Initial commit: Open sourcing all of the Maple Open Technologies code.

2025-12-02 14:33:08 -05:00 · 2025-12-02 14:33:08 -05:00 · 755d54a99d
commit 755d54a99d
2010 changed files with 448675 additions and 0 deletions
--- a/cloud/maplefile-backend/pkg/security/securestring/securestring.go
+++ b/cloud/maplefile-backend/pkg/security/securestring/securestring.go
@ -0,0 +1,70 @@
+// File Path: monorepo/cloud/maplefile-backend/pkg/security/securebytes/securestring.go
+package securestring
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/awnumar/memguard"
+)
+
+// SecureString is used to store a string securely in memory.
+type SecureString struct {
+	buffer *memguard.LockedBuffer
+}
+
+// NewSecureString creates a new SecureString instance from the given string.
+func NewSecureString(s string) (*SecureString, error) {
+	if len(s) == 0 {
+		return nil, errors.New("string cannot be empty")
+	}
+
+	// Use memguard's built-in method for creating from bytes
+	buffer := memguard.NewBufferFromBytes([]byte(s))
+
+	// Check if buffer was created successfully
+	if buffer == nil {
+		return nil, errors.New("failed to create buffer")
+	}
+
+	return &SecureString{buffer: buffer}, nil
+}
+
+// String returns the securely stored string.
+func (ss *SecureString) String() string {
+	if ss.buffer == nil {
+		fmt.Println("String(): buffer is nil")
+		return ""
+	}
+	if !ss.buffer.IsAlive() {
+		fmt.Println("String(): buffer is not alive")
+		return ""
+	}
+	return ss.buffer.String()
+}
+
+func (ss *SecureString) Bytes() []byte {
+	if ss.buffer == nil {
+		fmt.Println("Bytes(): buffer is nil")
+		return nil
+	}
+	if !ss.buffer.IsAlive() {
+		fmt.Println("Bytes(): buffer is not alive")
+		return nil
+	}
+	return ss.buffer.Bytes()
+}
+
+// Wipe removes the string from memory and makes it unrecoverable.
+func (ss *SecureString) Wipe() error {
+
+	if ss.buffer != nil {
+		if ss.buffer.IsAlive() {
+			ss.buffer.Destroy()
+		}
+	} else {
+		// fmt.Println("Wipe(): Buffer is nil")
+	}
+	ss.buffer = nil
+	return nil
+}
--- a/cloud/maplefile-backend/pkg/security/securestring/securestring_test.go
+++ b/cloud/maplefile-backend/pkg/security/securestring/securestring_test.go
@ -0,0 +1,86 @@
+// File Path: monorepo/cloud/maplefile-backend/pkg/security/securebytes/securestring_test.go
+package securestring
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewSecureString(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   string
+		wantErr bool
+	}{
+		{
+			name:    "valid string",
+			input:   "test-string",
+			wantErr: false,
+		},
+		{
+			name:    "empty string",
+			input:   "",
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ss, err := NewSecureString(tt.input)
+			if tt.wantErr {
+				assert.Error(t, err)
+				assert.Nil(t, ss)
+			} else {
+				assert.NoError(t, err)
+				assert.NotNil(t, ss)
+				assert.NotNil(t, ss.buffer)
+			}
+		})
+	}
+}
+
+func TestSecureString_String(t *testing.T) {
+	input := "test-string"
+	ss, err := NewSecureString(input)
+	assert.NoError(t, err)
+
+	output := ss.String()
+	assert.Equal(t, input, output)
+}
+
+func TestSecureString_Wipe(t *testing.T) {
+	ss, err := NewSecureString("test-string")
+	assert.NoError(t, err)
+
+	err = ss.Wipe()
+	assert.NoError(t, err)
+	assert.Nil(t, ss.buffer)
+
+	// Verify string is wiped
+	output := ss.String()
+	assert.Empty(t, output)
+}
+
+func TestSecureString_DataIsolation(t *testing.T) {
+	original := "test-string"
+	ss, err := NewSecureString(original)
+	assert.NoError(t, err)
+
+	// Attempt to modify original
+	original = "modified"
+
+	// Verify secure string remains unchanged
+	stored := ss.String()
+	assert.NotEqual(t, original, stored)
+	assert.Equal(t, "test-string", stored)
+}
+
+func TestSecureString_StringConsistency(t *testing.T) {
+	input := "test-string"
+	ss, err := NewSecureString(input)
+	assert.NoError(t, err)
+
+	// Multiple calls should return same value
+	assert.Equal(t, ss.String(), ss.String())
+}