Initial commit

audit/.eslintrc

@@ -0,0 +1,136 @@
+{
+  "env": {
+    "es6": true,
+    "node": true
+  },
+  "extends": "eslint:recommended",
+  "parserOptions": {
+    "sourceType": "module"
+  },
+  "rules": {
+    "array-bracket-newline": "error",
+    "array-bracket-spacing": "error",
+    "arrow-body-style": "error",
+    "arrow-parens": "error",
+    "arrow-spacing": "error",
+    "block-spacing": "error",
+    "brace-style": "error",
+    "camelcase": "error",
+    "comma-spacing": "error",
+    "comma-style": "error",
+    "computed-property-spacing": "error",
+    "consistent-this": "error",
+    "curly": "error",
+    "eol-last": "error",
+    "eqeqeq": "error",
+    "func-call-spacing": "error",
+    "function-paren-newline": "error",
+    "generator-star-spacing": "error",
+    "indent": [
+      "error",
+      4
+    ],
+    "key-spacing": "error",
+    "keyword-spacing": "error",
+    "linebreak-style": [
+      "error",
+      "unix"
+    ],
+    "new-cap": "error",
+    "new-parens": "error",
+    "no-array-constructor": "error",
+    "no-bitwise": "error",
+    "no-confusing-arrow": "error",
+    "no-console": "off",
+    "no-continue": "error",
+    "no-duplicate-imports": "error",
+    "no-eval": "error",
+    "no-extend-native": "error",
+    "no-implicit-coercion": "error",
+    "no-implied-eval": "error",
+    "no-invalid-this": "error",
+    "no-iterator": "error",
+    "no-label-var": "error",
+    "no-labels": "error",
+    "no-lone-blocks": "error",
+    "no-loop-func": "error",
+    "no-multi-spaces": "error",
+    "no-multi-str": "error",
+    "no-multiple-empty-lines": [
+      "error", {
+        "max": 1,
+        "maxEOF": 1,
+        "maxBOF": 0
+      }
+    ],
+    "no-negated-condition": "error",
+    "no-new": "error",
+    "no-new-func": "error",
+    "no-new-object": "error",
+    "no-new-wrappers": "error",
+    "no-octal-escape": "error",
+    "no-proto": "error",
+    "no-return-assign": "error",
+    "no-return-await": "error",
+    "no-script-url": "error",
+    "no-self-compare": "error",
+    "no-sequences": "error",
+    "no-shadow-restricted-names": "error",
+    "no-tabs": "error",
+    "no-ternary": "error",
+    "no-trailing-spaces": "error",
+    "no-undef-init": "error",
+    "no-unmodified-loop-condition": "error",
+    "no-unused-expressions": "error",
+    "no-use-before-define": "error",
+    "no-useless-call": "error",
+    "no-useless-concat": "error",
+    "no-useless-constructor": "error",
+    "no-useless-rename": "error",
+    "no-useless-return": "error",
+    "no-void": "error",
+    "no-warning-comments": "warn",
+    "no-whitespace-before-property": "error",
+    "no-with": "error",
+    "object-curly-spacing": "error",
+    "object-shorthand": [
+      "error",
+      "consistent-as-needed"
+    ],
+    "operator-assignment": "error",
+    "operator-linebreak": "error",
+    "prefer-numeric-literals": "error",
+    "prefer-promise-reject-errors": "error",
+    "prefer-rest-params": "error",
+    "prefer-spread": "error",
+    "prefer-template": "error",
+    "quote-props": "error",
+    "quotes": [
+      "error",
+      "single"
+    ],
+    "require-await": "error",
+    "rest-spread-spacing": "error",
+    "semi": "error",
+    "semi-spacing": "error",
+    "semi-style": "error",
+    "space-before-blocks": "error",
+    "space-before-function-paren": "error",
+    "space-in-parens": "error",
+    "space-infix-ops": "error",
+    "space-unary-ops": "error",
+    "spaced-comment": "error",
+    "strict": [
+      "error",
+      "global"
+    ],
+    "switch-colon-spacing": "error",
+    "symbol-description": "error",
+    "template-curly-spacing": "error",
+    "template-tag-spacing": "error",
+    "unicode-bom": "error",
+    "wrap-regex": "error",
+    "yield-star-spacing": "error",
+    "yoda": "error"
+  }
+}

audit/README.md

@@ -0,0 +1,18 @@
+Introduction
+------------
+
+This audit script allows any user and extension reviewer to verify the integrity of the bundled resources. It automatically, and transparently, compares all bundled libraries to their original sources.
+
+
+Usage Instructions (Unix)
+------------------
+
+1. Make sure you have Node.js installed on your machine.
+
+2. Open up a terminal and ```cd``` into this directory.
+
+3. Execute ```npm install``` to fetch any dependencies.
+
+4. Run the audit script by executing ```node run```.
+
+**Note:** If you'd like to save the report, run ```node run > report.txt```.

audit/package-lock.json

@@ -0,0 +1,13 @@
+{
+  "name": "decentraleyes-audit",
+  "version": "1.6.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "source-map-url": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/source-map-url/-/source-map-url-0.4.0.tgz",
+      "integrity": "sha1-PpNdfd1zYxuXZZlW1VEo6HtQhKM="
+    }
+  }
+}

audit/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "decentraleyes-audit",
+  "version": "1.6.0",
+  "author": "Thomas Rientjes",
+  "license": "MPL-2.0",
+  "description": "Library audit tool for Decentraleyes.",
+  "repository": "https://addons.mozilla.org/firefox/addon/decentraleyes",
+  "keywords": [
+    "decentraleyes",
+    "audit"
+  ],
+  "main": "run.js",
+  "dependencies": {
+    "source-map-url": "~0.4.0"
+  }
+}

audit/run.js

@@ -0,0 +1,228 @@
+/**
+ * Resource Audit Script
+ * Belongs to Decentraleyes.
+ *
+ * @author      Thomas Rientjes
+ * @since       2014-07-24
+ * @license     MPL 2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+/**
+ * Imports
+ */
+
+var fileSystem, crypto, https, sourceMappingURL;
+
+fileSystem = require('fs');
+crypto = require('crypto');
+https = require('https');
+
+sourceMappingURL = require('source-map-url');
+
+/**
+ * Variables
+ */
+
+var localResourceLocation = '../resources';
+var localResourceLocationLength = localResourceLocation.length;
+var localResourcePaths = [];
+var comparedResourceAmount = 0;
+var resourceAmount = 0;
+
+/**
+ * Functions
+ */
+
+function _fetchLocalResourcePaths (folderPath) {
+
+    fileSystem.readdirSync(folderPath).forEach(function (resourceName) {
+
+        var resourcePath = `${folderPath}/${resourceName}`;
+        var resourceStatistics = fileSystem.statSync(resourcePath);
+
+        if (resourceStatistics && resourceStatistics.isDirectory()) {
+            _fetchLocalResourcePaths(resourcePath);
+        } else {
+            localResourcePaths.push(resourcePath);
+        }
+
+    });
+
+    return localResourcePaths;
+}
+
+function _getLocalResourceContents (fileLocation, callback) {
+
+    fileSystem.exists(fileLocation, function (exists) {
+
+        if (exists) {
+
+            fileSystem.stat(fileLocation, function (error, statistics) {
+
+                fileSystem.open(fileLocation, 'r', function (error, fileDescriptor) {
+
+                    var buffer = new Buffer(statistics.size);
+
+                    fileSystem.read(fileDescriptor, buffer, 0, buffer.length, null, function (error, bytesRead, buffer) {
+
+                        var localFileContents = buffer.toString('utf8', 0, buffer.length);
+
+                        fileSystem.close(fileDescriptor, function () {});
+                        callback(localFileContents);
+                    });
+                });
+            });
+        }
+
+    });
+}
+
+function _getRemoteResourceContents (remoteResourceRoute, callback) {
+
+    var resourceURL = `https://ajax.googleapis.com/ajax/libs/${remoteResourceRoute}`;
+
+    https.get(resourceURL, function (response) {
+
+        var resourceContents = '';
+
+        response.on('data', function (chunk) {
+            resourceContents += chunk;
+        });
+
+        response.on('end', function () {
+
+            if (response.statusCode === 200) {
+
+                callback(resourceContents, resourceURL);
+
+            } else {
+
+                resourceURL = `https://cdnjs.cloudflare.com/ajax/libs/${remoteResourceRoute}`;
+
+                https.get(resourceURL, function (response) {
+
+                    resourceContents = '';
+
+                    response.on('data', function (chunk) {
+                        resourceContents += chunk;
+                    });
+
+                    response.on('end', function () {
+
+                        if (response.statusCode !== 200) {
+                            throw `Error: Resource ${remoteResourceRoute} could not be fetched.`;
+                        }
+
+                        callback(resourceContents, resourceURL);
+                    });
+
+                });
+
+            }
+
+        });
+
+    });
+}
+
+function _hashFileContents (fileContents) {
+
+    var hash;
+
+    hash = crypto.createHash('sha512');
+
+    hash.setEncoding('hex');
+    hash.write(fileContents);
+    hash.end();
+
+    return hash.read();
+}
+
+function _showCompletedMessage () {
+
+    console.log();
+    console.log('       *** FILE INTEGRITY CHECKS COMPLETED');
+    console.log(`       *** ${resourceAmount}/${resourceAmount} RESOURCES WERE ANALYZED`);
+    console.log();
+}
+
+function _incrementComparedResourceAmount () {
+
+    comparedResourceAmount++;
+
+    if (comparedResourceAmount === resourceAmount) {
+
+        setTimeout(function () {
+            _showCompletedMessage();
+        }, 500);
+    }
+}
+
+function _compareResources (localResourceContents, remoteResourceContents, URL) {
+
+    var hasSourceMappingURL = sourceMappingURL.existsIn(remoteResourceContents);
+    var sourceMappingNotice = '[ ] REMOTE RESOURCE HAD SOURCE MAPPING URL';
+
+    if (hasSourceMappingURL) {
+        remoteResourceContents = sourceMappingURL.removeFrom(remoteResourceContents);
+        sourceMappingNotice = '[X] REMOTE RESOURCE HAD SOURCE MAPPING URL';
+    }
+
+    var localResourceHash = _hashFileContents(localResourceContents);
+    var remoteResourceHash = _hashFileContents(remoteResourceContents);
+
+    console.log(`RESOURCE HASH (SHA512): ${localResourceHash}`);
+    console.log(`RESOURCE HASH (SHA512): ${remoteResourceHash}`);
+
+    var fileHashesMatch = (localResourceHash === remoteResourceHash);
+
+    if (!fileHashesMatch) {
+        console.log(URL);
+        console.log(remoteResourceContents);
+        throw 'Error: Decentraleyes resource hash mismatch.';
+    }
+
+    console.log();
+    console.log('[X] LOCAL AND REMOTE RESOURCE HASHES MATCH');
+    console.log(sourceMappingNotice);
+
+    _incrementComparedResourceAmount();
+}
+
+/**
+ * Initializations
+ */
+
+_fetchLocalResourcePaths(localResourceLocation);
+resourceAmount = localResourcePaths.length;
+
+/**
+ * Script
+ */
+
+localResourcePaths.forEach(function (resourcePath) {
+
+    var resourceRoute = resourcePath.substr(localResourceLocationLength + 1);
+    resourceRoute = resourceRoute.substring(0, resourceRoute.length - 1);
+
+    _getLocalResourceContents(resourcePath, function (localResourceContents) {
+
+        _getRemoteResourceContents(resourceRoute, function (remoteResourceContents, URL) {
+
+            console.log();
+            console.log(resourceRoute.toUpperCase());
+            console.log();
+
+            // Compare resource content hashes.
+            _compareResources(localResourceContents, remoteResourceContents, URL);
+
+            console.log();
+            console.log('------------------------------------------');
+        });
+    });
+
+});