kist 0.1.30 → 0.1.31

package/js/core/config/ConfigStore.d.ts

@@ -1,68 +1,52 @@
 import { ConfigInterface } from "../../interface/ConfigInterface";
 import { AbstractProcess } from "../abstract/AbstractProcess";
 /**
- * ConfigStore is a singleton that loads and manages the application's
- * configuration.
+ * ConfigStore is a singleton that loads and manages the application's configuration.
  * It prioritizes CLI arguments over configuration file values.
  */
 export declare class ConfigStore extends AbstractProcess {
-    /**
-     * Singleton instance of the ConfigStore.
-     */
     private static instance;
-    /**
-     * The current configuration stored in the ConfigStore.
-     */
     private config;
-    /**
-     * Private constructor to enforce the singleton pattern.
-     * Initializes the store with the default configuration.
-     */
     private constructor();
     /**
-     * Retrieves the singleton instance of ConfigStore, initializing it if
-     * necessary.
+     * Retrieves the singleton instance of ConfigStore.
      * @returns The singleton instance of ConfigStore.
      */
     static getInstance(): ConfigStore;
     /**
-     * Retrieves a value from the configuration by key.
-     * Supports nested keys using dot notation (e.g., "options.logLevel").
+     * Retrieves a value from the configuration using dot notation.
      *
      * @param key - The key of the configuration to retrieve.
      * @returns The configuration value or undefined if not found.
      */
     get<T>(key: string): T | undefined;
     /**
-     * Sets a value in the configuration by key.
-     * Supports nested keys using dot notation (e.g., "options.logLevel").
+     * Sets a value in the configuration using dot notation.
      *
      * @param key - The key of the configuration to set.
      * @param value - The value to set.
      */
     set(key: string, value: unknown): void;
     /**
-     * Merges the provided configuration into the existing configuration.
-     * Uses a deep merge strategy to combine objects and overwrite primitives.
+     * Merges the provided configuration into the existing configuration using deep merge.
      *
      * @param newConfig - The new configuration to merge.
      */
     merge(newConfig: Partial<ConfigInterface>): void;
     /**
-     * Retrieves the current configuration.
-     *
-     * @returns The current configuration object.
+     * Retrieves the current configuration object.
+     * @returns The current configuration.
      */
     getConfig(): ConfigInterface;
     /**
-     * Prints the current configuration to the console in a readable format.
+     * Prints the current configuration to the console.
      */
     print(): void;
     /**
-     * Deeply merges two objects.
+     * Deeply merges two objects, preventing prototype pollution.
      *
-     * @param target - The target object to merge into.
-     * @param source - The source object to merge from.
+     * @param target - The target object.
+     * @param source - The source object.
      * @returns The merged object.
      */
     private deepMerge;

package/js/core/config/ConfigStore.js

@@ -10,27 +10,18 @@ const defaultConfig_1 = require("./defaultConfig");
 // Class
 // ============================================================================
 /**
- * ConfigStore is a singleton that loads and manages the application's
- * configuration.
+ * ConfigStore is a singleton that loads and manages the application's configuration.
  * It prioritizes CLI arguments over configuration file values.
  */
 class ConfigStore extends AbstractProcess_1.AbstractProcess {
-    // Constructor
-    // ========================================================================
-    /**
-     * Private constructor to enforce the singleton pattern.
-     * Initializes the store with the default configuration.
-     */
+    // Constructor (Private to enforce Singleton Pattern)
     constructor() {
         super();
         this.config = defaultConfig_1.defaultConfig;
         this.logDebug("ConfigStore initialized with default configuration.");
     }
-    // Static Methods
-    // ========================================================================
     /**
-     * Retrieves the singleton instance of ConfigStore, initializing it if
-     * necessary.
+     * Retrieves the singleton instance of ConfigStore.
      * @returns The singleton instance of ConfigStore.
      */
     static getInstance() {
@@ -39,11 +30,8 @@ class ConfigStore extends AbstractProcess_1.AbstractProcess {
         }
         return ConfigStore.instance;
     }
-    // Instance Methods
-    // ========================================================================
     /**
-     * Retrieves a value from the configuration by key.
-     * Supports nested keys using dot notation (e.g., "options.logLevel").
+     * Retrieves a value from the configuration using dot notation.
      *
      * @param key - The key of the configuration to retrieve.
      * @returns The configuration value or undefined if not found.
@@ -57,12 +45,11 @@ class ConfigStore extends AbstractProcess_1.AbstractProcess {
             }
             current = current[k];
         }
-        this.logDebug(`Configuration key "${key}" retrieved with value: ${JSON.stringify(current)}`);
+        this.logDebug(`Configuration key "${key}" retrieved.`);
         return current;
     }
     /**
-     * Sets a value in the configuration by key.
-     * Supports nested keys using dot notation (e.g., "options.logLevel").
+     * Sets a value in the configuration using dot notation.
      *
      * @param key - The key of the configuration to set.
      * @param value - The value to set.
@@ -72,17 +59,28 @@ class ConfigStore extends AbstractProcess_1.AbstractProcess {
         let current = this.config;
         for (let i = 0; i < keys.length - 1; i++) {
             const k = keys[i];
-            if (!current[k] || typeof current[k] !== "object") {
-                current[k] = {};
+            // Prevent prototype pollution by blocking reserved keywords
+            if (["__proto__", "constructor", "prototype"].includes(k)) {
+                this.logWarn(`Attempted prototype pollution detected: "${k}"`);
+                return;
+            }
+            // Ensure property exists and is an object
+            if (!Object.prototype.hasOwnProperty.call(current, k) || typeof current[k] !== "object") {
+                current[k] = Object.create(null); // Use a null prototype object
             }
             current = current[k];
         }
-        current[keys[keys.length - 1]] = value;
+        const finalKey = keys[keys.length - 1];
+        // Prevent prototype pollution at the final assignment
+        if (["__proto__", "constructor", "prototype"].includes(finalKey)) {
+            this.logWarn(`Attempted prototype pollution detected: "${finalKey}"`);
+            return;
+        }
+        current[finalKey] = value;
         this.logDebug(`Set configuration key "${key}" to: ${JSON.stringify(value)}`);
     }
     /**
-     * Merges the provided configuration into the existing configuration.
-     * Uses a deep merge strategy to combine objects and overwrite primitives.
+     * Merges the provided configuration into the existing configuration using deep merge.
      *
      * @param newConfig - The new configuration to merge.
      */
@@ -91,64 +89,38 @@ class ConfigStore extends AbstractProcess_1.AbstractProcess {
         this.logDebug("Configuration successfully merged.");
     }
     /**
-     * Retrieves the current configuration.
-     *
-     * @returns The current configuration object.
+     * Retrieves the current configuration object.
+     * @returns The current configuration.
      */
     getConfig() {
         return this.config;
     }
     /**
-     * Prints the current configuration to the console in a readable format.
+     * Prints the current configuration to the console.
      */
     print() {
-        console.log("Current Configuration:");
-        console.log(JSON.stringify(this.config, null, 2));
+        console.log("Current Configuration:", JSON.stringify(this.config, null, 2));
     }
     /**
-     * Deeply merges two objects.
+     * Deeply merges two objects, preventing prototype pollution.
      *
-     * @param target - The target object to merge into.
-     * @param source - The source object to merge from.
+     * @param target - The target object.
+     * @param source - The source object.
      * @returns The merged object.
      */
-    // private deepMerge(target: any, source: any): any {
-    //     if (typeof target !== "object" || target === null) {
-    //         return source;
-    //     }
-    //     for (const key of Object.keys(source)) {
-    //         if (
-    //             source[key] &&
-    //             typeof source[key] === "object" &&
-    //             !Array.isArray(source[key])
-    //         ) {
-    //             if (!target[key] || typeof target[key] !== "object") {
-    //                 target[key] = {};
-    //             }
-    //             target[key] = this.deepMerge(target[key], source[key]);
-    //         } else {
-    //             target[key] = source[key];
-    //         }
-    //     }
-    //     return target;
-    // }
     deepMerge(target, source) {
         if (typeof target !== "object" || target === null) {
             return source;
         }
         for (const key of Object.keys(source)) {
             // Prevent prototype pollution
-            if (key === "__proto__" ||
-                key === "constructor" ||
-                key === "prototype") {
-                this.logWarn(`Skipping potentially unsafe key: "${key}"`);
+            if (["__proto__", "constructor", "prototype"].includes(key)) {
+                this.logWarn(`Skipping unsafe key during merge: "${key}"`);
                 continue;
             }
-            if (source[key] &&
-                typeof source[key] === "object" &&
-                !Array.isArray(source[key])) {
-                if (!target[key] || typeof target[key] !== "object") {
-                    target[key] = {};
+            if (source[key] && typeof source[key] === "object" && !Array.isArray(source[key])) {
+                if (!Object.prototype.hasOwnProperty.call(target, key) || typeof target[key] !== "object") {
+                    target[key] = Object.create(null);
                 }
                 target[key] = this.deepMerge(target[key], source[key]);
             }
@@ -160,9 +132,5 @@ class ConfigStore extends AbstractProcess_1.AbstractProcess {
     }
 }
 exports.ConfigStore = ConfigStore;
-// Parameters
-// ========================================================================
-/**
- * Singleton instance of the ConfigStore.
- */
+// Singleton instance
 ConfigStore.instance = null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kist",
-  "version": "0.1.30",
+  "version": "0.1.31",
   "description": "Package Pipeline Processor",
   "keywords": [
     "kist",

package/ts/core/config/ConfigStore copy.ts

@@ -0,0 +1,201 @@
+// ============================================================================
+// Import
+// ============================================================================
+
+import { ConfigInterface } from "../../interface/ConfigInterface";
+import { AbstractProcess } from "../abstract/AbstractProcess";
+import { defaultConfig } from "./defaultConfig";
+
+// ============================================================================
+// Class
+// ============================================================================
+
+/**
+ * ConfigStore is a singleton that loads and manages the application's
+ * configuration.
+ * It prioritizes CLI arguments over configuration file values.
+ */
+export class ConfigStore extends AbstractProcess {
+    // Parameters
+    // ========================================================================
+
+    /**
+     * Singleton instance of the ConfigStore.
+     */
+    private static instance: ConfigStore | null = null;
+
+    /**
+     * The current configuration stored in the ConfigStore.
+     */
+    private config: ConfigInterface;
+
+    // Constructor
+    // ========================================================================
+
+    /**
+     * Private constructor to enforce the singleton pattern.
+     * Initializes the store with the default configuration.
+     */
+    private constructor() {
+        super();
+        this.config = defaultConfig;
+        this.logDebug("ConfigStore initialized with default configuration.");
+    }
+
+    // Static Methods
+    // ========================================================================
+
+    /**
+     * Retrieves the singleton instance of ConfigStore, initializing it if
+     * necessary.
+     * @returns The singleton instance of ConfigStore.
+     */
+    public static getInstance(): ConfigStore {
+        if (!ConfigStore.instance) {
+            ConfigStore.instance = new ConfigStore();
+        }
+        return ConfigStore.instance;
+    }
+
+    // Instance Methods
+    // ========================================================================
+
+    /**
+     * Retrieves a value from the configuration by key.
+     * Supports nested keys using dot notation (e.g., "options.logLevel").
+     *
+     * @param key - The key of the configuration to retrieve.
+     * @returns The configuration value or undefined if not found.
+     */
+    public get<T>(key: string): T | undefined {
+        const keys = key.split(".");
+        let current: any = this.config;
+
+        for (const k of keys) {
+            if (current[k] === undefined) {
+                return undefined;
+            }
+            current = current[k];
+        }
+
+        this.logDebug(
+            `Configuration key "${key}" retrieved with value: ${JSON.stringify(current)}`,
+        );
+        return current as T;
+    }
+
+    /**
+     * Sets a value in the configuration by key.
+     * Supports nested keys using dot notation (e.g., "options.logLevel").
+     *
+     * @param key - The key of the configuration to set.
+     * @param value - The value to set.
+     */
+    public set(key: string, value: unknown): void {
+        const keys = key.split(".");
+        let current: any = this.config;
+
+        for (let i = 0; i < keys.length - 1; i++) {
+            const k = keys[i];
+            if (!current[k] || typeof current[k] !== "object") {
+                current[k] = {};
+            }
+            current = current[k];
+        }
+
+        current[keys[keys.length - 1]] = value;
+        this.logDebug(
+            `Set configuration key "${key}" to: ${JSON.stringify(value)}`,
+        );
+    }
+
+    /**
+     * Merges the provided configuration into the existing configuration.
+     * Uses a deep merge strategy to combine objects and overwrite primitives.
+     *
+     * @param newConfig - The new configuration to merge.
+     */
+    public merge(newConfig: Partial<ConfigInterface>): void {
+        this.config = this.deepMerge(this.config, newConfig);
+        this.logDebug("Configuration successfully merged.");
+    }
+
+    /**
+     * Retrieves the current configuration.
+     *
+     * @returns The current configuration object.
+     */
+    public getConfig(): ConfigInterface {
+        return this.config;
+    }
+
+    /**
+     * Prints the current configuration to the console in a readable format.
+     */
+    public print(): void {
+        console.log("Current Configuration:");
+        console.log(JSON.stringify(this.config, null, 2));
+    }
+
+    /**
+     * Deeply merges two objects.
+     *
+     * @param target - The target object to merge into.
+     * @param source - The source object to merge from.
+     * @returns The merged object.
+     */
+    // private deepMerge(target: any, source: any): any {
+    //     if (typeof target !== "object" || target === null) {
+    //         return source;
+    //     }
+
+    //     for (const key of Object.keys(source)) {
+    //         if (
+    //             source[key] &&
+    //             typeof source[key] === "object" &&
+    //             !Array.isArray(source[key])
+    //         ) {
+    //             if (!target[key] || typeof target[key] !== "object") {
+    //                 target[key] = {};
+    //             }
+    //             target[key] = this.deepMerge(target[key], source[key]);
+    //         } else {
+    //             target[key] = source[key];
+    //         }
+    //     }
+
+    //     return target;
+    // }
+    private deepMerge(target: any, source: any): any {
+        if (typeof target !== "object" || target === null) {
+            return source;
+        }
+
+        for (const key of Object.keys(source)) {
+            // Prevent prototype pollution
+            if (
+                key === "__proto__" ||
+                key === "constructor" ||
+                key === "prototype"
+            ) {
+                this.logWarn(`Skipping potentially unsafe key: "${key}"`);
+                continue;
+            }
+
+            if (
+                source[key] &&
+                typeof source[key] === "object" &&
+                !Array.isArray(source[key])
+            ) {
+                if (!target[key] || typeof target[key] !== "object") {
+                    target[key] = {};
+                }
+                target[key] = this.deepMerge(target[key], source[key]);
+            } else {
+                target[key] = source[key];
+            }
+        }
+
+        return target;
+    }
+}

package/ts/core/config/ConfigStore.ts

@@ -11,43 +11,25 @@ import { defaultConfig } from "./defaultConfig";
 // ============================================================================
 
 /**
- * ConfigStore is a singleton that loads and manages the application's
- * configuration.
+ * ConfigStore is a singleton that loads and manages the application's configuration.
  * It prioritizes CLI arguments over configuration file values.
  */
 export class ConfigStore extends AbstractProcess {
-    // Parameters
-    // ========================================================================
-
-    /**
-     * Singleton instance of the ConfigStore.
-     */
+    // Singleton instance
     private static instance: ConfigStore | null = null;
 
-    /**
-     * The current configuration stored in the ConfigStore.
-     */
+    // The current configuration stored in the ConfigStore.
     private config: ConfigInterface;
 
-    // Constructor
-    // ========================================================================
-
-    /**
-     * Private constructor to enforce the singleton pattern.
-     * Initializes the store with the default configuration.
-     */
+    // Constructor (Private to enforce Singleton Pattern)
     private constructor() {
         super();
         this.config = defaultConfig;
         this.logDebug("ConfigStore initialized with default configuration.");
     }
 
-    // Static Methods
-    // ========================================================================
-
     /**
-     * Retrieves the singleton instance of ConfigStore, initializing it if
-     * necessary.
+     * Retrieves the singleton instance of ConfigStore.
      * @returns The singleton instance of ConfigStore.
      */
     public static getInstance(): ConfigStore {
@@ -57,12 +39,8 @@ export class ConfigStore extends AbstractProcess {
         return ConfigStore.instance;
     }
 
-    // Instance Methods
-    // ========================================================================
-
     /**
-     * Retrieves a value from the configuration by key.
-     * Supports nested keys using dot notation (e.g., "options.logLevel").
+     * Retrieves a value from the configuration using dot notation.
      *
      * @param key - The key of the configuration to retrieve.
      * @returns The configuration value or undefined if not found.
@@ -78,15 +56,12 @@ export class ConfigStore extends AbstractProcess {
             current = current[k];
         }
 
-        this.logDebug(
-            `Configuration key "${key}" retrieved with value: ${JSON.stringify(current)}`,
-        );
+        this.logDebug(`Configuration key "${key}" retrieved.`);
         return current as T;
     }
 
     /**
-     * Sets a value in the configuration by key.
-     * Supports nested keys using dot notation (e.g., "options.logLevel").
+     * Sets a value in the configuration using dot notation.
      *
      * @param key - The key of the configuration to set.
      * @param value - The value to set.
@@ -97,21 +72,34 @@ export class ConfigStore extends AbstractProcess {
 
         for (let i = 0; i < keys.length - 1; i++) {
             const k = keys[i];
-            if (!current[k] || typeof current[k] !== "object") {
-                current[k] = {};
+
+            // Prevent prototype pollution by blocking reserved keywords
+            if (["__proto__", "constructor", "prototype"].includes(k)) {
+                this.logWarn(`Attempted prototype pollution detected: "${k}"`);
+                return;
+            }
+
+            // Ensure property exists and is an object
+            if (!Object.prototype.hasOwnProperty.call(current, k) || typeof current[k] !== "object") {
+                current[k] = Object.create(null); // Use a null prototype object
             }
             current = current[k];
         }
 
-        current[keys[keys.length - 1]] = value;
-        this.logDebug(
-            `Set configuration key "${key}" to: ${JSON.stringify(value)}`,
-        );
+        const finalKey = keys[keys.length - 1];
+
+        // Prevent prototype pollution at the final assignment
+        if (["__proto__", "constructor", "prototype"].includes(finalKey)) {
+            this.logWarn(`Attempted prototype pollution detected: "${finalKey}"`);
+            return;
+        }
+
+        current[finalKey] = value;
+        this.logDebug(`Set configuration key "${key}" to: ${JSON.stringify(value)}`);
     }
 
     /**
-     * Merges the provided configuration into the existing configuration.
-     * Uses a deep merge strategy to combine objects and overwrite primitives.
+     * Merges the provided configuration into the existing configuration using deep merge.
      *
      * @param newConfig - The new configuration to merge.
      */
@@ -121,51 +109,27 @@ export class ConfigStore extends AbstractProcess {
     }
 
     /**
-     * Retrieves the current configuration.
-     *
-     * @returns The current configuration object.
+     * Retrieves the current configuration object.
+     * @returns The current configuration.
      */
     public getConfig(): ConfigInterface {
         return this.config;
     }
 
     /**
-     * Prints the current configuration to the console in a readable format.
+     * Prints the current configuration to the console.
      */
     public print(): void {
-        console.log("Current Configuration:");
-        console.log(JSON.stringify(this.config, null, 2));
+        console.log("Current Configuration:", JSON.stringify(this.config, null, 2));
     }
 
     /**
-     * Deeply merges two objects.
+     * Deeply merges two objects, preventing prototype pollution.
      *
-     * @param target - The target object to merge into.
-     * @param source - The source object to merge from.
+     * @param target - The target object.
+     * @param source - The source object.
      * @returns The merged object.
      */
-    // private deepMerge(target: any, source: any): any {
-    //     if (typeof target !== "object" || target === null) {
-    //         return source;
-    //     }
-
-    //     for (const key of Object.keys(source)) {
-    //         if (
-    //             source[key] &&
-    //             typeof source[key] === "object" &&
-    //             !Array.isArray(source[key])
-    //         ) {
-    //             if (!target[key] || typeof target[key] !== "object") {
-    //                 target[key] = {};
-    //             }
-    //             target[key] = this.deepMerge(target[key], source[key]);
-    //         } else {
-    //             target[key] = source[key];
-    //         }
-    //     }
-
-    //     return target;
-    // }
     private deepMerge(target: any, source: any): any {
         if (typeof target !== "object" || target === null) {
             return source;
@@ -173,22 +137,14 @@ export class ConfigStore extends AbstractProcess {
 
         for (const key of Object.keys(source)) {
             // Prevent prototype pollution
-            if (
-                key === "__proto__" ||
-                key === "constructor" ||
-                key === "prototype"
-            ) {
-                this.logWarn(`Skipping potentially unsafe key: "${key}"`);
+            if (["__proto__", "constructor", "prototype"].includes(key)) {
+                this.logWarn(`Skipping unsafe key during merge: "${key}"`);
                 continue;
             }
 
-            if (
-                source[key] &&
-                typeof source[key] === "object" &&
-                !Array.isArray(source[key])
-            ) {
-                if (!target[key] || typeof target[key] !== "object") {
-                    target[key] = {};
+            if (source[key] && typeof source[key] === "object" && !Array.isArray(source[key])) {
+                if (!Object.prototype.hasOwnProperty.call(target, key) || typeof target[key] !== "object") {
+                    target[key] = Object.create(null);
                 }
                 target[key] = this.deepMerge(target[key], source[key]);
             } else {