1'use strict'; 2 3const common = require('../common'); 4if (!common.hasCrypto) 5 common.skip('missing crypto'); 6 7const fixtures = require('../common/fixtures'); 8 9const assert = require('assert'); 10const { spawnSync } = require('child_process'); 11const fs = require('fs'); 12const crypto = require('crypto'); 13 14const depPolicy = fixtures.path('policy', 'dep-policy.json'); 15const dep = fixtures.path('policy', 'dep.js'); 16 17const emptyHash = crypto.createHash('sha512'); 18emptyHash.update(''); 19const emptySRI = `sha512-${emptyHash.digest('base64')}`; 20const policyHash = crypto.createHash('sha512'); 21policyHash.update(fs.readFileSync(depPolicy)); 22 23/* eslint-disable max-len */ 24// When using \n only 25const nixPolicySRI = 'sha512-u/nXI6UacK5fKDC2bopcgnuQY4JXJKlK3dESO3GIKKxwogVHjJqpF9rgk7Zw+TJXIc96xBUWKHuUgOzic8/4tQ=='; 26// When \n is turned into \r\n 27const windowsPolicySRI = 'sha512-OeyCPRo4OZMosHyquZXDHpuU1F4KzG9UHFnn12FMaHsvqFUt3TFZ+7wmZE7ThZ5rsQWkUjc9ZH0knGZ2e8BYPQ=='; 28/* eslint-enable max-len */ 29 30const depPolicySRI = `${nixPolicySRI} ${windowsPolicySRI}`; 31{ 32 const { status, stderr } = spawnSync( 33 process.execPath, 34 [ 35 '--policy-integrity', emptySRI, 36 '--experimental-policy', depPolicy, dep, 37 ] 38 ); 39 40 assert.ok(stderr.includes('ERR_MANIFEST_ASSERT_INTEGRITY')); 41 assert.strictEqual(status, 1); 42} 43{ 44 const { status, stderr } = spawnSync( 45 process.execPath, 46 [ 47 '--policy-integrity', '', 48 '--experimental-policy', depPolicy, dep, 49 ] 50 ); 51 52 assert.ok(stderr.includes('--policy-integrity')); 53 assert.strictEqual(status, 9); 54} 55{ 56 const { status, stderr } = spawnSync( 57 process.execPath, 58 [ 59 '--policy-integrity', depPolicySRI, 60 '--experimental-policy', depPolicy, dep, 61 ] 62 ); 63 64 assert.strictEqual(status, 0, `status: ${status}\nstderr: ${stderr}`); 65} 66