1'use strict'; 2const common = require('../../common'); 3if (!common.hasCrypto) 4 common.skip('missing crypto'); 5 6const assert = require('assert'); 7const tmpdir = require('../../common/tmpdir'); 8const { spawnSync } = require('child_process'); 9const crypto = require('crypto'); 10const fs = require('fs'); 11const path = require('path'); 12const { pathToFileURL } = require('url'); 13 14tmpdir.refresh(); 15 16function hash(algo, body) { 17 const h = crypto.createHash(algo); 18 h.update(body); 19 return h.digest('base64'); 20} 21 22const policyFilepath = path.join(tmpdir.path, 'policy'); 23 24const depFilepath = require.resolve(`./build/${common.buildType}/binding.node`); 25const depURL = pathToFileURL(depFilepath); 26 27const depBody = fs.readFileSync(depURL); 28function writePolicy(...resources) { 29 const manifest = { resources: {} }; 30 for (const { url, integrity } of resources) { 31 manifest.resources[url] = { integrity }; 32 } 33 fs.writeFileSync(policyFilepath, JSON.stringify(manifest, null, 2)); 34} 35 36 37function test(shouldFail, resources) { 38 writePolicy(...resources); 39 const { status, stdout, stderr } = spawnSync(process.execPath, [ 40 '--experimental-policy', 41 policyFilepath, 42 depFilepath, 43 ]); 44 45 console.log(stdout.toString(), stderr.toString()); 46 if (shouldFail) { 47 assert.notStrictEqual(status, 0); 48 } else { 49 assert.strictEqual(status, 0); 50 } 51} 52 53test(false, [{ 54 url: depURL, 55 integrity: `sha256-${hash('sha256', depBody)}`, 56}]); 57test(true, [{ 58 url: depURL, 59 integrity: `sha256akjsalkjdlaskjdk-${hash('sha256', depBody)}`, 60}]); 61