Skip to content

Commit

Permalink
fix(check): handle various bad hash corner cases better
Browse files Browse the repository at this point in the history
  • Loading branch information
zkat committed May 24, 2017
1 parent d5b0459 commit c2c262b
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 4 deletions.
13 changes: 9 additions & 4 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,9 @@ class Integrity {
const pickAlgorithm = (opts && opts.pickAlgorithm) || getPrioritizedHash
const keys = Object.keys(this)
if (!keys.length) {
throw new Error(`No algorithms available for ${this}`)
throw new Error(`No algorithms available for ${
JSON.stringify(this.toString())
}`)
}
return keys.reduce((acc, algo) => {
return pickAlgorithm(acc, algo) || acc
Expand Down Expand Up @@ -199,8 +201,9 @@ module.exports.checkData = checkData
function checkData (data, sri, opts) {
opts = opts || {}
sri = parse(sri, opts)
if (!Object.keys(sri).length) { return false }
const algorithm = sri.pickAlgorithm(opts)
const digests = sri[algorithm]
const digests = sri[algorithm] || []
const digest = crypto.createHash(algorithm).update(data).digest('base64')
return digests.find(hash => hash.digest === digest) || false
}
Expand Down Expand Up @@ -231,8 +234,9 @@ function integrityStream (opts) {
opts = opts || {}
// For verification
const sri = opts.integrity && parse(opts.integrity, opts)
const algorithm = sri && sri.pickAlgorithm(opts)
const digests = sri && sri[algorithm]
const goodSri = sri && Object.keys(sri).length
const algorithm = goodSri && sri.pickAlgorithm(opts)
const digests = goodSri && sri[algorithm]
// Calculating stream
const algorithms = opts.algorithms || [algorithm || 'sha512']
const hashes = algorithms.map(crypto.createHash)
Expand All @@ -253,6 +257,7 @@ function integrityStream (opts) {
const match = (
// Integrity verification mode
opts.integrity &&
digests &&
digests.find(hash => {
return newSri[algorithm].find(newhash => {
return hash.digest === newhash.digest
Expand Down
33 changes: 33 additions & 0 deletions test/check.js
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,21 @@ test('checkData', t => {
false,
'returns false when verification fails'
)
t.equal(
ssri.checkData('nope', 'sha512-nope'),
false,
'returns false on invalid sri hash'
)
t.equal(
ssri.checkData('nope', 'garbage'),
false,
'returns false on garbage sri input'
)
t.equal(
ssri.checkData('nope', ''),
false,
'returns false on empty sri input'
)
t.deepEqual(
ssri.checkData(TEST_DATA, [
'sha512-nope',
Expand Down Expand Up @@ -129,6 +144,24 @@ test('checkStream', t => {
}, err => {
t.equal(err.code, 'EINTEGRITY', 'checksum failure rejects the promise')
})
}).then(() => {
return ssri.checkStream(
fs.createReadStream(path.join(__dirname, '..', 'package.json')),
'garbage'
).then(() => {
throw new Error('unexpected success')
}, err => {
t.equal(err.code, 'EINTEGRITY', 'checksum failure if sri is garbage')
})
}).then(() => {
return ssri.checkStream(
fs.createReadStream(path.join(__dirname, '..', 'package.json')),
'sha512-nope'
).then(() => {
throw new Error('unexpected success')
}, err => {
t.equal(err.code, 'EINTEGRITY', 'checksum failure if sri has bad hash')
})
}).then(() => {
return ssri.checkStream(fileStream(), [
'sha512-nope',
Expand Down

0 comments on commit c2c262b

Please sign in to comment.