt file path is provided, config should override embedded.
+
   // check if we need to inject the salt data into the config
   // if not, the config loading is finished
   if (configData.algorithm.salt.source === 'STRING') {
@@ -122,15 +124,15 @@ export function loadConfig({ configPath, algorithmId, usingUI=false, validateCon
     return {
       success: false,
       isSaltFileError: true,
-      error: `Invalid salt file: '${getSaltFilePath(saltFilePath)}'`,
+      error: `Invalid salt file: '${saltFilePath}'`,
       // send the existing config alongside so if this config is the backup one, error messages
       // can still be loaded
       config: configData,
     };
   }
 
   // replace the "FILE" with "STRING" amd embed the salt data
-  configData.algorithm.salt = configData.algorithm.salt as unknown as Config.CoreConfiguration["algorithm"]["salt"];
+  configData.algorithm.salt = configData.algorithm.salt as unknown as Config.StringBasedSalt;
   configData.algorithm.salt.source = 'STRING';
   configData.algorithm.salt.value = saltData;
 

src/config/loadSaltFile.ts

@@ -18,7 +18,7 @@ import path from 'node:path';
 import Debug from 'debug';
 const log = Debug('CID:loadSaltFile');
 
-import { getSaltFilePath, attemptToReadFileData } from './utils';
+import { attemptToReadFileData } from './utils';
 import type { Config } from './Config';
 
 // the encoding used for the salt file
@@ -29,23 +29,19 @@ const DEFAULT_VALIDATOR_REGEXP: RegExp =
   /-----BEGIN PGP PUBLIC KEY BLOCK-----[A-Za-z0-9+/=\s]+-----END PGP PUBLIC KEY BLOCK-----/;
 
 interface LoadSaltFileInput {
-  saltFilePath: Config.FileConfiguration['algorithm']['salt']['value'];
+  saltFilePath: string;
   validatorRegexp?: RegExp;
 }
 
 // Attempts to load and clean up the salt file data
 export function loadSaltFile({ saltFilePath, validatorRegexp = DEFAULT_VALIDATOR_REGEXP }: LoadSaltFileInput) {
-  // resolve the salt file path from the config & platform
-  const fullSaltFilePath = getSaltFilePath(saltFilePath);
+  log('Attempting to load salt file from ', path.resolve(saltFilePath));
 
-  log('Attempting to load salt file from ', path.resolve(fullSaltFilePath));
-  // return null;
   // TODO: potentially clean up line endings and whitespace here
-  const saltData = attemptToReadFileData(fullSaltFilePath, SALT_FILE_ENCODING);
+  const saltData = attemptToReadFileData(saltFilePath, SALT_FILE_ENCODING);
   if (!saltData) return null;
 
   // check if the structure is correct for the file
-  // /-----BEGIN PGP PUBLIC KEY BLOCK-----[A-Za-z0-9+/=\s]+-----END PGP PUBLIC KEY BLOCK-----/
   const CHECK_RX = new RegExp(validatorRegexp);
 
   if (!CHECK_RX.test(saltData)) {

src/config/utils.ts

@@ -56,28 +56,6 @@ export function attemptToReadTOMLData<T>(filePath: string, encoding: fs.Encoding
   }
 }
 
-// takes into consideration the platform and the type of value provided by the config
-// to return an actual, absolute salt file path
-export function getSaltFilePath(saltValueConfig: Config.CoreConfiguration['algorithm']['salt']['value']) {
-  // if the value is a string always use it
-  if (typeof saltValueConfig === 'string') return saltValueConfig;
-
-  // no salt path means the config does not have our platform
-  /* istanbul ignore next */
-  if (process.platform in saltValueConfig === false) {
-    throw new Error(`Unsupported platform for salt file location: ${process.platform}`);
-  }
-  const platform = process.platform as keyof typeof saltValueConfig;
-  const platformSaltPath = saltValueConfig[platform];
-
-  if (!platformSaltPath) throw new Error(`Salt path not provided for platform: ${process.platform}`);
-
-  // token replacement
-  return path.resolve(
-    platformSaltPath.replaceAll('$HOME', os.homedir()).replaceAll('$APPDATA', appDataLocation()),
-  );
-}
-
 // Returns the prefered Application Data storage location based on the operating system
 export function appDataLocation() {
   switch (process.platform) {

src/config/validateConfig.ts

@@ -210,7 +210,6 @@ const checkAlgorithm = (algorithm: Config.CoreConfiguration['algorithm'], source
     isOneOf('[algorithm].salt.source', ['FILE', 'STRING'], algorithm.salt.source);
   if (exists) return exists;
 
-  let check: string | undefined;
   if (algorithm.salt.source === 'STRING') {
     return (
       isString('[algorithm].salt.value', algorithm.salt.value) ||
@@ -219,22 +218,12 @@ const checkAlgorithm = (algorithm: Config.CoreConfiguration['algorithm'], source
   }
 
   if (algorithm.salt.source === 'FILE') {
-    check =
-      isObject('[algorithm].salt.value', algorithm.salt.value) ||
+    return (
+      isString('[algorithm].salt.value', algorithm.salt.value) ||
+      isNotEmptyString('[algorithm].salt.value', algorithm.salt.value) ||
       isOptional('[algorithm].salt.validator_regex', algorithm.salt.validator_regex, isString) ||
-      isOptional('[algorithm].salt.validator_regex', algorithm.salt!.validator_regex, isRegexp) ||
-      isOptional('[algorithm].salt.value.win32', algorithm.salt.value!.win32, isString) ||
-      isOptional('[algorithm].salt.value.darwin', algorithm.salt.value!.darwin, isString) ||
-      isOptional('[algorithm].salt.value.linux', algorithm.salt.value!.linux, isString);
-
-    if (check) return check;
-
-    // at least one of [win32, darwin, linux] must be provided
-    if (
-      Object.keys(algorithm.salt.value!).filter((v) => ['win32', 'darwin', 'linux'].includes(v)).length === 0
-    ) {
-      return '[algorithm].salt.value must specify at least one win32, darwin, or linux path value.';
-    }
+      isOptional('[algorithm].salt.validator_regex', algorithm.salt!.validator_regex, isRegexp)
+    )
   }
 };
 

src/hashing/base.ts

@@ -24,13 +24,13 @@ export type makeHasherFunction = (config: Config.CoreConfiguration['algorithm'])
 
 export abstract class BaseHasher {
   config: Config.CoreConfiguration['algorithm'];
-  saltValue: Config.CoreConfiguration['algorithm']['salt']['value'];
+  saltValue: Config.CoreConfiguration["algorithm"]["salt"]["value"];
 
   constructor(config: Config.CoreConfiguration['algorithm']) {
     this.config = config;
 
     // at this point the salt data should be injected into the config
-    if (config.salt.source.toLowerCase() !== 'string') {
+    if (config.salt.source !== "STRING") {
       throw new Error(
         'only embedded salt values supported for hashing -- import & save the config if file support is desired here',
       );
@@ -45,7 +45,7 @@ export abstract class BaseHasher {
   generateHashForValue(stringValue: string, algorithm: string = 'sha256') {
     let hashDigest = crypto
       .createHash(algorithm)
-      .update(this.saltValue as string)
+      .update(this.config.salt.value)
       .update(stringValue)
       .digest();
     return base32.encode(hashDigest);

tests/config/loadConfig.test.ts

@@ -49,9 +49,7 @@ test('loadConfig salt', () => {
   const TEST_FILE_PATH = join(tmpdir(), 'salt-config.json');
   const cfg = JSON.parse(readFileSync(join(FILES_PATH, 'test-salt-loading-config.json'), 'utf-8'));
 
-  cfg.algorithm.salt.value.darwin = SALT_FILE_PATH;
-  cfg.algorithm.salt.value.win32 = SALT_FILE_PATH;
-  cfg.algorithm.salt.value.linux = SALT_FILE_PATH;
+  cfg.algorithm.salt.value = SALT_FILE_PATH;
   cfg.meta.signature = generateConfigHash(cfg);
 
   writeFileSync(TEST_FILE_PATH, JSON.stringify(cfg), 'utf-8');
@@ -70,9 +68,7 @@ test('loadConfig salt error', () => {
   const TEST_FILE_PATH = join(tmpdir(), 'salt-config.json');
   const cfg = JSON.parse(readFileSync(join(FILES_PATH, 'test-salt-loading-config.json'), 'utf-8'));
 
-  cfg.algorithm.salt.value.darwin = SALT_FILE_PATH;
-  cfg.algorithm.salt.value.win32 = SALT_FILE_PATH;
-  cfg.algorithm.salt.value.linux = SALT_FILE_PATH;
+  cfg.algorithm.salt.value = SALT_FILE_PATH;
   cfg.meta.signature = generateConfigHash(cfg);
 
   writeFileSync(TEST_FILE_PATH, JSON.stringify(cfg), 'utf-8');