### Introduction
This script makes it possible for any user and extension reviewer to verify the integrity of the resources bundled. It compares all libraries with their original sources. Optionally, a local Tor proxy can be used. In total, there are over 1000 files in LocalCDN. This process can take between 5 and 15 minutes.

### Prerequisites
* GNU/Linux (Debian, Ubuntu,...)
* Bash >= 4.4
* LocalCDN >= v2.6.3
* Local Tor SOCKS5 Proxy (optional, but recommended)


### Settings
* Use local Tor Proxy
  * `USE_TOR=true` slow (~ 15 minutes)
  * `USE_TOR=false` fast (~ 4 minutes)
* Generate the THIRD_PARTY.txt file. This file contains all source URLs that were used for the check.
  * `CREATE_THIRD_PARTY_FILE=true`
  * `CREATE_THIRD_PARTY_FILE=false`


### Tor Proxy
* Install Tor Proxy
  * `sudo apt install tor`
  * e.g. https://linuxconfig.org/install-tor-proxy-on-ubuntu-20-04-linux
* Check Tor
  * `systemctl status tor@default.service`
  * `systemctl status tor.service`


### How to start
Open up a terminal and cd into this directory. However you run the script, the output can be redirected to a file with ` > output.txt`
* Check all files:
  * `bash audit.sh`
  * `bash audit.sh > output.txt`
* Check only one library. Choose the folder name from `/resources/`, e.g. `jquery`:
  * `bash audit.sh jquery`
  * `bash audit.sh jquery > output.txt`
* Check all files and replace in case of hash mismatch:
  * `bash audit.sh replace`
  * `bash audit.sh replace > output.txt`
* Check only one library files and replace in case of hash mismatch. Choose the folder name from `/resources/`, e.g. `jquery`:
  * `bash audit.sh replace jquery`
  * `bash audit.sh replace jquery > output.txt`