From fdce138e1dd86f63f141cbd5ec6b670eeec68986 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Thu, 12 Aug 2021 22:24:24 +0200 Subject: [PATCH] policy: fix integrity when DEFAULT_ENCODING is set PR-URL: https://github.com/nodejs/node/pull/39750 Reviewed-By: Bradley Farias Reviewed-By: James M Snell --- lib/internal/policy/manifest.js | 6 ++-- .../crypto-default-encoding/.gitattributes | 1 + .../policy/crypto-default-encoding/dep.js | 3 ++ .../policy/crypto-default-encoding/parent.js | 4 +++ .../crypto-default-encoding/policy.json | 14 ++++++++ .../test-policy-crypto-default-encoding.js | 34 +++++++++++++++++++ 6 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 test/fixtures/policy/crypto-default-encoding/.gitattributes create mode 100644 test/fixtures/policy/crypto-default-encoding/dep.js create mode 100644 test/fixtures/policy/crypto-default-encoding/parent.js create mode 100644 test/fixtures/policy/crypto-default-encoding/policy.json create mode 100644 test/parallel/test-policy-crypto-default-encoding.js diff --git a/lib/internal/policy/manifest.js b/lib/internal/policy/manifest.js index c3ec82f596a509..a8420343db1a3c 100644 --- a/lib/internal/policy/manifest.js +++ b/lib/internal/policy/manifest.js @@ -501,8 +501,10 @@ class Manifest { value: expected } = integrityEntries[i]; const hash = createHash(algorithm); - HashUpdate(hash, content); - const digest = HashDigest(hash); + // TODO(tniessen): the content should not be passed as a string in the + // first place, see https://github.com/nodejs/node/issues/39707 + HashUpdate(hash, content, 'utf8'); + const digest = HashDigest(hash, 'buffer'); if (digest.length === expected.length && timingSafeEqual(digest, expected)) { return true; diff --git a/test/fixtures/policy/crypto-default-encoding/.gitattributes b/test/fixtures/policy/crypto-default-encoding/.gitattributes new file mode 100644 index 00000000000000..cbdcbbc258e6e7 --- /dev/null +++ b/test/fixtures/policy/crypto-default-encoding/.gitattributes @@ -0,0 +1 @@ +*.js text eol=lf diff --git a/test/fixtures/policy/crypto-default-encoding/dep.js b/test/fixtures/policy/crypto-default-encoding/dep.js new file mode 100644 index 00000000000000..d741da76db0076 --- /dev/null +++ b/test/fixtures/policy/crypto-default-encoding/dep.js @@ -0,0 +1,3 @@ +'use strict'; + +// No code. diff --git a/test/fixtures/policy/crypto-default-encoding/parent.js b/test/fixtures/policy/crypto-default-encoding/parent.js new file mode 100644 index 00000000000000..90ebde7e6535c0 --- /dev/null +++ b/test/fixtures/policy/crypto-default-encoding/parent.js @@ -0,0 +1,4 @@ +'use strict'; + +require('crypto').DEFAULT_ENCODING = process.env.DEFAULT_ENCODING; +require('./dep.js'); diff --git a/test/fixtures/policy/crypto-default-encoding/policy.json b/test/fixtures/policy/crypto-default-encoding/policy.json new file mode 100644 index 00000000000000..4cb485e1d9e2e4 --- /dev/null +++ b/test/fixtures/policy/crypto-default-encoding/policy.json @@ -0,0 +1,14 @@ +{ + "resources": { + "./parent.js": { + "integrity": "sha384-j4pMdq83q5Bq9+idcHuGKzi89FrYm1PhZYrEw3irbNob6g4i3vKBjfYiRNYwmoGr", + "dependencies": { + "crypto": true, + "./dep.js": true + } + }, + "./dep.js": { + "integrity": "sha384-VU7GIrTix/HFLhUb4yqsV4n1xXqjPcWw6kLvjuKXtR1+9nmufJu5vZLajBs8brIW" + } + } +} diff --git a/test/parallel/test-policy-crypto-default-encoding.js b/test/parallel/test-policy-crypto-default-encoding.js new file mode 100644 index 00000000000000..1f62b4d85a3c4f --- /dev/null +++ b/test/parallel/test-policy-crypto-default-encoding.js @@ -0,0 +1,34 @@ +'use strict'; + +const common = require('../common'); +if (!common.hasCrypto) + common.skip('missing crypto'); +common.requireNoPackageJSONAbove(); + +const fixtures = require('../common/fixtures'); + +const assert = require('assert'); +const { spawnSync } = require('child_process'); + +const encodings = ['buffer', 'utf8', 'utf16le', 'latin1', 'base64', 'hex']; + +for (const encoding of encodings) { + const dep = fixtures.path('policy', 'crypto-default-encoding', 'parent.js'); + const depPolicy = fixtures.path( + 'policy', + 'crypto-default-encoding', + 'policy.json'); + const { status } = spawnSync( + process.execPath, + [ + '--experimental-policy', depPolicy, dep, + ], + { + env: { + ...process.env, + DEFAULT_ENCODING: encoding + } + } + ); + assert.strictEqual(status, 0); +}