ff8a1d01f2
|
||
|---|---|---|
| .. | ||
| README.md | ||
| audit.sh | ||
| screenshot_1.png | ||
| screenshot_2.png | ||
| screenshot_3.png | ||
README.md
Introduction
This script makes it possible for any user and extension reviewer to verify the integrity of the resources bundled. It compares all libraries with their original sources. Optionally, a local Tor proxy can be used. In total, there are over 1000 files in LocalCDN. This process can take between 5 and 15 minutes.
Prerequisites
- GNU/Linux (Debian, Ubuntu,...)
- Bash >= 4.4
- LocalCDN >= v2.6.3
- Local Tor SOCKS5 Proxy (optional, but recommended)
Settings
- Use local Tor Proxy
USE_TOR=trueslow (~ 15 minutes)USE_TOR=falsefast (~ 4 minutes)
- Generate the THIRD_PARTY.txt file. This file contains all source URLs that were used for the check.
CREATE_THIRD_PARTY_FILE=trueCREATE_THIRD_PARTY_FILE=false
Tor Proxy
- Install Tor Proxy
sudo apt install tor- e.g. https://linuxconfig.org/install-tor-proxy-on-ubuntu-20-04-linux
- Check Tor
systemctl status tor@default.servicesystemctl status tor.service
How to start
Open up a terminal and cd into this directory. However you run the script, the output can be redirected to a file with > output.txt
- Check all files:
bash audit.shbash audit.sh > output.txt
- Check only one library. Choose the folder name from
/resources/, e.g.jquery:bash audit.sh jquerybash audit.sh jquery > output.txt
- Check all files and replace in case of hash mismatch:
bash audit.sh replacebash audit.sh replace > output.txt
- Check only one library files and replace in case of hash mismatch. Choose the folder name from
/resources/, e.g.jquery:bash audit.sh replace jquerybash audit.sh replace jquery > output.txt