From da765046f5f8a2c5693bcd4b228a66482f788913 Mon Sep 17 00:00:00 2001
From: Gabor Gyorvari <scr34m@gmail.com>
Date: Tue, 8 Jan 2019 20:12:48 +0100
Subject: [PATCH] Combined whitelist jquery source packages checksum checks

---
 tools/bigdata/generate.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/tools/bigdata/generate.php b/tools/bigdata/generate.php
index 81386ce..2f20012 100644
--- a/tools/bigdata/generate.php
+++ b/tools/bigdata/generate.php
@@ -8,11 +8,12 @@ function is_cached($file)
     return is_readable($cache_dir . '/' . $file);
 }
 
-function set_cache($file, $data)
+function set_cache($file, $data, $algo, $hash)
 {
     global $cache_dir;
 
     file_put_contents($cache_dir . '/' . $file, $data);
+    file_put_contents($cache_dir . '/' . $file . '.' . $algo, $hash);
 }
 
 function get_cache($file)
@@ -54,12 +55,19 @@ function fetch_jquery($fp)
     echo 'Fetching jQuery' . PHP_EOL;
     $data = file_get_contents('https://code.jquery.com/jquery/');
 
-    preg_match_all('/<a class=\'open\-sri\-modal\' href=\'\/(jquery-.*?\.js)/', $data, $m);
-    foreach ($m[1] as $file) {
+    preg_match_all(
+        '/<a class=\'open\-sri\-modal\' href=\'\/(jquery-.*?\.js)\' data\-hash=\'sha256\-(.*?)\'/',
+        $data,
+        $m
+    );
+    foreach ($m[1] as $k => $file) {
         if (!is_cached($file)) {
             echo 'Downloading: ' . 'https://code.jquery.com/' . $file . PHP_EOL;
             $data = file_get_contents('https://code.jquery.com/' . $file);
-            set_cache($file, $data);
+            if (base64_encode(hash('sha256', $data, true)) != $m[2][$k]) {
+                die('Hash mismatch' . PHP_EOL);
+            }
+            set_cache($file, $data, 'sha256', bin2hex(base64_decode($m[2][$k])));
         } else {
             $data = get_cache($file);
         }
@@ -76,7 +84,7 @@ if (!is_readable($cache_dir)) {
 
 $fp = fopen('all.txt', 'w');
 
-fetch_kubik_rubik($fp);
+// fetch_kubik_rubik($fp);
 fetch_jquery($fp);
 
 fclose($fp);