asif/generateSRI
1
0
Fork 0
Code Issues Pull Requests Releases 1 Activity

Compare commits

base: asif:a4ba5ec8bab89c2935cfac1fccf042f6b7a623d4
Branches Tags
asif:master
asif:v1.0
..
compare: asif:395072f2c28247e0045e76a935f322f45eb469d0
Branches Tags
asif:master
asif:v1.0

No commits in common. "a4ba5ec8bab89c2935cfac1fccf042f6b7a623d4" and "395072f2c28247e0045e76a935f322f45eb469d0" have entirely different histories.
a4ba5ec8ba ... 395072f2c2

2 changed files with 4 additions and 205 deletions
Show Stats Expand all files Collapse all files

44
README.md
View File

@ -1,28 +1,20 @@
# Sub-Resource Integrity Hash Generator Scripts <!-- omit in TOC --> # Sub-Resource Integrity Hash Generator Scripts
Basic scripts to generate SRI hashes. POSIX-compliant shell script for use on *nix and PowerShell for use on Windows. Basic scripts to generate SRI hashes. POSIX-compliant shell script for use on *nix and PowerShell for use on Windows.
- [common features](#common-features)
- [Linux script](#linux-script)
- [copy to path location](#copy-to-path-location)
- [troubleshooting](#troubleshooting)
- [PowerShell (POSH) script](#powershell-posh-script)
- [execution policy](#execution-policy)
- [final thoughts](#final-thoughts)
## common features ## common features
- Hash individual files or a list of files. - Hash individual files or a quoted space-delimited list of files.
- Hash all files within a specified directory with one command. - Hash all files within a specified directory with one command.
- Hash a filtered-list of files within a directory with one command. - Hash a filtered-list of files within a directory with one command.
- Process a list of files and a directory (filtered or not) at the same time, saving you typing! - Process a list of files and a directory (filtered or not) at the same time, saving you typing!
## Linux script ## linux script
- This script *requires* openssl be installed and will exit if it cannot find openssl. - This script *requires* openssl be installed and will exit if it cannot find openssl.
- You can rename *sri* to anything you like. - You can rename *sri* to anything you like.
- I suggest copying *sri* somewhere like */usr/local/bin* or */usr/bin* so it can be run easier and from anywhere (see note below). - I suggest copying *sri* somewhere like */usr/local/bin* or */usr/bin* so it can be run easier and from anywhere (see note below).
- Complete instructions are included in the script. Simply run without any parameters or run with '*--help*'. - Complete help is included in the script. Simply run without any parameters or run with '*--help*'.
```bash ```bash
./sri --help ./sri --help
@ -68,31 +60,3 @@ ls -lA /path/to/sri
# -rwxr-xr-x 1 user user 3622 Jun 20 01:18 sri # -rwxr-xr-x 1 user user 3622 Jun 20 01:18 sri
# note the x's --> -rwXr-Xr-X (capitals for emphasis) # note the x's --> -rwXr-Xr-X (capitals for emphasis)
``` ```
## PowerShell (POSH) script
- You can rename this script to anything you want.
- I suggest copying this script to a simple path since you must execute POSH scripts using their full path.
- Complete instructions are included in the script. Run `Get-Help` as you would with any other POSH script.
```powershell
Get-Help .\sri.ps1 # basic help including syntax
Get-Help .\sri.ps1 -examples # detailed examples of script usage
Get-Help .\sri.ps1 -detailed # full help document
```
### execution policy
By default, Windows does not permit running any POSH scripts. You can change this behaviour by opening PowerShell as an administrator and entering the following command:
```powershell
Set-ExecutionPolicy RemoteSigned
```
This will allow scripts created on your machine to run as well an as *signed* scripts created on other machines. My script is signed, so it should run without any problems. This setting is far safer than bypassing the execution policy.
You can search for alternate bypass methods, but I have not included them here since switching to *RemoteSigned* is the technically correct approach.
## final thoughts
I hope these scripts help you out! If you have any comments, suggestions or improvements, please file an issue. I love getting feedback and learning new ways of doing things. For more scripts like this or solutions to common computing annoyances, check out my blog at [MyTechieThoughts.com](https://mytechiethoughts.com).

165
sri.ps1
View File

@ -1,165 +0,0 @@
<# Create SRI hashes for specified files or directory contents #>
<#
.SYNOPSIS
Create Sub-Resource Integrity (SRI) SHA hashes for specified files or directory contents.
.\sri.ps1 -files file1[, file2, ...] -directory /path/to/directory [-filter filter] [-hashAlgo sha256|sha384|sha512]
.DESCRIPTION
Create Sub-Resource Integrity (SRI) SHA-256, SHA-384 or SHA-512 hashes for a specified list of files, a subset of files within a directory, or all files within a directory.
.PARAMETER files
A comma-separated list of files (full path suggested) for which to generate SRI hashes.
EXAMPLE: style.css
EXAMPLE: /some/path/style.css
EXAMPLE: style.css, /some/other/path/menu.css
ALIAS: file, list
.PARAMETER directory
Directory containing files for which to generate SRI hashes. Can be filtered using the 'filter' parameter.
EXAMPLE: $env:userprofile\myWebSite\css
EXAMPLE: C:\Websites\Website1\js
.PARAMETER filter
Process only files matching this criteria. Only relevant for directory operations.
DEFAULT: * (all files)
EXAMPLE: *.css
EXAMPLE: script-site1*.js
ALIAS: only, include
.PARAMETER hashAlgo
Use the specified algorithm to generate SRI hashes. Accepts sha256, sha384 (default), sha512.
DEFAULT: sha384
ALIAS: algorithm
.EXAMPLE
.\sri.ps1 style.css
Generate default SHA384 hash for 'style.css' located in the current directory.
.EXAMPLE
.\sri.ps1 style.css, c:\websites\css\menu.css, $env:userprofile\Documents\website\script.js
Generate default SHA384 hashes for 'style.css' in the current directory along with the other two files as specified by their full paths.
.EXAMPLE
.\sri.ps1 -directory c:\website\css -hashAlgo sha256
Generate SHA256 hashes for all files in the 'C:\Website\css' directory
.EXAMPLE
.\sri.ps1 -dir c:\website\includes -filter *.js -algo sha512
Generate SHA512 hashes (partial alias used for '-hashAlgo') for all files matching '*.js' in directory 'C:\website\includes'
.EXAMPLE
.\sri.ps1 -files img\logo.svg, media\video.mp4 -directory css
Generate default SHA384 hashes for 'logo.svg' and 'video.mp4' in sub-folders 'img' and 'media', respectively, of the current folder. Then also generate hashes for all files in folder 'css', also a sub-folder of the current folder.
#>
param (
# List of files to hash
[Parameter(HelpMessage="Comma-separated list of files to hash.")]
[Alias("file", "list")]
[ValidateNotNullOrEmpty()]
[string[]]
$files,
# Directory of files to hash
[Parameter(HelpMessage="Hash all files within this directory.")]
[ValidateNotNullOrEmpty()]
[string]
$directory,
# File filter to apply to directory operations
[Parameter(HelpMessage="Only hash files of this type, relevant only when processing a directory.")]
[Alias("only", "include")]
[ValidateNotNullOrEmpty()]
[string]
$filter = '*',
# Hash algorithm to use
[Parameter(HelpMessage="Hash algorithm to use (SHA256, SHA384, SHA512).")]
[Alias("algorithm")]
[ValidateSet('sha256', 'sha384', 'sha512')]
[string]
$hashAlgo = 'sha384'
)
function displayError($returnCode, $eMsg){
Write-Host "`nERROR: $eMsg" -ForegroundColor Red
Write-Host "Exiting.`n" -ForegroundColor Red
exit $returnCode
}
function hashSHA($type){
switch($type){
'sha256' { return [System.Security.Cryptography.SHA256]::Create() }
'sha384' { return [System.Security.Cryptography.SHA384]::Create() }
'sha512' { return [System.Security.Cryptography.SHA512]::Create() }
default{
displayError 2 'Unknown hash algorithm.'
}
}
}
function doHash($file, $hash){
try{
$fileContents = Get-Content $file -Raw -ErrorAction SilentlyContinue
$hashBytes = $hash.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($fileContents))
return [System.Convert]::ToBase64String($hashBytes)
}
catch{
return 1
}
}
# instantiate hash provider
$hashAlgo = $hashAlgo.ToLower()
$hash = hashSHA $hashAlgo
# process directory, if specified
if ($directory){
# continue only if directory exists, otherwise exit with error
if (Test-Path -Path $directory){
Write-Host "Processing directory: $directory" -ForegroundColor Cyan
Get-ChildItem -Path $directory -Filter $filter | ForEach-Object({
$hashValue = doHash $directory\$_ $hash
if ($hashValue -ne 1){
Write-Host "$_ --> $hashAlgo-$hashValue" -ForegroundColor Green
}
else{
Write-Host "$_ --> unable to hash file" -ForegroundColor Red
}
})
}
else{
displayError 1 "Directory '$directory' does not exist."
}
}
# process file list, if specified
if ($files) {
Write-Host "Processing files:" -ForegroundColor Cyan
foreach ($file in $files) {
if (Test-Path -Path $file){
$hashValue = doHash $file $hash
if ($hashValue -ne 1){
Write-Host "$file --> $hashAlgo-$hashValue" -ForegroundColor Green
}
else {
Write-Host "$file --> unable to hash file" -ForegroundColor Red
}
}
else{
Write-Host "$file --> cannot find file" -ForegroundColor Red
}
}
}
# clean up and exit
Write-Host
$hash.Dispose()
exit 0
#EOF