diff options
Diffstat (limited to 'sandbox/testAppNevena/Front/node_modules/ssri')
5 files changed, 0 insertions, 1421 deletions
diff --git a/sandbox/testAppNevena/Front/node_modules/ssri/CHANGELOG.md b/sandbox/testAppNevena/Front/node_modules/ssri/CHANGELOG.md deleted file mode 100644 index 3fea458e..00000000 --- a/sandbox/testAppNevena/Front/node_modules/ssri/CHANGELOG.md +++ /dev/null @@ -1,355 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -### [8.0.1](https://github.com/npm/ssri/compare/v8.0.0...v8.0.1) (2021-01-27) - - -### Bug Fixes - -* simplify regex for strict mode, add tests ([76e2233](https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2)) - -## [8.0.0](https://github.com/npm/ssri/compare/v7.1.0...v8.0.0) (2020-02-18) - - -### ⚠ BREAKING CHANGES - -* SRI values with `../` in the algorithm name now throw -as invalid (which they always probably should have!) -* adds a new error that will be thrown. Empty SRIs are -no longer considered valid for checking, only when using integrityStream -to calculate the SRI value. - -PR-URL: https://github.com/npm/ssri/pull/12 -Credit: @claudiahdz - -### Features - -* remove figgy-pudding ([0e78fd7](https://github.com/npm/ssri/commit/0e78fd7b754e2d098875eb4c57238709d96d7c27)) - - -### Bug Fixes - -* harden SRI parsing against ../ funny business ([4062735](https://github.com/npm/ssri/commit/4062735d1281941fd32ac4320b9f9965fcec278b)) -* IntegrityStream responds to mutating opts object mid-stream ([4a963e5](https://github.com/npm/ssri/commit/4a963e5982478c6b07f86848cdb72d142c765195)) -* throw null when sri is empty or bad ([a6811cb](https://github.com/npm/ssri/commit/a6811cba71e20ea1fdefa6e50c9ea3c67efc2500)), closes [#12](https://github.com/npm/ssri/issues/12) - -## [7.1.0](https://github.com/npm/ssri/compare/v7.0.1...v7.1.0) (2019-10-24) - - -### Bug Fixes - -* Do not blow up if the opts object is mutated ([806e8c8](https://github.com/npm/ssri/commit/806e8c8)) - - -### Features - -* Add Integrity#merge method ([0572c1d](https://github.com/npm/ssri/commit/0572c1d)), closes [#4](https://github.com/npm/ssri/issues/4) - -### [7.0.1](https://github.com/npm/ssri/compare/v7.0.0...v7.0.1) (2019-09-30) - -## [7.0.0](https://github.com/npm/ssri/compare/v6.0.1...v7.0.0) (2019-09-18) - - -### ⚠ BREAKING CHANGES - -* ssri no longer accepts a Promise option, and does not -use, return, or rely on Bluebird promises. -* drop support for Node.js v6. - -We knew this was coming, and the Stream changes are breaking anyway. -May as well do this now. -* **streams:** this replaces the Node.js stream with a Minipass -stream. See http://npm.im/minipass for documentation. - -### Bug Fixes - -* return super.write() return value ([55b055d](https://github.com/npm/ssri/commit/55b055d)) - - -* Use native promises only ([6d13165](https://github.com/npm/ssri/commit/6d13165)) -* update tap, standard, standard-version, travis ([2e54956](https://github.com/npm/ssri/commit/2e54956)) -* **streams:** replace transform streams with minipass ([363995e](https://github.com/npm/ssri/commit/363995e)) - -<a name="6.0.1"></a> -## [6.0.1](https://github.com/npm/ssri/compare/v6.0.0...v6.0.1) (2018-08-27) - - -### Bug Fixes - -* **opts:** use figgy-pudding to specify consumed opts ([cf86553](https://github.com/npm/ssri/commit/cf86553)) - - - -<a name="6.0.0"></a> -# [6.0.0](https://github.com/npm/ssri/compare/v5.3.0...v6.0.0) (2018-04-09) - - -### Bug Fixes - -* **docs:** minor typo ([b71ef17](https://github.com/npm/ssri/commit/b71ef17)) - - -### meta - -* drop support for node@4 ([d9bf359](https://github.com/npm/ssri/commit/d9bf359)) - - -### BREAKING CHANGES - -* node@4 is no longer supported - - - -<a name="5.3.0"></a> -# [5.3.0](https://github.com/npm/ssri/compare/v5.2.4...v5.3.0) (2018-03-13) - - -### Features - -* **checkData:** optionally throw when checkData fails ([bf26b84](https://github.com/npm/ssri/commit/bf26b84)) - - - -<a name="5.2.4"></a> -## [5.2.4](https://github.com/npm/ssri/compare/v5.2.3...v5.2.4) (2018-02-16) - - - -<a name="5.2.3"></a> -## [5.2.3](https://github.com/npm/ssri/compare/v5.2.2...v5.2.3) (2018-02-16) - - -### Bug Fixes - -* **hashes:** filter hash priority list by available hashes ([2fa30b8](https://github.com/npm/ssri/commit/2fa30b8)) -* **integrityStream:** dedupe algorithms to generate ([d56c654](https://github.com/npm/ssri/commit/d56c654)) - - - -<a name="5.2.2"></a> -## [5.2.2](https://github.com/npm/ssri/compare/v5.2.1...v5.2.2) (2018-02-14) - - -### Bug Fixes - -* **security:** tweak strict SRI regex ([#10](https://github.com/npm/ssri/issues/10)) ([d0ebcdc](https://github.com/npm/ssri/commit/d0ebcdc)) - - - -<a name="5.2.1"></a> -## [5.2.1](https://github.com/npm/ssri/compare/v5.2.0...v5.2.1) (2018-02-06) - - - -<a name="5.2.0"></a> -# [5.2.0](https://github.com/npm/ssri/compare/v5.1.0...v5.2.0) (2018-02-06) - - -### Features - -* **match:** add integrity.match() ([3c49cc4](https://github.com/npm/ssri/commit/3c49cc4)) - - - -<a name="5.1.0"></a> -# [5.1.0](https://github.com/npm/ssri/compare/v5.0.0...v5.1.0) (2018-01-18) - - -### Bug Fixes - -* **checkStream:** integrityStream now takes opts.integrity algos into account ([d262910](https://github.com/npm/ssri/commit/d262910)) - - -### Features - -* **sha3:** do some guesswork about upcoming sha3 ([7fdd9df](https://github.com/npm/ssri/commit/7fdd9df)) - - - -<a name="5.0.0"></a> -# [5.0.0](https://github.com/npm/ssri/compare/v4.1.6...v5.0.0) (2017-10-23) - - -### Features - -* **license:** relicense to ISC (#9) ([c82983a](https://github.com/npm/ssri/commit/c82983a)) - - -### BREAKING CHANGES - -* **license:** the license has been changed from CC0-1.0 to ISC. - - - -<a name="4.1.6"></a> -## [4.1.6](https://github.com/npm/ssri/compare/v4.1.5...v4.1.6) (2017-06-07) - - -### Bug Fixes - -* **checkStream:** make sure to pass all opts through ([0b1bcbe](https://github.com/npm/ssri/commit/0b1bcbe)) - - - -<a name="4.1.5"></a> -## [4.1.5](https://github.com/npm/ssri/compare/v4.1.4...v4.1.5) (2017-06-05) - - -### Bug Fixes - -* **integrityStream:** stop crashing if opts.algorithms and opts.integrity have an algo mismatch ([fb1293e](https://github.com/npm/ssri/commit/fb1293e)) - - - -<a name="4.1.4"></a> -## [4.1.4](https://github.com/npm/ssri/compare/v4.1.3...v4.1.4) (2017-05-31) - - -### Bug Fixes - -* **node:** older versions of node[@4](https://github.com/4) do not support base64buffer string parsing ([513df4e](https://github.com/npm/ssri/commit/513df4e)) - - - -<a name="4.1.3"></a> -## [4.1.3](https://github.com/npm/ssri/compare/v4.1.2...v4.1.3) (2017-05-24) - - -### Bug Fixes - -* **check:** handle various bad hash corner cases better ([c2c262b](https://github.com/npm/ssri/commit/c2c262b)) - - - -<a name="4.1.2"></a> -## [4.1.2](https://github.com/npm/ssri/compare/v4.1.1...v4.1.2) (2017-04-18) - - -### Bug Fixes - -* **stream:** _flush can be called multiple times. use on("end") ([b1c4805](https://github.com/npm/ssri/commit/b1c4805)) - - - -<a name="4.1.1"></a> -## [4.1.1](https://github.com/npm/ssri/compare/v4.1.0...v4.1.1) (2017-04-12) - - -### Bug Fixes - -* **pickAlgorithm:** error if pickAlgorithm() is used in an empty Integrity ([fab470e](https://github.com/npm/ssri/commit/fab470e)) - - - -<a name="4.1.0"></a> -# [4.1.0](https://github.com/npm/ssri/compare/v4.0.0...v4.1.0) (2017-04-07) - - -### Features - -* adding ssri.create for a crypto style interface (#2) ([96f52ad](https://github.com/npm/ssri/commit/96f52ad)) - - - -<a name="4.0.0"></a> -# [4.0.0](https://github.com/npm/ssri/compare/v3.0.2...v4.0.0) (2017-04-03) - - -### Bug Fixes - -* **integrity:** should have changed the error code before. oops ([8381afa](https://github.com/npm/ssri/commit/8381afa)) - - -### BREAKING CHANGES - -* **integrity:** EBADCHECKSUM -> EINTEGRITY for verification errors - - - -<a name="3.0.2"></a> -## [3.0.2](https://github.com/npm/ssri/compare/v3.0.1...v3.0.2) (2017-04-03) - - - -<a name="3.0.1"></a> -## [3.0.1](https://github.com/npm/ssri/compare/v3.0.0...v3.0.1) (2017-04-03) - - -### Bug Fixes - -* **package.json:** really should have these in the keywords because search ([a6ac6d0](https://github.com/npm/ssri/commit/a6ac6d0)) - - - -<a name="3.0.0"></a> -# [3.0.0](https://github.com/npm/ssri/compare/v2.0.0...v3.0.0) (2017-04-03) - - -### Bug Fixes - -* **hashes:** IntegrityMetadata -> Hash ([d04aa1f](https://github.com/npm/ssri/commit/d04aa1f)) - - -### Features - -* **check:** return IntegrityMetadata on check success ([2301e74](https://github.com/npm/ssri/commit/2301e74)) -* **fromHex:** ssri.fromHex to make it easier to generate them from hex valus ([049b89e](https://github.com/npm/ssri/commit/049b89e)) -* **hex:** utility function for getting hex version of digest ([a9f021c](https://github.com/npm/ssri/commit/a9f021c)) -* **hexDigest:** added hexDigest method to Integrity objects too ([85208ba](https://github.com/npm/ssri/commit/85208ba)) -* **integrity:** add .isIntegrity and .isIntegrityMetadata ([1b29e6f](https://github.com/npm/ssri/commit/1b29e6f)) -* **integrityStream:** new stream that can both generate and check streamed data ([fd23e1b](https://github.com/npm/ssri/commit/fd23e1b)) -* **parse:** allow parsing straight into a single IntegrityMetadata object ([c8ddf48](https://github.com/npm/ssri/commit/c8ddf48)) -* **pickAlgorithm:** Intergrity#pickAlgorithm() added ([b97a796](https://github.com/npm/ssri/commit/b97a796)) -* **size:** calculate and update stream sizes ([02ed1ad](https://github.com/npm/ssri/commit/02ed1ad)) - - -### BREAKING CHANGES - -* **hashes:** `.isIntegrityMetadata` is now `.isHash`. Also, any references to `IntegrityMetadata` now refer to `Hash`. -* **integrityStream:** createCheckerStream has been removed and replaced with a general-purpose integrityStream. - -To convert existing createCheckerStream code, move the `sri` argument into `opts.integrity` in integrityStream. All other options should be the same. -* **check:** `checkData`, `checkStream`, and `createCheckerStream` now yield a whole IntegrityMetadata instance representing the first successful hash match. - - - -<a name="2.0.0"></a> -# [2.0.0](https://github.com/npm/ssri/compare/v1.0.0...v2.0.0) (2017-03-24) - - -### Bug Fixes - -* **strict-mode:** make regexes more rigid ([122a32c](https://github.com/npm/ssri/commit/122a32c)) - - -### Features - -* **api:** added serialize alias for unparse ([999b421](https://github.com/npm/ssri/commit/999b421)) -* **concat:** add Integrity#concat() ([cae12c7](https://github.com/npm/ssri/commit/cae12c7)) -* **pickAlgo:** pick the strongest algorithm provided, by default ([58c18f7](https://github.com/npm/ssri/commit/58c18f7)) -* **strict-mode:** strict SRI support ([3f0b64c](https://github.com/npm/ssri/commit/3f0b64c)) -* **stringify:** replaced unparse/serialize with stringify ([4acad30](https://github.com/npm/ssri/commit/4acad30)) -* **verification:** add opts.pickAlgorithm ([f72e658](https://github.com/npm/ssri/commit/f72e658)) - - -### BREAKING CHANGES - -* **pickAlgo:** ssri will prioritize specific hashes now -* **stringify:** serialize and unparse have been removed. Use ssri.stringify instead. -* **strict-mode:** functions that accepted an optional `sep` argument now expect `opts.sep`. - - - -<a name="1.0.0"></a> -# 1.0.0 (2017-03-23) - - -### Features - -* **api:** implemented initial api ([4fbb16b](https://github.com/npm/ssri/commit/4fbb16b)) - - -### BREAKING CHANGES - -* **api:** Initial API established. diff --git a/sandbox/testAppNevena/Front/node_modules/ssri/LICENSE.md b/sandbox/testAppNevena/Front/node_modules/ssri/LICENSE.md deleted file mode 100644 index 8d28acf8..00000000 --- a/sandbox/testAppNevena/Front/node_modules/ssri/LICENSE.md +++ /dev/null @@ -1,16 +0,0 @@ -ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for -any purpose with or without fee is hereby granted, provided that the -above copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS -ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE -COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS -OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/sandbox/testAppNevena/Front/node_modules/ssri/README.md b/sandbox/testAppNevena/Front/node_modules/ssri/README.md deleted file mode 100644 index 0cd41be8..00000000 --- a/sandbox/testAppNevena/Front/node_modules/ssri/README.md +++ /dev/null @@ -1,528 +0,0 @@ -# ssri [](https://npm.im/ssri) [](https://npm.im/ssri) [](https://travis-ci.org/npm/ssri) [](https://ci.appveyor.com/project/npm/ssri) [](https://coveralls.io/github/npm/ssri?branch=latest) - -[`ssri`](https://github.com/npm/ssri), short for Standard Subresource -Integrity, is a Node.js utility for parsing, manipulating, serializing, -generating, and verifying [Subresource -Integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) hashes. - -## Install - -`$ npm install --save ssri` - -## Table of Contents - -* [Example](#example) -* [Features](#features) -* [Contributing](#contributing) -* [API](#api) - * Parsing & Serializing - * [`parse`](#parse) - * [`stringify`](#stringify) - * [`Integrity#concat`](#integrity-concat) - * [`Integrity#merge`](#integrity-merge) - * [`Integrity#toString`](#integrity-to-string) - * [`Integrity#toJSON`](#integrity-to-json) - * [`Integrity#match`](#integrity-match) - * [`Integrity#pickAlgorithm`](#integrity-pick-algorithm) - * [`Integrity#hexDigest`](#integrity-hex-digest) - * Integrity Generation - * [`fromHex`](#from-hex) - * [`fromData`](#from-data) - * [`fromStream`](#from-stream) - * [`create`](#create) - * Integrity Verification - * [`checkData`](#check-data) - * [`checkStream`](#check-stream) - * [`integrityStream`](#integrity-stream) - -### Example - -```javascript -const ssri = require('ssri') - -const integrity = 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo' - -// Parsing and serializing -const parsed = ssri.parse(integrity) -ssri.stringify(parsed) // === integrity (works on non-Integrity objects) -parsed.toString() // === integrity - -// Async stream functions -ssri.checkStream(fs.createReadStream('./my-file'), integrity).then(...) -ssri.fromStream(fs.createReadStream('./my-file')).then(sri => { - sri.toString() === integrity -}) -fs.createReadStream('./my-file').pipe(ssri.createCheckerStream(sri)) - -// Sync data functions -ssri.fromData(fs.readFileSync('./my-file')) // === parsed -ssri.checkData(fs.readFileSync('./my-file'), integrity) // => 'sha512' -``` - -### Features - -* Parses and stringifies SRI strings. -* Generates SRI strings from raw data or Streams. -* Strict standard compliance. -* `?foo` metadata option support. -* Multiple entries for the same algorithm. -* Object-based integrity hash manipulation. -* Small footprint: no dependencies, concise implementation. -* Full test coverage. -* Customizable algorithm picker. - -### Contributing - -The ssri team enthusiastically welcomes contributions and project participation! -There's a bunch of things you can do if you want to contribute! The [Contributor -Guide](CONTRIBUTING.md) has all the information you need for everything from -reporting bugs to contributing entire new features. Please don't hesitate to -jump in if you'd like to, or even ask us questions if something isn't clear. - -### API - -#### <a name="parse"></a> `> ssri.parse(sri, [opts]) -> Integrity` - -Parses `sri` into an `Integrity` data structure. `sri` can be an integrity -string, an `Hash`-like with `digest` and `algorithm` fields and an optional -`options` field, or an `Integrity`-like object. The resulting object will be an -`Integrity` instance that has this shape: - -```javascript -{ - 'sha1': [{algorithm: 'sha1', digest: 'deadbeef', options: []}], - 'sha512': [ - {algorithm: 'sha512', digest: 'c0ffee', options: []}, - {algorithm: 'sha512', digest: 'bad1dea', options: ['foo']} - ], -} -``` - -If `opts.single` is truthy, a single `Hash` object will be returned. That is, a -single object that looks like `{algorithm, digest, options}`, as opposed to a -larger object with multiple of these. - -If `opts.strict` is truthy, the resulting object will be filtered such that -it strictly follows the Subresource Integrity spec, throwing away any entries -with any invalid components. This also means a restricted set of algorithms -will be used -- the spec limits them to `sha256`, `sha384`, and `sha512`. - -Strict mode is recommended if the integrity strings are intended for use in -browsers, or in other situations where strict adherence to the spec is needed. - -##### Example - -```javascript -ssri.parse('sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo') // -> Integrity object -``` - -#### <a name="stringify"></a> `> ssri.stringify(sri, [opts]) -> String` - -This function is identical to [`Integrity#toString()`](#integrity-to-string), -except it can be used on _any_ object that [`parse`](#parse) can handle -- that -is, a string, an `Hash`-like, or an `Integrity`-like. - -The `opts.sep` option defines the string to use when joining multiple entries -together. To be spec-compliant, this _must_ be whitespace. The default is a -single space (`' '`). - -If `opts.strict` is true, the integrity string will be created using strict -parsing rules. See [`ssri.parse`](#parse). - -##### Example - -```javascript -// Useful for cleaning up input SRI strings: -ssri.stringify('\n\rsha512-foo\n\t\tsha384-bar') -// -> 'sha512-foo sha384-bar' - -// Hash-like: only a single entry. -ssri.stringify({ - algorithm: 'sha512', - digest:'9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==', - options: ['foo'] -}) -// -> -// 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo' - -// Integrity-like: full multi-entry syntax. Similar to output of `ssri.parse` -ssri.stringify({ - 'sha512': [ - { - algorithm: 'sha512', - digest:'9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==', - options: ['foo'] - } - ] -}) -// -> -// 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo' -``` - -#### <a name="integrity-concat"></a> `> Integrity#concat(otherIntegrity, [opts]) -> Integrity` - -Concatenates an `Integrity` object with another IntegrityLike, or an integrity -string. - -This is functionally equivalent to concatenating the string format of both -integrity arguments, and calling [`ssri.parse`](#ssri-parse) on the new string. - -If `opts.strict` is true, the new `Integrity` will be created using strict -parsing rules. See [`ssri.parse`](#parse). - -##### Example - -```javascript -// This will combine the integrity checks for two different versions of -// your index.js file so you can use a single integrity string and serve -// either of these to clients, from a single `<script>` tag. -const desktopIntegrity = ssri.fromData(fs.readFileSync('./index.desktop.js')) -const mobileIntegrity = ssri.fromData(fs.readFileSync('./index.mobile.js')) - -// Note that browsers (and ssri) will succeed as long as ONE of the entries -// for the *prioritized* algorithm succeeds. That is, in order for this fallback -// to work, both desktop and mobile *must* use the same `algorithm` values. -desktopIntegrity.concat(mobileIntegrity) -``` - -#### <a name="integrity-merge"></a> `> Integrity#merge(otherIntegrity, [opts])` - -Safely merges another IntegrityLike or integrity string into an `Integrity` -object. - -If the other integrity value has any algorithms in common with the current -object, then the hash digests must match, or an error is thrown. - -Any new hashes will be added to the current object's set. - -This is useful when an integrity value may be upgraded with a stronger -algorithm, you wish to prevent accidentally supressing integrity errors by -overwriting the expected integrity value. - -##### Example - -```javascript -const data = fs.readFileSync('data.txt') - -// integrity.txt contains 'sha1-X1UT+IIv2+UUWvM7ZNjZcNz5XG4=' -// because we were young, and didn't realize sha1 would not last -const expectedIntegrity = ssri.parse(fs.readFileSync('integrity.txt', 'utf8')) -const match = ssri.checkData(data, expectedIntegrity, { - algorithms: ['sha512', 'sha1'] -}) -if (!match) { - throw new Error('data corrupted or something!') -} - -// get a stronger algo! -if (match && match.algorithm !== 'sha512') { - const updatedIntegrity = ssri.fromData(data, { algorithms: ['sha512'] }) - expectedIntegrity.merge(updatedIntegrity) - fs.writeFileSync('integrity.txt', expectedIntegrity.toString()) - // file now contains - // 'sha1-X1UT+IIv2+UUWvM7ZNjZcNz5XG4= sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1+9vBnypkYWg==' -} -``` - -#### <a name="integrity-to-string"></a> `> Integrity#toString([opts]) -> String` - -Returns the string representation of an `Integrity` object. All hash entries -will be concatenated in the string by `opts.sep`, which defaults to `' '`. - -If you want to serialize an object that didn't come from an `ssri` function, -use [`ssri.stringify()`](#stringify). - -If `opts.strict` is true, the integrity string will be created using strict -parsing rules. See [`ssri.parse`](#parse). - -##### Example - -```javascript -const integrity = 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo' - -ssri.parse(integrity).toString() === integrity -``` - -#### <a name="integrity-to-json"></a> `> Integrity#toJSON() -> String` - -Returns the string representation of an `Integrity` object. All hash entries -will be concatenated in the string by `' '`. - -This is a convenience method so you can pass an `Integrity` object directly to `JSON.stringify`. -For more info check out [toJSON() behavior on mdn](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify#toJSON%28%29_behavior). - -##### Example - -```javascript -const integrity = '"sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo"' - -JSON.stringify(ssri.parse(integrity)) === integrity -``` - -#### <a name="integrity-match"></a> `> Integrity#match(sri, [opts]) -> Hash | false` - -Returns the matching (truthy) hash if `Integrity` matches the argument passed as -`sri`, which can be anything that [`parse`](#parse) will accept. `opts` will be -passed through to `parse` and [`pickAlgorithm()`](#integrity-pick-algorithm). - -##### Example - -```javascript -const integrity = 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==' - -ssri.parse(integrity).match(integrity) -// Hash { -// digest: '9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==' -// algorithm: 'sha512' -// } - -ssri.parse(integrity).match('sha1-deadbeef') -// false -``` - -#### <a name="integrity-pick-algorithm"></a> `> Integrity#pickAlgorithm([opts]) -> String` - -Returns the "best" algorithm from those available in the integrity object. - -If `opts.pickAlgorithm` is provided, it will be passed two algorithms as -arguments. ssri will prioritize whichever of the two algorithms is returned by -this function. Note that the function may be called multiple times, and it -**must** return one of the two algorithms provided. By default, ssri will make -a best-effort to pick the strongest/most reliable of the given algorithms. It -may intentionally deprioritize algorithms with known vulnerabilities. - -##### Example - -```javascript -ssri.parse('sha1-WEakDigEST sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1').pickAlgorithm() // sha512 -``` - -#### <a name="integrity-hex-digest"></a> `> Integrity#hexDigest() -> String` - -`Integrity` is assumed to be either a single-hash `Integrity` instance, or a -`Hash` instance. Returns its `digest`, converted to a hex representation of the -base64 data. - -##### Example - -```javascript -ssri.parse('sha1-deadbeef').hexDigest() // '75e69d6de79f' -``` - -#### <a name="from-hex"></a> `> ssri.fromHex(hexDigest, algorithm, [opts]) -> Integrity` - -Creates an `Integrity` object with a single entry, based on a hex-formatted -hash. This is a utility function to help convert existing shasums to the -Integrity format, and is roughly equivalent to something like: - -```javascript -algorithm + '-' + Buffer.from(hexDigest, 'hex').toString('base64') -``` - -`opts.options` may optionally be passed in: it must be an array of option -strings that will be added to all generated integrity hashes generated by -`fromData`. This is a loosely-specified feature of SRIs, and currently has no -specified semantics besides being `?`-separated. Use at your own risk, and -probably avoid if your integrity strings are meant to be used with browsers. - -If `opts.strict` is true, the integrity object will be created using strict -parsing rules. See [`ssri.parse`](#parse). - -If `opts.single` is true, a single `Hash` object will be returned. - -##### Example - -```javascript -ssri.fromHex('75e69d6de79f', 'sha1').toString() // 'sha1-deadbeef' -``` - -#### <a name="from-data"></a> `> ssri.fromData(data, [opts]) -> Integrity` - -Creates an `Integrity` object from either string or `Buffer` data, calculating -all the requested hashes and adding any specified options to the object. - -`opts.algorithms` determines which algorithms to generate hashes for. All -results will be included in a single `Integrity` object. The default value for -`opts.algorithms` is `['sha512']`. All algorithm strings must be hashes listed -in `crypto.getHashes()` for the host Node.js platform. - -`opts.options` may optionally be passed in: it must be an array of option -strings that will be added to all generated integrity hashes generated by -`fromData`. This is a loosely-specified feature of SRIs, and currently has no -specified semantics besides being `?`-separated. Use at your own risk, and -probably avoid if your integrity strings are meant to be used with browsers. - -If `opts.strict` is true, the integrity object will be created using strict -parsing rules. See [`ssri.parse`](#parse). - -##### Example - -```javascript -const integrityObj = ssri.fromData('foobarbaz', { - algorithms: ['sha256', 'sha384', 'sha512'] -}) -integrity.toString('\n') -// -> -// sha256-l981iLWj8kurw4UbNy8Lpxqdzd7UOxS50Glhv8FwfZ0= -// sha384-irnCxQ0CfQhYGlVAUdwTPC9bF3+YWLxlaDGM4xbYminxpbXEq+D+2GCEBTxcjES9 -// sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1+9vBnypkYWg== -``` - -#### <a name="from-stream"></a> `> ssri.fromStream(stream, [opts]) -> Promise<Integrity>` - -Returns a Promise of an Integrity object calculated by reading data from -a given `stream`. - -It accepts both `opts.algorithms` and `opts.options`, which are documented as -part of [`ssri.fromData`](#from-data). - -Additionally, `opts.Promise` may be passed in to inject a Promise library of -choice. By default, ssri will use Node's built-in Promises. - -If `opts.strict` is true, the integrity object will be created using strict -parsing rules. See [`ssri.parse`](#parse). - -##### Example - -```javascript -ssri.fromStream(fs.createReadStream('index.js'), { - algorithms: ['sha1', 'sha512'] -}).then(integrity => { - return ssri.checkStream(fs.createReadStream('index.js'), integrity) -}) // succeeds -``` - -#### <a name="create"></a> `> ssri.create([opts]) -> <Hash>` - -Returns a Hash object with `update(<Buffer or string>[,enc])` and `digest()` methods. - - -The Hash object provides the same methods as [crypto class Hash](https://nodejs.org/dist/latest-v6.x/docs/api/crypto.html#crypto_class_hash). -`digest()` accepts no arguments and returns an Integrity object calculated by reading data from -calls to update. - -It accepts both `opts.algorithms` and `opts.options`, which are documented as -part of [`ssri.fromData`](#from-data). - -If `opts.strict` is true, the integrity object will be created using strict -parsing rules. See [`ssri.parse`](#parse). - -##### Example - -```javascript -const integrity = ssri.create().update('foobarbaz').digest() -integrity.toString() -// -> -// sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1+9vBnypkYWg== -``` - -#### <a name="check-data"></a> `> ssri.checkData(data, sri, [opts]) -> Hash|false` - -Verifies `data` integrity against an `sri` argument. `data` may be either a -`String` or a `Buffer`, and `sri` can be any subresource integrity -representation that [`ssri.parse`](#parse) can handle. - -If verification succeeds, `checkData` will return the name of the algorithm that -was used for verification (a truthy value). Otherwise, it will return `false`. - -If `opts.pickAlgorithm` is provided, it will be used by -[`Integrity#pickAlgorithm`](#integrity-pick-algorithm) when deciding which of -the available digests to match against. - -If `opts.error` is true, and verification fails, `checkData` will throw either -an `EBADSIZE` or an `EINTEGRITY` error, instead of just returning false. - -##### Example - -```javascript -const data = fs.readFileSync('index.js') -ssri.checkData(data, ssri.fromData(data)) // -> 'sha512' -ssri.checkData(data, 'sha256-l981iLWj8kurw4UbNy8Lpxqdzd7UOxS50Glhv8FwfZ0') -ssri.checkData(data, 'sha1-BaDDigEST') // -> false -ssri.checkData(data, 'sha1-BaDDigEST', {error: true}) // -> Error! EINTEGRITY -``` - -#### <a name="check-stream"></a> `> ssri.checkStream(stream, sri, [opts]) -> Promise<Hash>` - -Verifies the contents of `stream` against an `sri` argument. `stream` will be -consumed in its entirety by this process. `sri` can be any subresource integrity -representation that [`ssri.parse`](#parse) can handle. - -`checkStream` will return a Promise that either resolves to the -`Hash` that succeeded verification, or, if the verification fails -or an error happens with `stream`, the Promise will be rejected. - -If the Promise is rejected because verification failed, the returned error will -have `err.code` as `EINTEGRITY`. - -If `opts.size` is given, it will be matched against the stream size. An error -with `err.code` `EBADSIZE` will be returned by a rejection if the expected size -and actual size fail to match. - -If `opts.pickAlgorithm` is provided, it will be used by -[`Integrity#pickAlgorithm`](#integrity-pick-algorithm) when deciding which of -the available digests to match against. - -##### Example - -```javascript -const integrity = ssri.fromData(fs.readFileSync('index.js')) - -ssri.checkStream( - fs.createReadStream('index.js'), - integrity -) -// -> -// Promise<{ -// algorithm: 'sha512', -// digest: 'sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1' -// }> - -ssri.checkStream( - fs.createReadStream('index.js'), - 'sha256-l981iLWj8kurw4UbNy8Lpxqdzd7UOxS50Glhv8FwfZ0' -) // -> Promise<Hash> - -ssri.checkStream( - fs.createReadStream('index.js'), - 'sha1-BaDDigEST' -) // -> Promise<Error<{code: 'EINTEGRITY'}>> -``` - -#### <a name="integrity-stream"></a> `> integrityStream([opts]) -> IntegrityStream` - -Returns a `Transform` stream that data can be piped through in order to generate -and optionally check data integrity for piped data. When the stream completes -successfully, it emits `size` and `integrity` events, containing the total -number of bytes processed and a calculated `Integrity` instance based on stream -data, respectively. - -If `opts.algorithms` is passed in, the listed algorithms will be calculated when -generating the final `Integrity` instance. The default is `['sha512']`. - -If `opts.single` is passed in, a single `Hash` instance will be returned. - -If `opts.integrity` is passed in, it should be an `integrity` value understood -by [`parse`](#parse) that the stream will check the data against. If -verification succeeds, the integrity stream will emit a `verified` event whose -value is a single `Hash` object that is the one that succeeded verification. If -verification fails, the stream will error with an `EINTEGRITY` error code. - -If `opts.size` is given, it will be matched against the stream size. An error -with `err.code` `EBADSIZE` will be emitted by the stream if the expected size -and actual size fail to match. - -If `opts.pickAlgorithm` is provided, it will be passed two algorithms as -arguments. ssri will prioritize whichever of the two algorithms is returned by -this function. Note that the function may be called multiple times, and it -**must** return one of the two algorithms provided. By default, ssri will make -a best-effort to pick the strongest/most reliable of the given algorithms. It -may intentionally deprioritize algorithms with known vulnerabilities. - -##### Example - -```javascript -const integrity = ssri.fromData(fs.readFileSync('index.js')) -fs.createReadStream('index.js') -.pipe(ssri.integrityStream({integrity})) -``` diff --git a/sandbox/testAppNevena/Front/node_modules/ssri/index.js b/sandbox/testAppNevena/Front/node_modules/ssri/index.js deleted file mode 100644 index 2b309849..00000000 --- a/sandbox/testAppNevena/Front/node_modules/ssri/index.js +++ /dev/null @@ -1,470 +0,0 @@ -'use strict' - -const crypto = require('crypto') -const MiniPass = require('minipass') - -const SPEC_ALGORITHMS = ['sha256', 'sha384', 'sha512'] - -// TODO: this should really be a hardcoded list of algorithms we support, -// rather than [a-z0-9]. -const BASE64_REGEX = /^[a-z0-9+/]+(?:=?=?)$/i -const SRI_REGEX = /^([a-z0-9]+)-([^?]+)([?\S*]*)$/ -const STRICT_SRI_REGEX = /^([a-z0-9]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)?$/ -const VCHAR_REGEX = /^[\x21-\x7E]+$/ - -const defaultOpts = { - algorithms: ['sha512'], - error: false, - options: [], - pickAlgorithm: getPrioritizedHash, - sep: ' ', - single: false, - strict: false -} - -const ssriOpts = (opts = {}) => ({ ...defaultOpts, ...opts }) - -const getOptString = options => !options || !options.length - ? '' - : `?${options.join('?')}` - -const _onEnd = Symbol('_onEnd') -const _getOptions = Symbol('_getOptions') -class IntegrityStream extends MiniPass { - constructor (opts) { - super() - this.size = 0 - this.opts = opts - - // may be overridden later, but set now for class consistency - this[_getOptions]() - - // options used for calculating stream. can't be changed. - const { algorithms = defaultOpts.algorithms } = opts - this.algorithms = Array.from( - new Set(algorithms.concat(this.algorithm ? [this.algorithm] : [])) - ) - this.hashes = this.algorithms.map(crypto.createHash) - } - - [_getOptions] () { - const { - integrity, - size, - options - } = { ...defaultOpts, ...this.opts } - - // For verification - this.sri = integrity ? parse(integrity, this.opts) : null - this.expectedSize = size - this.goodSri = this.sri ? !!Object.keys(this.sri).length : false - this.algorithm = this.goodSri ? this.sri.pickAlgorithm(this.opts) : null - this.digests = this.goodSri ? this.sri[this.algorithm] : null - this.optString = getOptString(options) - } - - emit (ev, data) { - if (ev === 'end') this[_onEnd]() - return super.emit(ev, data) - } - - write (data) { - this.size += data.length - this.hashes.forEach(h => h.update(data)) - return super.write(data) - } - - [_onEnd] () { - if (!this.goodSri) { - this[_getOptions]() - } - const newSri = parse(this.hashes.map((h, i) => { - return `${this.algorithms[i]}-${h.digest('base64')}${this.optString}` - }).join(' '), this.opts) - // Integrity verification mode - const match = this.goodSri && newSri.match(this.sri, this.opts) - if (typeof this.expectedSize === 'number' && this.size !== this.expectedSize) { - const err = new Error(`stream size mismatch when checking ${this.sri}.\n Wanted: ${this.expectedSize}\n Found: ${this.size}`) - err.code = 'EBADSIZE' - err.found = this.size - err.expected = this.expectedSize - err.sri = this.sri - this.emit('error', err) - } else if (this.sri && !match) { - const err = new Error(`${this.sri} integrity checksum failed when using ${this.algorithm}: wanted ${this.digests} but got ${newSri}. (${this.size} bytes)`) - err.code = 'EINTEGRITY' - err.found = newSri - err.expected = this.digests - err.algorithm = this.algorithm - err.sri = this.sri - this.emit('error', err) - } else { - this.emit('size', this.size) - this.emit('integrity', newSri) - match && this.emit('verified', match) - } - } -} - -class Hash { - get isHash () { return true } - constructor (hash, opts) { - opts = ssriOpts(opts) - const strict = !!opts.strict - this.source = hash.trim() - - // set default values so that we make V8 happy to - // always see a familiar object template. - this.digest = '' - this.algorithm = '' - this.options = [] - - // 3.1. Integrity metadata (called "Hash" by ssri) - // https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description - const match = this.source.match( - strict - ? STRICT_SRI_REGEX - : SRI_REGEX - ) - if (!match) { return } - if (strict && !SPEC_ALGORITHMS.some(a => a === match[1])) { return } - this.algorithm = match[1] - this.digest = match[2] - - const rawOpts = match[3] - if (rawOpts) { - this.options = rawOpts.slice(1).split('?') - } - } - - hexDigest () { - return this.digest && Buffer.from(this.digest, 'base64').toString('hex') - } - - toJSON () { - return this.toString() - } - - toString (opts) { - opts = ssriOpts(opts) - if (opts.strict) { - // Strict mode enforces the standard as close to the foot of the - // letter as it can. - if (!( - // The spec has very restricted productions for algorithms. - // https://www.w3.org/TR/CSP2/#source-list-syntax - SPEC_ALGORITHMS.some(x => x === this.algorithm) && - // Usually, if someone insists on using a "different" base64, we - // leave it as-is, since there's multiple standards, and the - // specified is not a URL-safe variant. - // https://www.w3.org/TR/CSP2/#base64_value - this.digest.match(BASE64_REGEX) && - // Option syntax is strictly visual chars. - // https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression - // https://tools.ietf.org/html/rfc5234#appendix-B.1 - this.options.every(opt => opt.match(VCHAR_REGEX)) - )) { - return '' - } - } - const options = this.options && this.options.length - ? `?${this.options.join('?')}` - : '' - return `${this.algorithm}-${this.digest}${options}` - } -} - -class Integrity { - get isIntegrity () { return true } - toJSON () { - return this.toString() - } - - isEmpty () { - return Object.keys(this).length === 0 - } - - toString (opts) { - opts = ssriOpts(opts) - let sep = opts.sep || ' ' - if (opts.strict) { - // Entries must be separated by whitespace, according to spec. - sep = sep.replace(/\S+/g, ' ') - } - return Object.keys(this).map(k => { - return this[k].map(hash => { - return Hash.prototype.toString.call(hash, opts) - }).filter(x => x.length).join(sep) - }).filter(x => x.length).join(sep) - } - - concat (integrity, opts) { - opts = ssriOpts(opts) - const other = typeof integrity === 'string' - ? integrity - : stringify(integrity, opts) - return parse(`${this.toString(opts)} ${other}`, opts) - } - - hexDigest () { - return parse(this, { single: true }).hexDigest() - } - - // add additional hashes to an integrity value, but prevent - // *changing* an existing integrity hash. - merge (integrity, opts) { - opts = ssriOpts(opts) - const other = parse(integrity, opts) - for (const algo in other) { - if (this[algo]) { - if (!this[algo].find(hash => - other[algo].find(otherhash => - hash.digest === otherhash.digest))) { - throw new Error('hashes do not match, cannot update integrity') - } - } else { - this[algo] = other[algo] - } - } - } - - match (integrity, opts) { - opts = ssriOpts(opts) - const other = parse(integrity, opts) - const algo = other.pickAlgorithm(opts) - return ( - this[algo] && - other[algo] && - this[algo].find(hash => - other[algo].find(otherhash => - hash.digest === otherhash.digest - ) - ) - ) || false - } - - pickAlgorithm (opts) { - opts = ssriOpts(opts) - const pickAlgorithm = opts.pickAlgorithm - const keys = Object.keys(this) - return keys.reduce((acc, algo) => { - return pickAlgorithm(acc, algo) || acc - }) - } -} - -module.exports.parse = parse -function parse (sri, opts) { - if (!sri) return null - opts = ssriOpts(opts) - if (typeof sri === 'string') { - return _parse(sri, opts) - } else if (sri.algorithm && sri.digest) { - const fullSri = new Integrity() - fullSri[sri.algorithm] = [sri] - return _parse(stringify(fullSri, opts), opts) - } else { - return _parse(stringify(sri, opts), opts) - } -} - -function _parse (integrity, opts) { - // 3.4.3. Parse metadata - // https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata - if (opts.single) { - return new Hash(integrity, opts) - } - const hashes = integrity.trim().split(/\s+/).reduce((acc, string) => { - const hash = new Hash(string, opts) - if (hash.algorithm && hash.digest) { - const algo = hash.algorithm - if (!acc[algo]) { acc[algo] = [] } - acc[algo].push(hash) - } - return acc - }, new Integrity()) - return hashes.isEmpty() ? null : hashes -} - -module.exports.stringify = stringify -function stringify (obj, opts) { - opts = ssriOpts(opts) - if (obj.algorithm && obj.digest) { - return Hash.prototype.toString.call(obj, opts) - } else if (typeof obj === 'string') { - return stringify(parse(obj, opts), opts) - } else { - return Integrity.prototype.toString.call(obj, opts) - } -} - -module.exports.fromHex = fromHex -function fromHex (hexDigest, algorithm, opts) { - opts = ssriOpts(opts) - const optString = getOptString(opts.options) - return parse( - `${algorithm}-${ - Buffer.from(hexDigest, 'hex').toString('base64') - }${optString}`, opts - ) -} - -module.exports.fromData = fromData -function fromData (data, opts) { - opts = ssriOpts(opts) - const algorithms = opts.algorithms - const optString = getOptString(opts.options) - return algorithms.reduce((acc, algo) => { - const digest = crypto.createHash(algo).update(data).digest('base64') - const hash = new Hash( - `${algo}-${digest}${optString}`, - opts - ) - /* istanbul ignore else - it would be VERY strange if the string we - * just calculated with an algo did not have an algo or digest. - */ - if (hash.algorithm && hash.digest) { - const algo = hash.algorithm - if (!acc[algo]) { acc[algo] = [] } - acc[algo].push(hash) - } - return acc - }, new Integrity()) -} - -module.exports.fromStream = fromStream -function fromStream (stream, opts) { - opts = ssriOpts(opts) - const istream = integrityStream(opts) - return new Promise((resolve, reject) => { - stream.pipe(istream) - stream.on('error', reject) - istream.on('error', reject) - let sri - istream.on('integrity', s => { sri = s }) - istream.on('end', () => resolve(sri)) - istream.on('data', () => {}) - }) -} - -module.exports.checkData = checkData -function checkData (data, sri, opts) { - opts = ssriOpts(opts) - sri = parse(sri, opts) - if (!sri || !Object.keys(sri).length) { - if (opts.error) { - throw Object.assign( - new Error('No valid integrity hashes to check against'), { - code: 'EINTEGRITY' - } - ) - } else { - return false - } - } - const algorithm = sri.pickAlgorithm(opts) - const digest = crypto.createHash(algorithm).update(data).digest('base64') - const newSri = parse({ algorithm, digest }) - const match = newSri.match(sri, opts) - if (match || !opts.error) { - return match - } else if (typeof opts.size === 'number' && (data.length !== opts.size)) { - const err = new Error(`data size mismatch when checking ${sri}.\n Wanted: ${opts.size}\n Found: ${data.length}`) - err.code = 'EBADSIZE' - err.found = data.length - err.expected = opts.size - err.sri = sri - throw err - } else { - const err = new Error(`Integrity checksum failed when using ${algorithm}: Wanted ${sri}, but got ${newSri}. (${data.length} bytes)`) - err.code = 'EINTEGRITY' - err.found = newSri - err.expected = sri - err.algorithm = algorithm - err.sri = sri - throw err - } -} - -module.exports.checkStream = checkStream -function checkStream (stream, sri, opts) { - opts = ssriOpts(opts) - opts.integrity = sri - sri = parse(sri, opts) - if (!sri || !Object.keys(sri).length) { - return Promise.reject(Object.assign( - new Error('No valid integrity hashes to check against'), { - code: 'EINTEGRITY' - } - )) - } - const checker = integrityStream(opts) - return new Promise((resolve, reject) => { - stream.pipe(checker) - stream.on('error', reject) - checker.on('error', reject) - let sri - checker.on('verified', s => { sri = s }) - checker.on('end', () => resolve(sri)) - checker.on('data', () => {}) - }) -} - -module.exports.integrityStream = integrityStream -function integrityStream (opts = {}) { - return new IntegrityStream(opts) -} - -module.exports.create = createIntegrity -function createIntegrity (opts) { - opts = ssriOpts(opts) - const algorithms = opts.algorithms - const optString = getOptString(opts.options) - - const hashes = algorithms.map(crypto.createHash) - - return { - update: function (chunk, enc) { - hashes.forEach(h => h.update(chunk, enc)) - return this - }, - digest: function (enc) { - const integrity = algorithms.reduce((acc, algo) => { - const digest = hashes.shift().digest('base64') - const hash = new Hash( - `${algo}-${digest}${optString}`, - opts - ) - /* istanbul ignore else - it would be VERY strange if the hash we - * just calculated with an algo did not have an algo or digest. - */ - if (hash.algorithm && hash.digest) { - const algo = hash.algorithm - if (!acc[algo]) { acc[algo] = [] } - acc[algo].push(hash) - } - return acc - }, new Integrity()) - - return integrity - } - } -} - -const NODE_HASHES = new Set(crypto.getHashes()) - -// This is a Best Effort™ at a reasonable priority for hash algos -const DEFAULT_PRIORITY = [ - 'md5', 'whirlpool', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', - // TODO - it's unclear _which_ of these Node will actually use as its name - // for the algorithm, so we guesswork it based on the OpenSSL names. - 'sha3', - 'sha3-256', 'sha3-384', 'sha3-512', - 'sha3_256', 'sha3_384', 'sha3_512' -].filter(algo => NODE_HASHES.has(algo)) - -function getPrioritizedHash (algo1, algo2) { - return DEFAULT_PRIORITY.indexOf(algo1.toLowerCase()) >= DEFAULT_PRIORITY.indexOf(algo2.toLowerCase()) - ? algo1 - : algo2 -} diff --git a/sandbox/testAppNevena/Front/node_modules/ssri/package.json b/sandbox/testAppNevena/Front/node_modules/ssri/package.json deleted file mode 100644 index 4af1a3c4..00000000 --- a/sandbox/testAppNevena/Front/node_modules/ssri/package.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "name": "ssri", - "version": "8.0.1", - "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", - "main": "index.js", - "files": [], - "scripts": { - "prerelease": "npm t", - "postrelease": "npm publish", - "prepublishOnly": "git push --follow-tags", - "posttest": "npm run lint", - "release": "standard-version -s", - "test": "tap", - "coverage": "tap", - "lint": "standard" - }, - "tap": { - "check-coverage": true - }, - "repository": "https://github.com/npm/ssri", - "keywords": [ - "w3c", - "web", - "security", - "integrity", - "checksum", - "hashing", - "subresource integrity", - "sri", - "sri hash", - "sri string", - "sri generator", - "html" - ], - "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org", - "twitter": "maybekatz" - }, - "license": "ISC", - "dependencies": { - "minipass": "^3.1.1" - }, - "devDependencies": { - "standard": "^16.0.3", - "standard-version": "^9.1.0", - "tap": "^14.10.6" - }, - "engines": { - "node": ">= 8" - } -} |