From 2180e12b737c93a1c6e5e572d5c1109653dc6639 Mon Sep 17 00:00:00 2001
From: Andy Oknen <andy.oknen@yandex.ru>
Date: Fri, 15 Aug 2025 20:15:57 +0000
Subject: [PATCH] Remove safe file operation wrappers from configuration
 handling to streamline code. Update SECURITY.md to reflect the removal of
 these functions and adjust the section numbering accordingly.

---
 src/config/SECURITY.md | 12 ++----------
 src/config/config.go   | 27 ---------------------------
 2 files changed, 2 insertions(+), 37 deletions(-)

diff --git a/src/config/SECURITY.md b/src/config/SECURITY.md
index da03148c..f8f72677 100644
--- a/src/config/SECURITY.md
+++ b/src/config/SECURITY.md
@@ -34,22 +34,14 @@ Multiple layers of protection:
 
 ## Additional Security Measures
 
-### 4. Safe File Operation Wrappers
-
-Additional wrapper functions provide extra safety:
-
-- `safeReadFile()` - Validates paths before reading
-- `safeWriteFile()` - Validates paths before writing  
-- `safeStat()` - Validates paths before stat operations
-
-### 5. System Directory Protection
+### 4. System Directory Protection
 
 Restricted access to sensitive system directories:
 - Blocks access to `/etc/` (except `/etc/yggdrasil/`)
 - Blocks access to `/root/`, `/var/` (except `/var/lib/yggdrasil/`)
 - Blocks access to `/sys/`, `/proc/`, `/dev/`
 
-### 6. Path Depth Limiting
+### 5. Path Depth Limiting
 
 Maximum path depth of 10 levels to prevent deeply nested attacks.
 
diff --git a/src/config/config.go b/src/config/config.go
index 9dc073e0..1da49b96 100644
--- a/src/config/config.go
+++ b/src/config/config.go
@@ -370,33 +370,6 @@ func validateConfigPath(path string) (string, error) {
 	return absPath, nil
 }
 
-// safeReadFile safely reads a file after validating the path
-func safeReadFile(path string) ([]byte, error) {
-	validatedPath, err := validateConfigPath(path)
-	if err != nil {
-		return nil, fmt.Errorf("invalid file path: %v", err)
-	}
-	return os.ReadFile(validatedPath)
-}
-
-// safeWriteFile safely writes a file after validating the path
-func safeWriteFile(path string, data []byte, perm os.FileMode) error {
-	validatedPath, err := validateConfigPath(path)
-	if err != nil {
-		return fmt.Errorf("invalid file path: %v", err)
-	}
-	return os.WriteFile(validatedPath, data, perm)
-}
-
-// safeStat safely stats a file after validating the path
-func safeStat(path string) (os.FileInfo, error) {
-	validatedPath, err := validateConfigPath(path)
-	if err != nil {
-		return nil, fmt.Errorf("invalid file path: %v", err)
-	}
-	return os.Stat(validatedPath)
-}
-
 // SetCurrentConfig sets the current configuration data and path
 func SetCurrentConfig(path string, cfg *NodeConfig) {
 	// Validate the path before setting it