Combined whitelist jquery source packages checksum checks

tools/bigdata/generate.php

@@ -8,11 +8,12 @@ function is_cached($file)
     return is_readable($cache_dir . '/' . $file);
 }
 
-function set_cache($file, $data)
+function set_cache($file, $data, $algo, $hash)
 {
     global $cache_dir;
 
     file_put_contents($cache_dir . '/' . $file, $data);
+    file_put_contents($cache_dir . '/' . $file . '.' . $algo, $hash);
 }
 
 function get_cache($file)
@@ -54,12 +55,19 @@ function fetch_jquery($fp)
     echo 'Fetching jQuery' . PHP_EOL;
     $data = file_get_contents('https://code.jquery.com/jquery/');
 
-    preg_match_all('/<a class=\'open\-sri\-modal\' href=\'\/(jquery-.*?\.js)/', $data, $m);
-    foreach ($m[1] as $file) {
+    preg_match_all(
+        '/<a class=\'open\-sri\-modal\' href=\'\/(jquery-.*?\.js)\' data\-hash=\'sha256\-(.*?)\'/',
+        $data,
+        $m
+    );
+    foreach ($m[1] as $k => $file) {
         if (!is_cached($file)) {
             echo 'Downloading: ' . 'https://code.jquery.com/' . $file . PHP_EOL;
             $data = file_get_contents('https://code.jquery.com/' . $file);
-            set_cache($file, $data);
+            if (base64_encode(hash('sha256', $data, true)) != $m[2][$k]) {
+                die('Hash mismatch' . PHP_EOL);
+            }
+            set_cache($file, $data, 'sha256', bin2hex(base64_decode($m[2][$k])));
         } else {
             $data = get_cache($file);
         }
@@ -76,7 +84,7 @@ if (!is_readable($cache_dir)) {
 
 $fp = fopen('all.txt', 'w');
 
-fetch_kubik_rubik($fp);
+// fetch_kubik_rubik($fp);
 fetch_jquery($fp);
 
 fclose($fp);