1.9 KiB
1.9 KiB
Introduction
This script makes it possible for any user and extension reviewer to verify the integrity of the resources bundled. It compares all libraries with their original sources. Optionally, a local Tor proxy can be used. In total, there are over 1000 files in LocalCDN. This process can take between 5 and 15 minutes.
Prerequisites
- GNU/Linux (Debian, Ubuntu,...)
- Bash >= 4.4
- LocalCDN >= v2.6.3
- Local Tor SOCKS5 Proxy (optional, but recommended)
Tor Proxy
- Install Tor Proxy
sudo apt install tor- e.g. https://linuxconfig.org/install-tor-proxy-on-ubuntu-20-04-linux
- Check Tor
systemctl status tor@default.servicesystemctl status tor.service
How to start
Open up a terminal and cd into this directory. However you run the script, the output can be redirected to a file with > output.txt
Usage:
bash audit.sh [options]
bash audit.sh [options] -d [resource]
Example:
bash audit.sh
bash audit.sh -tfr
bash audit.sh -tfrd jquery
Options:
-t Use local Tor proxy (torsocks)
-f Create THIRD_PARTY.txt file with all contacted URLs
-r Replace in case of hash mismatch
-l List all resources
-d Check only ONE resource, e.g. jquery
'bash audit.sh -d jquery'
Examples
- Check all files:
bash audit.shbash audit.sh > output.txt
- Check only one library. Choose the folder name from
/resources/, e.g.jquery:bash audit.sh -d jquerybash audit.sh -d jquery > output.txt
- Check all files and replace in case of hash mismatch:
bash audit.sh -rbash audit.sh -r > output.txt
- Check only one library files and replace in case of hash mismatch. Choose the folder name from
/resources/, e.g.jquery:bash audit.sh -rd jquerybash audit.sh -rd jquery > output.txt
Required time
- direct without Tor proxy: ~5 minutes
- Tor proxy: ~15 minutes