[lintian] 02/02: reporting: Add integrity fields to all <link>

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 02/02: reporting: Add integrity fields to all <link>
From: Niels Thykier <nthykier@moszumanska.debian.org>
Date: Thu, 01 Sep 2016 18:09:25 +0000
Message-id: <[🔎] E1bfWQX-0001Y9-BD@moszumanska.debian.org>
Reply-to: Niels Thykier <niels@thykier.net>
In-reply-to: <[🔎] 20160901180924.5860.30332@moszumanska.debian.org>
References: <[🔎] 20160901180924.5860.30332@moszumanska.debian.org>

This is an automated email from the git hooks/post-receive script.

nthykier pushed a commit to branch master
in repository lintian.

commit 27a367d7f3dde80af56467a9365224c45b6f757c
Author: Niels Thykier <niels@thykier.net>
Date:   Thu Sep 1 18:06:29 2016 +0000

    reporting: Add integrity fields to all <link>
    
    ... for maximum overkill.  Possibly not the most sensible use for
    subresource integrity...
    
    Signed-off-by: Niels Thykier <niels@thykier.net>
---
 commands/reporting-html-reports.pm       |  3 +++
 lib/Lintian/Reporting/ResourceManager.pm | 28 +++++++++++++++++++++++++---
 reporting/templates/head.tmpl            |  4 ++--
 3 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/commands/reporting-html-reports.pm b/commands/reporting-html-reports.pm
index b2f9901..8fca975 100644
--- a/commands/reporting-html-reports.pm
+++ b/commands/reporting-html-reports.pm
@@ -993,6 +993,9 @@ sub output_template {
     $data->{resource_path} ||= sub {
         return $path_prefix . $RESOURCE_MANAGER->resource_URL($_[0]);
     };
+    $data->{resource_integrity} ||= sub {
+        return $RESOURCE_MANAGER->resource_integrity_value($_[0]);
+    };
     $data->{head} ||= sub {
         $templates{head}->fill_in(
             HASH => {
diff --git a/lib/Lintian/Reporting/ResourceManager.pm b/lib/Lintian/Reporting/ResourceManager.pm
index 75b51e2..2cdad6d 100644
--- a/lib/Lintian/Reporting/ResourceManager.pm
+++ b/lib/Lintian/Reporting/ResourceManager.pm
@@ -27,7 +27,7 @@ use Carp qw(croak);
 use File::Basename qw(basename);
 use File::Copy qw(copy);
 
-use Lintian::Util qw(get_file_checksum);
+use Lintian::Util qw(get_file_digest);
 
 =head1 NAME
 
@@ -73,6 +73,7 @@ sub new {
     croak('Missing required parameter html_dir (or it is undef)')
       if not defined $opts{'html_dir'};
     $self->{'_resource_cache'} = {};
+    $self->{'_resource_integrity'} = {};
     return bless($self, $class);
 }
 
@@ -118,7 +119,7 @@ sub install_resource {
     my ($self, $resource_name, $opt) = @_;
     my $resource_root = $self->{'html_dir'} . '/resources';
     my $method = 'move';
-    my ($basename, $install_name, $resource);
+    my ($basename, $install_name, $resource, $digest, $b64digest);
     $method = $opt->{'install_method'}
       if $opt && exists($opt->{'install_method'});
     if ($opt && exists($opt->{'source_file'})) {
@@ -134,7 +135,13 @@ sub install_resource {
         $basename = basename($resource_name);
         $resource = $resource_name;
     }
-    $install_name = get_file_checksum('sha1', $resource);
+    $digest = get_file_digest('sha256', $resource);
+    $install_name = $digest->clone->hexdigest;
+    $b64digest = $digest->b64digest;
+
+    while (length($b64digest) % 4) {
+        $b64digest .= '=';
+    }
 
     croak("Resource name ${basename} already in use")
       if defined($self->{'_resource_cache'}{$basename});
@@ -156,6 +163,7 @@ sub install_resource {
                 '- please use "move" or "copy"'));
     }
     $self->{'_resource_cache'}{$basename} = "resources/$install_name";
+    $self->{'_resource_integrity'}{$basename} = "sha256-${b64digest}";
     return;
 }
 
@@ -174,6 +182,20 @@ sub resource_URL {
     return $self->{'_resource_cache'}{$resource_name};
 }
 
+=item resource_integrity_value(RESOURCE_NAME)
+
+Return a string that is valid in the "integrity" field of a C<< <link>
+>> HTML tag.  (See https://www.w3.org/TR/SRI/)
+
+=cut
+
+sub resource_integrity_value {
+    my ($self, $resource_name) = @_;
+    croak("Unknown resource $resource_name")
+      if not defined($self->{'_resource_integrity'}{$resource_name});
+    return $self->{'_resource_integrity'}{$resource_name};
+}
+
 =back
 
 =head1 AUTHOR
diff --git a/reporting/templates/head.tmpl b/reporting/templates/head.tmpl
index 29e0bd9..4001950 100644
--- a/reporting/templates/head.tmpl
+++ b/reporting/templates/head.tmpl
@@ -4,8 +4,8 @@
   <title>{$page_title}</title>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <link rel="stylesheet" href="{resource_path('lintian.css')}" type="text/css" />
-  <link rel="icon" href="{resource_path('ico.png')}" type="image/png" />
+  <link rel="stylesheet" href="{resource_path('lintian.css')}" type="text/css" integrity="{resource_integrity('lintian.css')}" crossorigin="anonymous" />
+  <link rel="icon" href="{resource_path('ico.png')}" type="image/png" integrity="{resource_integrity('ico.png')}" crossorigin="anonymous" />
 </head>
 
 <body>

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git

Reply to:

References:
- [lintian] branch master updated (d93f096 -> 27a367d)
  - From: Niels Thykier <nthykier@moszumanska.debian.org>

Prev by Date: [lintian] 01/02: L::Util: Add get_file_digest sub
Next by Date: [lintian] branch master updated (d93f096 -> 27a367d)
Previous by thread: [lintian] 01/02: L::Util: Add get_file_digest sub
Next by thread: Build failed in Jenkins: lintian-tests_sid #1260
Index(es):
- Date
- Thread