fix(hashincsv): should not be salted by jsonpath (#434)

* fix(hashincsv): do not salt seed with jsonpath

* fix: grammatical errors in comment

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix: remove unused code

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix(hashincsv): should not be salted by jsonpath

* docs: update changelog

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: adrienaury

CHANGELOG.md

@@ -14,6 +14,10 @@ Types of changes
 - `Fixed` for any bug fixes.
 - `Security` in case of vulnerabilities.
 
+## [1.31.3]
+
+- `Fixed` `hashInCSV` consistency when used in different jsonpath
+
 ## [1.31.2]
 
 - `Fixed` mask `pipe` with `injectRoot` option

pkg/hashcsv/hashcsv.go

@@ -166,10 +166,7 @@ func (mrl MaskEngine) GenIdentifierIfNeeded(obj model.Dictionary, e model.Entry,
 func Factory(conf model.MaskFactoryConfiguration) (model.MaskEngine, bool, error) {
 	seeder := model.NewSeeder(conf.Masking.Seed.Field, conf.Seed)
 
-	// set differents seeds for differents jsonpath
-	h := fnv.New64a()
-	h.Write([]byte(conf.Masking.Selector.Jsonpath))
-	conf.Seed += int64(h.Sum64()) //nolint:gosec
+	// do not set different seeds for different jsonpaths
 
 	if len(conf.Masking.Mask.HashInCSV.URI) != 0 {
 		mask, err := NewMask(conf.Masking.Mask.HashInCSV, conf.Seed, seeder)

test/suites/masking_hash_in_csv.yml

@@ -240,6 +240,45 @@ testcases:
       echo -e '{"person":1}\n{"person":2}\n{"person":3}\n{"person":2}\n{"person":1}\n{"person":3}' | pimo | head -c -1 | tr '\n' ' '
     assertions:
     - result.code ShouldEqual 0
-    - result.systemout ShouldEqual {"person":"4687448"} {"person":"6918459"} {"person":"815901"} {"person":"6918459"} {"person":"4687448"} {"person":"815901"}
+    - result.systemout ShouldEqual {"person":"11441486"} {"person":"5092990"} {"person":"12077293"} {"person":"5092990"} {"person":"11441486"} {"person":"12077293"}
     - result.systemerr ShouldBeEmpty
 
+- name: different jsonpath generate same identifier
+  steps:
+  - script: rm -f masking.yml
+  - script: |-
+      cat > masking.yml <<EOF
+      version: "1"
+      seed: 42
+      masking:
+        - selector:
+            jsonpath: "person1"
+          masks:
+            - hashInCSV:
+                uri: "file://../persons.csv"
+                header: true
+                identifier:
+                  field: "id"
+                  domain: "0123456789"
+                  resistance: 1000
+            - template: "{{ .person1.id }}"
+        - selector:
+            jsonpath: "person2"
+          masks:
+            - hashInCSV:
+                uri: "file://../persons.csv"
+                header: true
+                identifier:
+                  field: "id"
+                  domain: "0123456789"
+                  resistance: 1000
+            - template: "{{ .person2.id }}"
+      EOF
+  - script: |-
+      echo -e '{"person1":1,"person2":1}' | pimo
+    assertions:
+    - result.code ShouldEqual 0
+    - result.systemout ShouldEqual {"person1":"11441486","person2":"11441486"}
+    - result.systemerr ShouldBeEmpty
+
+