Compare commits
13 Commits
d88bed4157
...
c0a44ebec7
Author | SHA1 | Date |
---|---|---|
Asif Bacchus | c0a44ebec7 | |
Asif Bacchus | 50335b5d67 | |
Asif Bacchus | f8c5968075 | |
Asif Bacchus | 0904105e1f | |
Asif Bacchus | 97c4d742d6 | |
Asif Bacchus | 50b40c87e1 | |
Asif Bacchus | 0f18374e9d | |
Asif Bacchus | b70d591dac | |
Asif Bacchus | ffa5602dff | |
Asif Bacchus | 594c1eb0ad | |
Asif Bacchus | 8178777d29 | |
Asif Bacchus | fd910c0744 | |
Asif Bacchus | 626586bc89 |
|
@ -8,3 +8,6 @@
|
|||
|
||||
# Local History for Visual Studio Code
|
||||
.history/
|
||||
|
||||
# ignore test directory
|
||||
test
|
||||
|
|
39
README.md
39
README.md
|
@ -1,3 +1,40 @@
|
|||
# Sub-Resource Integrity Generator Scripts
|
||||
|
||||
Basic scripts to generate SRI hashs for a given file. POSIX-compliant shell script for use on *nix and PowerShell for use on Windows.
|
||||
Basic scripts to generate SRI hashes for a given file. POSIX-compliant shell script for use on *nix and PowerShell for use on Windows.
|
||||
|
||||
## linux script
|
||||
|
||||
- This script *requires* openssl be installed and will exit if it cannot find openssl.
|
||||
- You can rename *sri* to anything you like.
|
||||
- I suggest copying *sri* somewhere like */usr/local/bin* or */usr/bin* so it can be run easier and from anywhere
|
||||
- Complete help is included in the script. Simply run without any parameters or run with '*--help*'
|
||||
|
||||
### examples
|
||||
|
||||
Assuming you have *not* copied the script to your path and it is located in your home directory:
|
||||
|
||||
```bash
|
||||
cd ~
|
||||
./sri -f /var/www/css/style.css
|
||||
```
|
||||
|
||||
If copied to a directory in your path like */usr/local/bin*, then you can simplify things by running it directly from where the file you want to hash is located:
|
||||
|
||||
```bash
|
||||
cd /var/www/css
|
||||
sri -f style.css
|
||||
```
|
||||
|
||||
### troubleshooting
|
||||
|
||||
About the only thing that can go wrong is the script not being marked executable. In that case, simply make it executable:
|
||||
|
||||
```bash
|
||||
# make executable
|
||||
chmod +x /path/to/sri
|
||||
# verify
|
||||
ls -lA /path/to/sri
|
||||
# output something like:
|
||||
# -rwxr-xr-x 1 user user 3622 Jun 20 01:18 sri
|
||||
# note the x's --> -rwXr-Xr-X (capitals for emphasis)
|
||||
```
|
||||
|
|
|
@ -0,0 +1,166 @@
|
|||
#!/bin/sh
|
||||
|
||||
#
|
||||
## generate SRI checksums
|
||||
#
|
||||
|
||||
### text formatting presets
|
||||
if command -v tput > /dev/null; then
|
||||
cyan=$(tput setaf 6)
|
||||
err=$(tput bold)$(tput setaf 1)
|
||||
magenta=$(tput setaf 5)
|
||||
norm=$(tput sgr0)
|
||||
ok=$(tput setaf 2)
|
||||
else
|
||||
cyan=''
|
||||
err=''
|
||||
magenta=''
|
||||
norm=''
|
||||
ok=''
|
||||
fi
|
||||
|
||||
### trap
|
||||
trap trapExit 1 2 3 6
|
||||
|
||||
### functions
|
||||
displayError (){
|
||||
printf "\n%sERROR: %s\n" "$err" "$2"
|
||||
printf "Exiting now.%s\n\n" "$norm"
|
||||
exit "$1"
|
||||
}
|
||||
|
||||
scriptHelp (){
|
||||
printf "\n%sUsage: %s%s %s[--help] [--sha256|--sha384|--sha512] --file /file/to/hash%s\n\n" "$magenta" "$norm" "$scriptName" "$cyan" "$norm"
|
||||
printf "%s---parameters---%s\n" "$magenta" "$norm"
|
||||
printf "%s-h|-?|--help%s: show this help page\n" "$cyan" "$norm"
|
||||
printf "%s-2|--sha256%s: generate SHA256 SRI hash\n" "$cyan" "$norm"
|
||||
printf "%s-3|--sha384%s: generate SHA384 SRI hash (default)\n" "$cyan" "$norm"
|
||||
printf "%s-5|--sha512%s: generate SHA512 SRI hash\n" "$cyan" "$norm"
|
||||
printf "%s-f|--file%s: full path to the file for which you wish the SRI hash generated (required)\n\n" "$cyan" "$norm"
|
||||
printf "%s---examples---%s\n" "$magenta" "$norm"
|
||||
printf "Generate default SHA384 hash for styles.css located in the current directory:\n"
|
||||
printf "%s%s -f styles.css%s\n\n" "$cyan" "$scriptName" "$norm"
|
||||
printf "Generate SHA512 hash for /var/www/js/script.js:\n"
|
||||
printf "%s%s -5 --file /var/www/js/script.js%s\n\n" "$cyan" "$scriptName" "$norm"
|
||||
exit 0;
|
||||
}
|
||||
|
||||
trapExit (){
|
||||
printf "\n%sERROR: Caught signal. Exiting.%s\n\n" "$err" "$norm"
|
||||
exit 99
|
||||
}
|
||||
|
||||
### default variables
|
||||
scriptName="$( basename "$0" )"
|
||||
doDir=0
|
||||
doFiles=0
|
||||
unset hashDir
|
||||
unset hashFiles
|
||||
filter='*'
|
||||
algo='sha384'
|
||||
|
||||
### check pre-requisites
|
||||
if ! command -v openssl > /dev/null; then
|
||||
displayError 2 'openSSL is not installed'
|
||||
fi
|
||||
|
||||
### process startup parameters
|
||||
if [ -z "$1" ]; then scriptHelp; fi
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-h|-\?|--help)
|
||||
# display script help
|
||||
scriptHelp
|
||||
exit 0
|
||||
;;
|
||||
-2|--sha256)
|
||||
# generate SRI using sha256
|
||||
algo='sha256'
|
||||
;;
|
||||
-3|--sha384)
|
||||
# generate SRI using sha384 (default)
|
||||
algo='sha384'
|
||||
;;
|
||||
-5|--sha512)
|
||||
# generate SRI using sha512
|
||||
algo='sha512'
|
||||
;;
|
||||
-d|--dir*)
|
||||
# verify directory exists
|
||||
if [ -d "$2" ]; then
|
||||
doDir=1
|
||||
hashDir="${2%/}"
|
||||
elif [ -z "$2" ]; then
|
||||
displayError 1 "No directory specified."
|
||||
else
|
||||
displayError 1 "Directory '$2' does not exist."
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
-f|--file)
|
||||
# has supplied list of files
|
||||
if [ -z "$2" ]; then
|
||||
displayError 1 'No filename(s) specified.'
|
||||
else
|
||||
doFiles=1
|
||||
hashFiles="$2"
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
--filter)
|
||||
if [ -z "$2" ]; then
|
||||
displayError 1 'Filter cannot be blank.'
|
||||
else
|
||||
filter="$2"
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
# unknown option
|
||||
printf "\n%sUnknown option: %s.\n" "$err" "$1"
|
||||
printf "%sUse '--help' for valid options.%s\n\n" "$cyan" "$norm"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
printf "\n"
|
||||
|
||||
### do SRI generation
|
||||
if [ "$doDir" -eq 1 ]; then
|
||||
for file in "$hashDir"/${filter}; do
|
||||
hash=$( openssl dgst -${algo} -binary "$file" | openssl base64 -A) > /dev/null 2>&1
|
||||
if [ -z "$hash" ]; then
|
||||
printf "%s --> unable to generate SRI hash\n" "$file"
|
||||
else
|
||||
printf "%s%s --> %s%s-%s%s\n" "$magenta" "$file" "$ok" "$algo" "$hash" "$norm"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if [ "$doFiles" -eq 1 ]; then
|
||||
for file in $hashFiles; do
|
||||
# verify file exists, then hash it
|
||||
if [ -f "$file" ]; then
|
||||
hash=$( openssl dgst -${algo} -binary "$file" | openssl base64 -A) > /dev/null 2>&1
|
||||
if [ -z "$hash" ]; then
|
||||
printf "%s --> unable to generate SRI hash\n" "$file"
|
||||
else
|
||||
printf "%s%s --> %s%s-%s%s\n" "$magenta" "$file" "$ok" "$algo" "$hash" "$norm"
|
||||
fi
|
||||
else
|
||||
printf "%s%s --> does not exist\n" "$err" "$file"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
printf "\n"
|
||||
exit 0
|
||||
|
||||
|
||||
### error codes
|
||||
# 0: no errors, normal execution
|
||||
# 1: parameter error
|
||||
# 2: cannot find openSSL binary
|
||||
|
||||
#EOF
|
116
sri.sh
116
sri.sh
|
@ -1,116 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
#
|
||||
## generate SRI checksums
|
||||
#
|
||||
|
||||
### text formatting presets
|
||||
if command -v tput > /dev/null; then
|
||||
cyan=$(tput setaf 6)
|
||||
err=$(tput bold)$(tput setaf 1)
|
||||
magenta=$(tput setaf 5)
|
||||
norm=$(tput sgr0)
|
||||
ok=$(tput setaf 2)
|
||||
else
|
||||
cyan=''
|
||||
err=''
|
||||
magenta=''
|
||||
norm=''
|
||||
ok=''
|
||||
fi
|
||||
|
||||
### trap
|
||||
trap trapExit 1 2 3 6
|
||||
|
||||
### functions
|
||||
displayError (){
|
||||
printf "\n%sERROR: %s\n" "$err" "$2"
|
||||
printf "Exiting now.%s\n\n" "$norm"
|
||||
exit "$1"
|
||||
}
|
||||
|
||||
scriptHelp (){
|
||||
printf "\nSeems you need some help?\n\n"
|
||||
exit 0;
|
||||
}
|
||||
|
||||
trapExit (){
|
||||
printf "\n%sERROR: Caught signal. Exiting.%s\n\n" "$err" "$norm"
|
||||
exit 99
|
||||
}
|
||||
|
||||
### default variables
|
||||
algo='sha384'
|
||||
unset filename
|
||||
|
||||
### check pre-requisites
|
||||
if ! command -v openssl > /dev/null; then
|
||||
displayError 2 'openSSL is not installed'
|
||||
fi
|
||||
|
||||
### process startup parameters
|
||||
if [ -z "$1" ]; then scriptHelp; fi
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-h|-\?|--help)
|
||||
# display script help
|
||||
scriptHelp
|
||||
exit 0
|
||||
;;
|
||||
-2|--sha256)
|
||||
# generate SRI using sha256
|
||||
algo='sha256'
|
||||
;;
|
||||
-3|--sha384)
|
||||
# generate SRI using sha384 (default)
|
||||
algo='sha384'
|
||||
;;
|
||||
-5|--sha512)
|
||||
# generate SRI using sha512
|
||||
algo='sha512'
|
||||
;;
|
||||
-f|--file)
|
||||
# file for which to generate SRI hash
|
||||
if [ -n "$2" ]; then
|
||||
if [ -f "$2" ]; then
|
||||
filename="$2"
|
||||
shift
|
||||
else
|
||||
displayError 3 "Cannot find file '${2}'."
|
||||
fi
|
||||
else
|
||||
displayError 3 'No filename specified.'
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
# unknown option
|
||||
printf "\n%sUnknown option: %s.\n" "$err" "$1"
|
||||
printf "%sUse '--help' for valid options.%s\n\n" "$cyan" "$norm"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
printf "\n%sselected algo: %s%s\n" "$magenta" "$norm" "$algo"
|
||||
printf "%sselected file: %s%s%s\n\n" "$magenta" "$norm" "$filename" "$norm"
|
||||
|
||||
### do SRI generation
|
||||
hash=$( openssl dgst -${algo} -binary "${filename}" | openssl base64 -A) > /dev/null 2>&1
|
||||
if [ -z "$hash" ]; then
|
||||
displayError 4 'An error occurred while generating SRI hash.'
|
||||
else
|
||||
printf "%sSRI hash: %s%s-%s%s\n\n" "$magenta" "$ok" "$algo" "$hash" "$norm"
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
|
||||
### error codes
|
||||
# 0: no errors, normal execution
|
||||
# 1: parameter error
|
||||
# 2: cannot find openSSL binary
|
||||
# 3: cannot find specified file for which to generate hash
|
||||
# 4: error occured while executing openssl
|
||||
|
||||
#EOF
|
Loading…
Reference in New Issue