LocalCDN-Firefox-Chrome-Brave/audit
nobody 8422c2b24f
Updated: audit.sh
2021-03-31 07:15:54 +02:00
..
README.md Updated: audit.sh and README.md (#285) 2021-03-14 11:02:11 +01:00
audit.sh Updated: audit.sh 2021-03-31 07:15:54 +02:00

README.md

Introduction

This script makes it possible for any user and extension reviewer to verify the integrity of the resources bundled. It compares all libraries with their original sources. Optionally, a local Tor proxy can be used. In total, there are over 1000 files in LocalCDN. This process can take between 5 and 15 minutes.

Prerequisites

  • GNU/Linux (Debian, Ubuntu,...)
  • Bash >= 4.4
  • LocalCDN >= v2.6.3
  • Local Tor SOCKS5 Proxy (optional, but recommended)

Tor Proxy

How to start

Open up a terminal and cd into this directory. However you run the script, the output can be redirected to a file with > output.txt

Usage:
           bash audit.sh [options]
           bash audit.sh [options] -d [resource]

Example:
           bash audit.sh
           bash audit.sh -tfr
           bash audit.sh -tfrd jquery

Options:
  -t       Use local Tor proxy (torsocks)
  -f       Create THIRD_PARTY.txt file with all contacted URLs
  -r       Replace in case of hash mismatch
  -l       List all resources
  -d       Check only ONE resource, e.g. jquery
           'bash audit.sh -d jquery'

Examples

  • Check all files:
    • bash audit.sh
    • bash audit.sh > output.txt
  • Check only one library. Choose the folder name from /resources/, e.g. jquery:
    • bash audit.sh -d jquery
    • bash audit.sh -d jquery > output.txt
  • Check all files and replace in case of hash mismatch:
    • bash audit.sh -r
    • bash audit.sh -r > output.txt
  • Check only one library files and replace in case of hash mismatch. Choose the folder name from /resources/, e.g. jquery:
    • bash audit.sh -rd jquery
    • bash audit.sh -rd jquery > output.txt

Required time

  • direct without Tor proxy: ~5 minutes
  • Tor proxy: ~15 minutes