1'use strict'; 2 3const common = require('../common'); 4if (!common.hasCrypto) 5 common.skip('missing crypto'); 6common.requireNoPackageJSONAbove(); 7 8const fixtures = require('../common/fixtures'); 9 10const assert = require('assert'); 11const { spawnSync } = require('child_process'); 12const fs = require('fs'); 13const crypto = require('crypto'); 14 15const depPolicy = fixtures.path('policy', 'dep-policy.json'); 16const dep = fixtures.path('policy', 'dep.js'); 17 18const emptyHash = crypto.createHash('sha512'); 19emptyHash.update(''); 20const emptySRI = `sha512-${emptyHash.digest('base64')}`; 21const policyHash = crypto.createHash('sha512'); 22policyHash.update(fs.readFileSync(depPolicy)); 23 24/* eslint-disable max-len */ 25// When using \n only 26const nixPolicySRI = 'sha512-u/nXI6UacK5fKDC2bopcgnuQY4JXJKlK3dESO3GIKKxwogVHjJqpF9rgk7Zw+TJXIc96xBUWKHuUgOzic8/4tQ=='; 27// When \n is turned into \r\n 28const windowsPolicySRI = 'sha512-OeyCPRo4OZMosHyquZXDHpuU1F4KzG9UHFnn12FMaHsvqFUt3TFZ+7wmZE7ThZ5rsQWkUjc9ZH0knGZ2e8BYPQ=='; 29/* eslint-enable max-len */ 30 31const depPolicySRI = `${nixPolicySRI} ${windowsPolicySRI}`; 32{ 33 const { status, stderr } = spawnSync( 34 process.execPath, 35 [ 36 '--policy-integrity', emptySRI, 37 '--experimental-policy', depPolicy, dep, 38 ] 39 ); 40 41 assert.ok(stderr.includes('ERR_MANIFEST_ASSERT_INTEGRITY')); 42 assert.strictEqual(status, 1); 43} 44{ 45 const { status, stderr } = spawnSync( 46 process.execPath, 47 [ 48 '--policy-integrity', '', 49 '--experimental-policy', depPolicy, dep, 50 ] 51 ); 52 53 assert.ok(stderr.includes('--policy-integrity')); 54 assert.strictEqual(status, 9); 55} 56{ 57 const { status, stderr } = spawnSync( 58 process.execPath, 59 [ 60 '--policy-integrity', depPolicySRI, 61 '--experimental-policy', depPolicy, dep, 62 ] 63 ); 64 65 assert.strictEqual(status, 0, `status: ${status}\nstderr: ${stderr}`); 66} 67