Comparing version 5.1.0 to 5.2.1
@@ -5,2 +5,17 @@ # Change Log | ||
<a name="5.2.1"></a> | ||
## [5.2.1](https://github.com/zkat/ssri/compare/v5.2.0...v5.2.1) (2018-02-06) | ||
<a name="5.2.0"></a> | ||
# [5.2.0](https://github.com/zkat/ssri/compare/v5.1.0...v5.2.0) (2018-02-06) | ||
### Features | ||
* **match:** add integrity.match() ([3c49cc4](https://github.com/zkat/ssri/commit/3c49cc4)) | ||
<a name="5.1.0"></a> | ||
@@ -7,0 +22,0 @@ # [5.1.0](https://github.com/zkat/ssri/compare/v5.0.0...v5.1.0) (2018-01-18) |
29
index.js
@@ -96,2 +96,15 @@ 'use strict' | ||
} | ||
match (integrity, opts) { | ||
const other = parse(integrity, opts) | ||
const algo = other.pickAlgorithm(opts) | ||
return ( | ||
this[algo] && | ||
other[algo] && | ||
this[algo].find(hash => | ||
other[algo].find(otherhash => | ||
hash.digest === otherhash.digest | ||
) | ||
) | ||
) || false | ||
} | ||
pickAlgorithm (opts) { | ||
@@ -209,5 +222,4 @@ const pickAlgorithm = (opts && opts.pickAlgorithm) || getPrioritizedHash | ||
const algorithm = sri.pickAlgorithm(opts) | ||
const digests = sri[algorithm] || [] | ||
const digest = crypto.createHash(algorithm).update(data).digest('base64') | ||
return digests.find(hash => hash.digest === digest) || false | ||
return parse({algorithm, digest}).match(sri, opts) | ||
} | ||
@@ -259,13 +271,4 @@ | ||
}).join(' '), opts) | ||
const match = ( | ||
// Integrity verification mode | ||
opts.integrity && | ||
newSri[algorithm] && | ||
digests && | ||
digests.find(hash => { | ||
return newSri[algorithm].find(newhash => { | ||
return hash.digest === newhash.digest | ||
}) | ||
}) | ||
) | ||
// Integrity verification mode | ||
const match = goodSri && newSri.match(sri, opts) | ||
if (typeof opts.size === 'number' && streamSize !== opts.size) { | ||
@@ -272,0 +275,0 @@ const err = new Error(`stream size mismatch when checking ${sri}.\n Wanted: ${opts.size}\n Found: ${streamSize}`) |
{ | ||
"name": "ssri", | ||
"version": "5.1.0", | ||
"version": "5.2.1", | ||
"description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", | ||
@@ -40,9 +40,9 @@ "main": "index.js", | ||
"dependencies": { | ||
"safe-buffer": "^5.1.0" | ||
"safe-buffer": "^5.1.1" | ||
}, | ||
"devDependencies": { | ||
"nyc": "^10.3.2", | ||
"standard": "^9.0.2", | ||
"standard-version": "^4.1.0", | ||
"tap": "^10.3.3", | ||
"nyc": "^11.4.1", | ||
"standard": "^10.0.3", | ||
"standard-version": "^4.3.0", | ||
"tap": "^11.1.0", | ||
"weallbehave": "^1.2.0", | ||
@@ -49,0 +49,0 @@ "weallcontribute": "^1.0.8" |
@@ -24,2 +24,3 @@ # ssri [![npm version](https://img.shields.io/npm/v/ssri.svg)](https://npm.im/ssri) [![license](https://img.shields.io/npm/l/ssri.svg)](https://npm.im/ssri) [![Travis](https://img.shields.io/travis/zkat/ssri.svg)](https://travis-ci.org/zkat/ssri) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/zkat/ssri?svg=true)](https://ci.appveyor.com/project/zkat/ssri) [![Coverage Status](https://coveralls.io/repos/github/zkat/ssri/badge.svg?branch=latest)](https://coveralls.io/github/zkat/ssri?branch=latest) | ||
* [`Integrity#toJSON`](#integrity-to-json) | ||
* [`Integrity#match`](#integrity-match) | ||
* [`Integrity#pickAlgorithm`](#integrity-pick-algorithm) | ||
@@ -222,2 +223,23 @@ * [`Integrity#hexDigest`](#integrity-hex-digest) | ||
#### <a name="integrity-match"></a> `> Integrity#match(sri, [opts]) -> Hash | false` | ||
Returns the matching (truthy) hash if `Integrity` matches the argument passed as | ||
`sri`, which can be anything that [`parse`](#parse) will accept. `opts` will be | ||
passed through to `parse` and [`pickAlgorithm()`](#integrity-pick-algorithm). | ||
##### Example | ||
```javascript | ||
const integrity = 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==' | ||
ssri.parse(integrity).match(integrity) | ||
// Hash { | ||
// digest: '9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==' | ||
// algorithm: 'sha512' | ||
// } | ||
ssri.parse(integrity).match('sha1-deadbeef') | ||
// false | ||
``` | ||
#### <a name="integrity-pick-algorithm"></a> `> Integrity#pickAlgorithm([opts]) -> String` | ||
@@ -224,0 +246,0 @@ |
38327
322
485
4
Updatedsafe-buffer@^5.1.1