filippodb
/
LocalCDN-Firefox-Chrome-Brave
mirror of https://codeberg.org/nobody/LocalCDN.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updated: audit.sh and README.md (#285)

This commit is contained in:
nobody 2021-03-14 11:02:11 +01:00
parent 441eb5b5a4
commit 8dae9b20b6
No known key found for this signature in database
GPG Key ID: 8F6DE3D614FCFD7A
2 changed files with 162 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
audit/README.md
View File

@ -7,17 +7,6 @@ This script makes it possible for any user and extension reviewer to verify the
* LocalCDN >= v2.6.3 * LocalCDN >= v2.6.3
* Local Tor SOCKS5 Proxy (optional, but recommended) * Local Tor SOCKS5 Proxy (optional, but recommended)
### Settings
* The script has 2 different settings. You have to edit them manually inside the script.
* Use local Tor Proxy
* `USE_TOR=true` slow (~ 15 minutes)
* `USE_TOR=false` fast (~ 4 minutes)
* Generate the THIRD_PARTY.txt file. This file contains all source URLs that were used for the check.
* `CREATE_THIRD_PARTY_FILE=true`
* `CREATE_THIRD_PARTY_FILE=false`
### Tor Proxy ### Tor Proxy
* Install Tor Proxy * Install Tor Proxy
* `sudo apt install tor` * `sudo apt install tor`
@ -26,18 +15,40 @@ This script makes it possible for any user and extension reviewer to verify the
* `systemctl status tor@default.service` * `systemctl status tor@default.service`
* `systemctl status tor.service` * `systemctl status tor.service`
### How to start ### How to start
Open up a terminal and `cd` into this directory. However you run the script, the output can be redirected to a file with ` > output.txt` Open up a terminal and `cd` into this directory. However you run the script, the output can be redirected to a file with ` > output.txt`
```
Usage:
bash audit.sh [options]
bash audit.sh [options] -d [resource]
Example:
bash audit.sh
bash audit.sh -tfr
bash audit.sh -tfrd jquery
Options:
-t Use local Tor proxy (torsocks)
-f Create THIRD_PARTY.txt file with all contacted URLs
-r Replace in case of hash mismatch
-l List all resources
-d Check only ONE resource, e.g. jquery
'bash audit.sh -d jquery'
```
#### Examples
* Check all files: * Check all files:
* `bash audit.sh` * `bash audit.sh`
* `bash audit.sh > output.txt` * `bash audit.sh > output.txt`
* Check only one library. Choose the folder name from `/resources/`, e.g. `jquery`: * Check only one library. Choose the folder name from `/resources/`, e.g. `jquery`:
* `bash audit.sh jquery` * `bash audit.sh -d jquery`
* `bash audit.sh jquery > output.txt` * `bash audit.sh -d jquery > output.txt`
* Check all files and replace in case of hash mismatch: * Check all files and replace in case of hash mismatch:
* `bash audit.sh replace` * `bash audit.sh -r`
* `bash audit.sh replace > output.txt` * `bash audit.sh -r > output.txt`
* Check only one library files and replace in case of hash mismatch. Choose the folder name from `/resources/`, e.g. `jquery`: * Check only one library files and replace in case of hash mismatch. Choose the folder name from `/resources/`, e.g. `jquery`:
* `bash audit.sh replace jquery` * `bash audit.sh -rd jquery`
* `bash audit.sh replace jquery > output.txt` * `bash audit.sh -rd jquery > output.txt`
#### Required time
* direct without Tor proxy: ~5 minutes
* Tor proxy: ~15 minutes

233
audit/audit.sh
View File

@ -19,18 +19,6 @@
# - Local Tor SOCKS5 Proxy (optional, but recommended) # - Local Tor SOCKS5 Proxy (optional, but recommended)
# #
# ============================================================================= # =============================================================================
# SETTINGS:
#
# Use local Tor Proxy
# USE_TOR=false #fast (~ 5 minutes)
USE_TOR=true #slow (~ 15 minutes)
#
# Set this value to "true" to generate the THIRD_PARTY.txt file.
# This file contains all source URLs that were used for the check.
# CREATE_THIRD_PARTY_FILE=true
CREATE_THIRD_PARTY_FILE=false
#
# =============================================================================
# INSTALL TOR PROXY: # INSTALL TOR PROXY:
# - sudo apt install tor # - sudo apt install tor
# e.g. https://linuxconfig.org/install-tor-proxy-on-ubuntu-20-04-linux # e.g. https://linuxconfig.org/install-tor-proxy-on-ubuntu-20-04-linux
@ -45,16 +33,19 @@ CREATE_THIRD_PARTY_FILE=false
# A) Check all files: # A) Check all files:
# bash audit.sh # bash audit.sh
# #
# B) Check only one library: # B) Check all files and use local Tor proxy (torsocks):
# Choose the folder name from /resources/, e.g. jquery # bash audit.sh -t
# bash audit.sh jquery
# #
# C) Check all files and replace in case of hash mismatch: # C) Check only one library:
# bash audit.sh replace
#
# D) Check only one library files and replace in case of hash mismatch:
# Choose the folder name from /resources/, e.g. jquery # Choose the folder name from /resources/, e.g. jquery
# bash audit.sh replace jquery # bash audit.sh -d jquery
#
# D) Check all files and replace in case of hash mismatch:
# bash audit.sh -r
#
# E) Check only one library files and replace in case of hash mismatch:
# Choose the folder name from /resources/, e.g. jquery
# bash audit.sh -rd jquery
# #
# ============================================================================= # =============================================================================
# WHICH FILES WILL BE CHECKED? # WHICH FILES WILL BE CHECKED?
@ -64,65 +55,31 @@ CREATE_THIRD_PARTY_FILE=false
# Exceptions: # Exceptions:
# /resources/*/note # /resources/*/note
# /resources/google-material-design-icons/google-material-design-icons.css # /resources/google-material-design-icons/google-material-design-icons.css
#
# ============================================================================= # =============================================================================
# PreCheck # WHY ARE THESE FILES EXCLUDED?
# google-material-design-icons.css This is a separate file so that the WOFF2
# file in this extension is used and not an
# external one.
#
# /resources/*/note These files contain notes if a file has
# been renamed.
# ============================================================================= # =============================================================================
if [[ "$USE_TOR" != true && "$USE_TOR" != false ]]; then
echo -e "ERROR: USE_TOR not set. Please select yes (true) or no (false)!"
read -r -p "Press enter to close..."; exit 1
fi
if [[ "$CREATE_THIRD_PARTY_FILE" != true && "$CREATE_THIRD_PARTY_FILE" != false ]]; then
echo -e "ERROR: CREATE_THIRD_PARTY_FILE not set. Please select yes (true) or no (false)!"
read -r -p "Press enter to close..."; exit 1
fi
if [ "$USE_TOR" = true ] && ! command -v torsocks &> /dev/null; then
echo "Command not found: torsocks"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v wget &> /dev/null; then
echo "Command not found: wget"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v sha512sum &> /dev/null; then
echo "Command not found: sha512sum"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v sed &> /dev/null; then
echo "Command not found: sed"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v cut &> /dev/null; then
echo "Command not found: cut"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v awk &> /dev/null; then
echo "Command not found: awk"
read -r -p "Press enter to close..."; exit 1
fi
# ============================================================================= # =============================================================================
# CDNs # CDNs
# ============================================================================= # =============================================================================
CLOUDFLARE="https://cdnjs.cloudflare.com/ajax/libs" readonly CLOUDFLARE="https://cdnjs.cloudflare.com/ajax/libs"
CLOUDFLARE_AJAX="https://ajax.cloudflare.com/cdn-cgi/scripts" readonly CLOUDFLARE_AJAX="https://ajax.cloudflare.com/cdn-cgi/scripts"
JSDELIVR="https://cdn.jsdelivr.net" readonly JSDELIVR="https://cdn.jsdelivr.net"
GITHUB="https://raw.githubusercontent.com" readonly GITHUB="https://raw.githubusercontent.com"
# ============================================================================= # =============================================================================
# GLOBALS # GLOBALS
# ============================================================================= # =============================================================================
REGEX_JS=".*\.jsm$" readonly REGEX_JS=".*\.jsm$"
COUNTER_ALL=0 COUNTER_ALL=0
COUNTER_HASH_FAILED=0 COUNTER_HASH_FAILED=0
COUNTER_CONNECT_FAILED=0 COUNTER_CONNECT_FAILED=0
@ -130,53 +87,109 @@ COUNTER_HASH_OK=0
COUNTER_SKIPPED=0 COUNTER_SKIPPED=0
LOCAL_HASH="" LOCAL_HASH=""
REMOTE_HASH="" REMOTE_HASH=""
REPLACE=false
FILES_FAILED="" FILES_FAILED=""
FILES_SKIPPED="" FILES_SKIPPED=""
FILES_NO_CONNECTION="" FILES_NO_CONNECTION=""
USE_TOR=false
CHECK="ALL"
REPLACE=false
CREATE_THIRD_PARTY_FILE=false
# ============================================================================= # =============================================================================
# FORMATTING # FORMATTING
# ============================================================================= # =============================================================================
RED='\033[0;31m' readonly RED='\033[0;31m'
GREEN='\033[0;32m' readonly GREEN='\033[0;32m'
YELLOW='\033[1;33m' readonly YELLOW='\033[1;33m'
NOCOLOR='\033[0m' readonly NOCOLOR='\033[0m'
BOLD=$(tput bold) readonly BOLD=$(tput bold)
NORMAL=$(tput sgr0) readonly NORMAL=$(tput sgr0)
DIVIDER=$(printf '%*s\n' 141 '' | tr ' ' "=") readonly DIVIDER=$(printf '%*s\n' 141 '' | tr ' ' "=")
# ============================================================================= # =============================================================================
# ARGUMENTS HANDLING # HELP
# ============================================================================= # =============================================================================
if [ "$1" = "replace" ] && [ "$2" = "" ]; then function help() {
REPLACE=true echo -e "Audit script to verify the integrity of the bundled resources.\n"
CHECK="ALL" echo -e "Usage:"
echo -e "CHECK: ALL" echo -e " bash audit.sh [options]"
echo -e "REPLACE: YES" echo -e " bash audit.sh [options] -d [resource]\n"
elif [ "$1" != "" ] && [ "$1" != "replace" ]; then echo -e "Example:"
CHECK=$1 echo -e " bash audit.sh"
echo -e "CHECK: $1" echo -e " bash audit.sh -tfr"
echo -e "REPLACE: NO" echo -e " bash audit.sh -tfrd jquery\n"
elif [ "$1" = "replace" ] && [ "$2" != "" ]; then echo -e "Options:"
REPLACE=true echo -e " -t Use local Tor proxy (torsocks)"
CHECK=$2 echo -e " -f Create THIRD_PARTY.txt file with all contacted URLs"
echo -e "CHECK: $2" echo -e " -r Replace in case of hash mismatch"
echo -e "REPLACE: YES" echo -e " -l List all resources"
else echo -e " -d Check only ONE resource, e.g. jquery"
CHECK="ALL" echo -e " 'bash audit.sh -d jquery'"
echo -e "CHECK: ALL" exit 0
echo -e "REPLACE: NO" }
fi
# =============================================================================
# LIST RESOURCES
# =============================================================================
function list_resources() {
echo -e "Usage:"
echo -e " bash audit.sh -d [resource]\n"
echo -e "Example:"
echo -e " bash audit.sh -d jquery"
echo -e " bash audit.sh -d angular-bootstrap-colorpicker\n"
echo -e "Resources:"
resources=()
while IFS= read -r -d $'\0'; do
resources+=( $(echo "$REPLY" | cut -d"/" -f3) )
done < <(find ../resources/ -maxdepth 1 -print0)
printf " %s\n" "${resources[@]}"
exit 0
}
# =============================================================================
# PreCheck
# =============================================================================
function pre_check() {
if [ "$USE_TOR" = true ] && ! command -v torsocks &> /dev/null; then
echo "Command not found: torsocks"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v wget &> /dev/null; then
echo "Command not found: wget"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v sha512sum &> /dev/null; then
echo "Command not found: sha512sum"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v sed &> /dev/null; then
echo "Command not found: sed"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v cut &> /dev/null; then
echo "Command not found: cut"
read -r -p "Press enter to close..."; exit 1
fi
if ! command -v awk &> /dev/null; then
echo "Command not found: awk"
read -r -p "Press enter to close..."; exit 1
fi
}
# ============================================================================= # =============================================================================
# CHECK RESOURCE # CHECK RESOURCE
# ============================================================================= # =============================================================================
function check_resource function check_resource() {
{
path=$1 path=$1
folder=$(echo -e "$path" | cut -d"/" -f3) folder=$(echo -e "$path" | cut -d"/" -f3)
@ -267,8 +280,7 @@ function check_resource
# ============================================================================= # =============================================================================
# CREATE URLs # CREATE URLs
# ============================================================================= # =============================================================================
function create_url function create_url() {
{
if [ "$folder" = "angular-stripe-checkout" ]; then if [ "$folder" = "angular-stripe-checkout" ]; then
url="$JSDELIVR/npm/angular-stripe-checkout@$version/angular-stripe-checkout.min.js" url="$JSDELIVR/npm/angular-stripe-checkout@$version/angular-stripe-checkout.min.js"
elif [ "$folder" = "ethjs" ]; then elif [ "$folder" = "ethjs" ]; then
@ -515,23 +527,44 @@ function create_url
# ============================================================================= # =============================================================================
# MAIN # MAIN
# ============================================================================= # =============================================================================
# Check if all used commands exist
pre_check
# Handle arguments
while getopts dfhlrt:: opt; do
case $opt in
d) CHECK="$OPTARG";;
f) CREATE_THIRD_PARTY_FILE=true;;
h) help;;
l) list_resources;;
r) REPLACE=true;;
t) USE_TOR=true;;
?) help;;
esac
done
array=() array=()
third_party=()
# Find files in /resource/ # Find files in /resource/
while IFS= read -r -d $'\0'; do while IFS= read -r -d $'\0'; do
array+=("$REPLY") array+=("$REPLY")
done < <(find ../resources/ -type f \( -iname "*.jsm" -or -iname "*.css" -or -iname "*.woff" -or -iname "*.woff2" \) ! -iname "fa-loader.css" ! -iname "google-material-design-icons.css" -print0) done < <(find ../resources/ -type f \( -iname "*.jsm" -or -iname "*.css" -or -iname "*.woff" -or -iname "*.woff2" \) ! -iname "fa-loader.css" ! -iname "google-material-design-icons.css" -print0)
third_party=()
for i in "${array[@]}"; do for i in "${array[@]}"; do
check_resource "$i" check_resource "$i"
done done
# remove temporary file
rm ./tmp 2> /dev/null rm ./tmp 2> /dev/null
IFS=$'\n' sorted=($(sort <<<"${third_party[*]}")) IFS=$'\n' sorted=($(sort <<<"${third_party[*]}"))
unset IFS unset IFS
# create THIRD_PARTY.txt
if [ "$CREATE_THIRD_PARTY_FILE" = true ]; then if [ "$CREATE_THIRD_PARTY_FILE" = true ]; then
printf "%s\n" "${sorted[@]}" > ../THIRD_PARTY.txt printf "%s\n" "${sorted[@]}" > ../THIRD_PARTY.txt
fi fi