Combined whitelist jquery source packages checksum checks

This commit is contained in:
Gabor Gyorvari
2019-01-08 20:12:48 +01:00
parent 538d7fe3f6
commit da765046f5

View File

@@ -8,11 +8,12 @@ function is_cached($file)
return is_readable($cache_dir . '/' . $file); return is_readable($cache_dir . '/' . $file);
} }
function set_cache($file, $data) function set_cache($file, $data, $algo, $hash)
{ {
global $cache_dir; global $cache_dir;
file_put_contents($cache_dir . '/' . $file, $data); file_put_contents($cache_dir . '/' . $file, $data);
file_put_contents($cache_dir . '/' . $file . '.' . $algo, $hash);
} }
function get_cache($file) function get_cache($file)
@@ -54,12 +55,19 @@ function fetch_jquery($fp)
echo 'Fetching jQuery' . PHP_EOL; echo 'Fetching jQuery' . PHP_EOL;
$data = file_get_contents('https://code.jquery.com/jquery/'); $data = file_get_contents('https://code.jquery.com/jquery/');
preg_match_all('/<a class=\'open\-sri\-modal\' href=\'\/(jquery-.*?\.js)/', $data, $m); preg_match_all(
foreach ($m[1] as $file) { '/<a class=\'open\-sri\-modal\' href=\'\/(jquery-.*?\.js)\' data\-hash=\'sha256\-(.*?)\'/',
$data,
$m
);
foreach ($m[1] as $k => $file) {
if (!is_cached($file)) { if (!is_cached($file)) {
echo 'Downloading: ' . 'https://code.jquery.com/' . $file . PHP_EOL; echo 'Downloading: ' . 'https://code.jquery.com/' . $file . PHP_EOL;
$data = file_get_contents('https://code.jquery.com/' . $file); $data = file_get_contents('https://code.jquery.com/' . $file);
set_cache($file, $data); if (base64_encode(hash('sha256', $data, true)) != $m[2][$k]) {
die('Hash mismatch' . PHP_EOL);
}
set_cache($file, $data, 'sha256', bin2hex(base64_decode($m[2][$k])));
} else { } else {
$data = get_cache($file); $data = get_cache($file);
} }
@@ -76,7 +84,7 @@ if (!is_readable($cache_dir)) {
$fp = fopen('all.txt', 'w'); $fp = fopen('all.txt', 'w');
fetch_kubik_rubik($fp); // fetch_kubik_rubik($fp);
fetch_jquery($fp); fetch_jquery($fp);
fclose($fp); fclose($fp);