From b30dfdb00bb94ddc49a25a85a18fb27afafdfbb1 Mon Sep 17 00:00:00 2001 From: nlf Date: Wed, 7 Apr 2021 12:27:00 -0700 Subject: [PATCH] fix: backport regex change from 8.0.1 PR-URL: https://github.com/npm/ssri/pull/19 Credit: @nlf Close: #19 Reviewed-by: @wraithgar --- index.js | 2 +- test/parse.js | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/index.js b/index.js index e102892..673ed2a 100644 --- a/index.js +++ b/index.js @@ -8,7 +8,7 @@ const SPEC_ALGORITHMS = ['sha256', 'sha384', 'sha512'] const BASE64_REGEX = /^[a-z0-9+/]+(?:=?=?)$/i const SRI_REGEX = /^([^-]+)-([^?]+)([?\S*]*)$/ -const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)*$/ +const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)?$/ const VCHAR_REGEX = /^[\x21-\x7E]+$/ const SsriOpts = figgyPudding({ diff --git a/test/parse.js b/test/parse.js index cad5a88..77338d4 100644 --- a/test/parse.js +++ b/test/parse.js @@ -26,6 +26,34 @@ test('parses single-entry integrity string', t => { t.done() }) +test('parses options from integrity string', t => { + const sha = hash(TEST_DATA, 'sha512') + const integrity = `sha512-${sha}?one?two?three` + t.deepEqual(ssri.parse(integrity), { + sha512: [{ + source: integrity, + digest: sha, + algorithm: 'sha512', + options: ['one', 'two', 'three'] + }] + }, 'single entry parsed into full Integrity instance') + t.done() +}) + +test('parses options from integrity string in strict mode', t => { + const sha = hash(TEST_DATA, 'sha512') + const integrity = `sha512-${sha}?one?two?three` + t.deepEqual(ssri.parse(integrity, { strict: true }), { + sha512: [{ + source: integrity, + digest: sha, + algorithm: 'sha512', + options: ['one', 'two', 'three'] + }] + }, 'single entry parsed into full Integrity instance') + t.done() +}) + test('can parse single-entry string directly into Hash', t => { const sha = hash(TEST_DATA, 'sha512') const integrity = `sha512-${sha}`