1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
'use strict';
const common = require('../../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const tmpdir = require('../../common/tmpdir');
const { spawnSync } = require('child_process');
const crypto = require('crypto');
const fs = require('fs');
const path = require('path');
const { pathToFileURL } = require('url');
tmpdir.refresh();
function hash(algo, body) {
const h = crypto.createHash(algo);
h.update(body);
return h.digest('base64');
}
const policyFilepath = path.join(tmpdir.path, 'policy');
const depFilepath = require.resolve(`./build/${common.buildType}/binding.node`);
const depURL = pathToFileURL(depFilepath);
const tmpdirURL = pathToFileURL(tmpdir.path);
if (!tmpdirURL.pathname.endsWith('/')) {
tmpdirURL.pathname += '/';
}
const depBody = fs.readFileSync(depURL);
function writePolicy(...resources) {
const manifest = { resources: {} };
for (const { url, integrity } of resources) {
manifest.resources[url] = { integrity };
}
fs.writeFileSync(policyFilepath, JSON.stringify(manifest, null, 2));
}
function test(shouldFail, resources) {
writePolicy(...resources);
const { status, stdout, stderr } = spawnSync(process.execPath, [
'--experimental-policy',
policyFilepath,
depFilepath
]);
console.log(stdout.toString(), stderr.toString());
if (shouldFail) {
assert.notStrictEqual(status, 0);
} else {
assert.strictEqual(status, 0);
}
}
test(false, [{
url: depURL,
integrity: `sha256-${hash('sha256', depBody)}`
}]);
test(true, [{
url: depURL,
integrity: `sha256akjsalkjdlaskjdk-${hash('sha256', depBody)}`
}]);
|
