1'use strict'; 2const common = require('../../common'); 3if (!common.hasCrypto) 4 common.skip('missing crypto'); 5 6const assert = require('assert'); 7const tmpdir = require('../../common/tmpdir'); 8const { spawnSync } = require('child_process'); 9const crypto = require('crypto'); 10const fs = require('fs'); 11const path = require('path'); 12const { pathToFileURL } = require('url'); 13 14tmpdir.refresh(); 15 16function hash(algo, body) { 17 const h = crypto.createHash(algo); 18 h.update(body); 19 return h.digest('base64'); 20} 21 22const policyFilepath = path.join(tmpdir.path, 'policy'); 23 24const depFilepath = require.resolve(`./build/${common.buildType}/binding.node`); 25const depURL = pathToFileURL(depFilepath); 26 27const tmpdirURL = pathToFileURL(tmpdir.path); 28if (!tmpdirURL.pathname.endsWith('/')) { 29 tmpdirURL.pathname += '/'; 30} 31 32const depBody = fs.readFileSync(depURL); 33function writePolicy(...resources) { 34 const manifest = { resources: {} }; 35 for (const { url, integrity } of resources) { 36 manifest.resources[url] = { integrity }; 37 } 38 fs.writeFileSync(policyFilepath, JSON.stringify(manifest, null, 2)); 39} 40 41 42function test(shouldFail, resources) { 43 writePolicy(...resources); 44 const { status, stdout, stderr } = spawnSync(process.execPath, [ 45 '--experimental-policy', 46 policyFilepath, 47 depFilepath, 48 ]); 49 50 console.log(stdout.toString(), stderr.toString()); 51 if (shouldFail) { 52 assert.notStrictEqual(status, 0); 53 } else { 54 assert.strictEqual(status, 0); 55 } 56} 57 58test(false, [{ 59 url: depURL, 60 integrity: `sha256-${hash('sha256', depBody)}` 61}]); 62test(true, [{ 63 url: depURL, 64 integrity: `sha256akjsalkjdlaskjdk-${hash('sha256', depBody)}` 65}]); 66