adding subresource integrity hashes for all javascript includes, resolves #6

2016-08-16 11:11:03 +02:00
parent f957a1868f
commit f72e260ee7
9 changed files with 169 additions and 55 deletions
--- a/tst/Bootstrap.php
+++ b/tst/Bootstrap.php
@@ -19,6 +19,7 @@ if (!is_file(CONF)) {
 }

 require PATH . 'vendor/autoload.php';
+Helper::updateSubresourceIntegrity();

 class Helper
 {
@@ -66,6 +67,13 @@ class Helper
        ),
    );

+    /**
+     * JS files and their SRI hashes
+     *
+     * @var array
+     */
+    private static $hashes = array();
+
    /**
     * get example paste ID
     *
@@ -273,4 +281,50 @@ class Helper
            return var_export($var, $return);
        }
    }
+
+    /**
+     * update all templates with the latest SRI hashes for all JS files
+     *
+     * @return void
+     */
+    public static function updateSubresourceIntegrity()
+    {
+        $dir = dir(PATH . 'js');
+        while (false !== ($file = $dir->read())) {
+            if (substr($file, -3) === '.js') {
+                self::$hashes[$file] = base64_encode(
+                    hash('sha512', file_get_contents(
+                        PATH . 'js' . DIRECTORY_SEPARATOR . $file
+                    ), true)
+                );
+            }
+        }
+
+        $dir = dir(PATH . 'tpl');
+        while (false !== ($file = $dir->read())) {
+            if (substr($file, -4) === '.php') {
+                $content = file_get_contents(
+                    PATH . 'tpl' . DIRECTORY_SEPARATOR . $file
+                );
+                $content = preg_replace_callback(
+                    '#<script type="text/javascript" src="js/([a-z0-9.-]+.js)([^"]*)"( integrity="[^"]+" crossorigin="[^"]+")?></script>#',
+                    function ($matches) {
+                        if (array_key_exists($matches[1], Helper::$hashes)) {
+                            return '<script type="text/javascript" src="js/' .
+                                $matches[1] . $matches[2] .
+                                '" integrity="sha512-' . Helper::$hashes[$matches[1]] .
+                                '" crossorigin="anonymous"></script>';
+                        } else {
+                            return $matches[0];
+                        }
+                    },
+                    $content
+                );
+                file_put_contents(
+                    PATH . 'tpl' . DIRECTORY_SEPARATOR . $file,
+                    $content
+                );
+            }
+        }
+    }
 }
--- a/tst/ViewTest.php
+++ b/tst/ViewTest.php
@@ -47,7 +47,7 @@ class ViewTest extends PHPUnit_Framework_TestCase
        $page->assign('BURNAFTERREADINGSELECTED', false);
        $page->assign('PASSWORD', true);
        $page->assign('FILEUPLOAD', false);
-        $page->assign('BASE64JSVERSION', '2.1.9');
+        $page->assign('ZEROBINCOMPATIBILITY', false);
        $page->assign('NOTICE', 'example');
        $page->assign('LANGUAGESELECTION', '');
        $page->assign('LANGUAGES', I18n::getLanguageLabels(i18n::getAvailableLanguages()));