From 809c84d09ea87c3857fa171d42914586899d4538 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 15 Apr 2021 08:37:57 +1200 Subject: [PATCH] fix: backport regex change from 8.0.1 PR-URL: https://github.com/npm/ssri/pull/20 Credit: @G-Rath Close: #20 Reviewed-by: @nlf --- index.js | 2 +- test/parse.js | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/index.js b/index.js index daee85d..1f7a22e 100644 --- a/index.js +++ b/index.js @@ -8,7 +8,7 @@ const SPEC_ALGORITHMS = ['sha256', 'sha384', 'sha512'] const BASE64_REGEX = /^[a-z0-9+/]+(?:=?=?)$/i const SRI_REGEX = /^([^-]+)-([^?]+)([?\S*]*)$/ -const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)*$/ +const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)?$/ const VCHAR_REGEX = /^[\x21-\x7E]+$/ const SsriOpts = figgyPudding({ diff --git a/test/parse.js b/test/parse.js index 7a8164e..fc7e1a4 100644 --- a/test/parse.js +++ b/test/parse.js @@ -26,6 +26,34 @@ test('parses single-entry integrity string', t => { t.done() }) +test('parses options from integrity string', t => { + const sha = hash(TEST_DATA, 'sha512') + const integrity = `sha512-${sha}?one?two?three` + t.deepEqual(ssri.parse(integrity), { + sha512: [{ + source: integrity, + digest: sha, + algorithm: 'sha512', + options: ['one', 'two', 'three'] + }] + }, 'single entry parsed into full Integrity instance') + t.done() +}) + +test('parses options from integrity string in strict mode', t => { + const sha = hash(TEST_DATA, 'sha512') + const integrity = `sha512-${sha}?one?two?three` + t.deepEqual(ssri.parse(integrity, { strict: true }), { + sha512: [{ + source: integrity, + digest: sha, + algorithm: 'sha512', + options: ['one', 'two', 'three'] + }] + }, 'single entry parsed into full Integrity instance') + t.done() +}) + test('can parse single-entry string directly into Hash', t => { const sha = hash(TEST_DATA, 'sha512') const integrity = `sha512-${sha}`